cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par daniel (22/08/2015 20:17:33)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17905
MFIE: Mozilla Firefox 40.0.2 (Defaut)
GCIE: Google Chrome v44.0.2403.157

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : K7424
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1 Connected, 64-bit (Build 9600)

---\\ Logiciels de protection du système
Avast Free Antivirus v10.2.2218
McAfee Security Scan Plus v3.11.149.2
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 18 NPAPI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 55 Stepping 8, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3979 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 371 GB (87%) free of 425 GB

---\\ Mode de connexion au système
~ Computer Name: LENOVO-PC
~ User Name: daniel
~ All Users Names: HomeGroupUser$, daniel, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\daniel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\daniel\AppData\Roaming\
~ %Desktop% : C:\Users\daniel\Desktop\
~ %Favorites% : C:\Users\daniel\Favorites\
~ %LocalAppData% : C:\Users\daniel\AppData\Local\
~ %StartMenu% : C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 371 Go of 425 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 25 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.98C6A46E9E2822BF83196C2EAE43DBD4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/06/2015 - 22:16:12.) -- C:\Windows\System32\wininet.dll [2427392]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 10:54:52.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.02/09/2014 - 14:08:26.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.04/11/2014 - 07:54:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 10:54:55.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.6FBDF2B1B025A8E6E069234362FFFFB7] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/06/2015 - 04:12:25.) -- C:\Windows\system32\Drivers\MRxSmb.sys [401408]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 10:37:57.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/321
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/12
~ Mon Bureau (My Desktop) : 0/1126
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.466B45B1EF70373F1B121CC8888178F1] - (...) -- C:\Program Files\shopperz12082015\Tuejet.exe [433528] [PID.3996] =>PUP.Shopperz
[MD5.AB9990DB80EA3DAC0EAE50C906EF7ECA] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe [1693024] [PID.1140] =>P2P.BitTorrent
[MD5.420F0C1F39DEFA0E22985184F5E5B3AB] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680] [PID.4956]
[MD5.92B2CC464136BA72FF7E57DF98993ACA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.1992]
[MD5.22817081C475BA9506C34BBECC99279B] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344] [PID.4132]
[MD5.65C6AA484AD2287D20541C7735989437] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5515496] [PID.2612]
[MD5.74E325DE56A371C486FDC4A1F5D3FAA3] - (.Glarysoft Ltd - Glary Utilities 5.) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [889632] [PID.4572]
[MD5.CBB4882C7174EB1569A7826FCF32C106] - (.Pas de propriétaire - NotificationsViewHost.) -- C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe [462592] [PID.2556]
[MD5.32C99F6A825B3088AFD8ADA000BD61C1] - (...) -- C:\Users\daniel\AppData\Local\Temp\nsiD5A3.tmp [123471] [PID.2260]
[MD5.3B94EFA1346A425E386B76F977ED6988] - (...) -- C:\Users\daniel\AppData\Local\Temp\setup_v20_ra.exe [155077] [PID.6040]
[MD5.62FEF26E9C2C2C12436380FE4A855873] - (...) -- C:\Users\daniel\AppData\Local\gmsd_fr_005010067\upgmsd_fr_005010067.exe [3333264] [PID.3684] =>PUP.CrossRider
[MD5.81339954416A93A71DF1CFAAFB1EF0B5] - (...) -- C:\Program Files (x86)\gmsd_fr_005010067\gmsd_fr_005010067.exe [3978896] [PID.3684] =>PUP.CrossRider
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.6296]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [daniel - l7yo0ywm.default] elemhidehelper@adblockplus.org.xpi
P2 - FPN: [HKLM] [@iqiyi.com/npclient] - (...) -- C:\IQIYI Video\LStyle\npclient.dll (.not file.)
P2 - FPN: [HKLM] [@iqiyi.com/npWebPlayer] - (...) -- C:\IQIYI Video\LStyle\npWebPlayer.dll (.not file.)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
~ Nombre lignes détournées 1/23 (Hosts file redirected)
~ Hosts File: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [daniel]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [daniel]: AnyProtect.lnk . (.AnyProtect.com - AnyProtect.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe =>PUP.AnyProtect
O4 - GS\Desktop [daniel]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [BtServer] . (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) -- C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
O4 - HKLM\..\Run: [RtsFT] . (.Realtek semiconductor - RTFTrack.) -- C:\Windows\RTFTrack.exe
O4 - HKLM\..\Run: [shopperz12082015] . (...) -- C:\Program Files\shopperz12082015\Tuejet.exe =>PUP.Shopperz
O4 - HKLM\..\Run: [shopperz1208201564] . (...) -- C:\Program Files\shopperz12082015\Tuejet64.exe =>PUP.Shopperz
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKCU\..\Run: [PeerBlock] . (.PeerBlock, LLC - PeerBlock.) -- C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D09E27F1F3B4F575C54644A707D49552] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [mbot_fr_014010044] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [rec_fr_57] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [mbot_fr_014010066] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_005010066] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_005010067] . (...) -- C:\Program Files (x86)\gmsd_fr_005010067\gmsd_fr_005010067.exe =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_fr_005010067.exe] . (...) -- C:\Users\daniel\AppData\Local\gmsd_fr_005010067\upgmsd_fr_005010067.exe =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\RunOnce: [Update] C:\Users\daniel\AppData\Roaming\ASPackage\ASPackage.exe (.not file.) =>PUP.ASPackage
O4 - HKUS\S-1-5-21-1718943188-3783081154-181351264-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1718943188-3783081154-181351264-1001\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKUS\S-1-5-21-1718943188-3783081154-181351264-1001\..\Run: [PeerBlock] . (.PeerBlock, LLC - PeerBlock.) -- C:\Program Files\PeerBlock\peerblock.exe
O4 - HKUS\S-1-5-21-1718943188-3783081154-181351264-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1718943188-3783081154-181351264-1001\..\Run: [GoogleChromeAutoLaunch_D09E27F1F3B4F575C54644A707D49552] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E344522-21AD-499E-A7B8-BD982359E098}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{26BE7014-D9B2-4F56-B450-E3E24A726CF9}: DhcpNameServer = 150.207.1.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E344522-21AD-499E-A7B8-BD982359E098}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{26BE7014-D9B2-4F56-B450-E3E24A726CF9}: DhcpDomain = 150.207.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E344522-21AD-499E-A7B8-BD982359E098}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{26BE7014-D9B2-4F56-B450-E3E24A726CF9}: DhcpNameServer = 150.207.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E344522-21AD-499E-A7B8-BD982359E098}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{26BE7014-D9B2-4F56-B450-E3E24A726CF9}: DhcpDomain = 150.207.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\LENOVO~1\LENOVO~1\bin\SPVC64~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BTDevManager (BTDevManager) . (.Pas de propriétaire - Realtek Bluetooth BTDevManager Service Appl.) - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Field Data Storage (fimevebo) . (...) - C:\Program Files (x86)\F4F6EEAE-1440183341-11E4-B57F-68F728445E11\hnsgC59B.tmp
O23 - Service: Cool Barcode (jimocoso) . (...) - C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11\jnse5705.tmp
O23 - Service: shopperz12082015 Updater (shopperz12082015 Updater) . (...) - C:\Program Files\shopperz12082015\Ideie.exe =>PUP.Shopperz
O23 - Service: VeriFaceSrv (VeriFaceSrv) . (...) - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
O23 - Service: Request Margin (vyqenugy) . (...) - C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11\knscD3FB.tmp
O23 - Service: External Hard Drive Megabyte (vytipily) . (...) - C:\Program Files (x86)\F4F6EEAE-1440183341-11E4-B57F-68F728445E11\knslA52A.tmp
O23 - Service: Connectivity Port (wytocuke) . (...) - C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11\hnsy6E29.tmp
~ Services: 22 Legitimates Filtered in 00mn 27s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.3A1D89B89C9D62951957F0839578DD9B] [APT] [0ARMCmWhlbBae8WrStwHhjYMA] (...) -- C:\Users\daniel\AppData\Roaming\0ARMCmWhlbBae8WrStwHhjYMA.exe [1579520]
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP1] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP2] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP3] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [Bidaily Synchronize Task[pr]] (...) -- c:\programdata\{be122417-c894-4243-be12-22417c89905f}\ccgen exe.exe (.not file.) [0] =>PUP.BidailySync
[MD5.00000000000000000000000000000000] [APT] [cfr3011] (...) -- C:\Program Files (x86)\FASTSE~1\cfr3011.exe (.not file.) [0]
[MD5.3FC0CB3DA9AB0E8F677B25A866A54753] [APT] [FB5B040C-6CCF-4D70-8991-E5CA2E4B519] (...) -- C:\Users\daniel\AppData\Local\FB5B040C-6CCF-4D70-8991-E5CA2E4B519\FB5B040C-6CCF-4D70-8991-E5CA2E4B519.exe [1979976] =>Adware.Pirrit
[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [Jarmeee] (...) -- C:\Program Files\shopperz12082015\Hvnkaufcv.bat" [75] =>PUP.Shopperz
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [APT] [kOKpt6VGDta2JnOAmX] (...) -- C:\Users\daniel\AppData\Roaming\kOKpt6VGDta2JnOAmX.exe [1246720]
O39 - APT: 0ARMCmWhlbBae8WrStwHhjYMA - (...) -- C:\Windows\Tasks\0ARMCmWhlbBae8WrStwHhjYMA.job [1046]
O39 - APT: 0ARMCmWhlbBae8WrStwHhjYMA - (...) -- C:\Windows\System32\Tasks\0ARMCmWhlbBae8WrStwHhjYMA [1046]
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-1-6.job [3146]
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-1-7.job [3146]
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-4.job [4502] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-5.job [2454] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-5_user.job [2454] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-6.job [5526] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-7.job [5526] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-1-6.job [3466]
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-1-7.job [3810]
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-4.job [4486] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-5.job [2782] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-5_user.job [2782] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-6.job [6198] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-7.job [5854] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5d227fb0-86e1-4dca-9da3-83c1315ccc45-10_user.job [2134]
O39 - APT: - (..) -- C:\Windows\Tasks\5d227fb0-86e1-4dca-9da3-83c1315ccc45-5.job [2468] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5d227fb0-86e1-4dca-9da3-83c1315ccc45-5_user.job [2468] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
O39 - APT: Bidaily Synchronize Task[pr] - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[pr].job [354] =>PUP.BidailySync
O39 - APT: Bidaily Synchronize Task[pr] - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr] [354] =>PUP.BidailySync
O39 - APT: - (..) -- C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-1-6.job [3160]
O39 - APT: - (..) -- C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-1-7.job [3496]
O39 - APT: - (..) -- C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-10_user.job [2134]
O39 - APT: - (..) -- C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-4.job [4516] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-5.job [2468] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-5_user.job [2468] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [932] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [936] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
O39 - APT: kOKpt6VGDta2JnOAmX - (...) -- C:\Windows\Tasks\kOKpt6VGDta2JnOAmX.job [1032]
O39 - APT: kOKpt6VGDta2JnOAmX - (...) -- C:\Windows\System32\Tasks\kOKpt6VGDta2JnOAmX [1032]
O39 - APT: - (..) -- C:\Windows\Tasks\MAXDriverUpdater_UPDATES.job [306]
O39 - APT: - (..) -- C:\Windows\Tasks\WordSurfer Auto Updater 1.10.0.19 Core.job [490]
~ Scheduled Task: 56 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: AnyProtect - (.CMI Limited.) [HKLM][64Bits] -- AnyProtect =>PUP.CMILimited
O42 - Logiciel: Credit Card Verifier 1.3.1.0 - (.Retro Software Designs.) [HKLM][64Bits] -- Credit Card Verifier_is1
O42 - Logiciel: EtherDetect Packet Sniffer v1.4 - (.EtherDetect.) [HKLM][64Bits] -- EtherDetect Packet Sniffer v1.4
~ Logic: 28 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\0ARMCmWhlbBae8WrStwHhjYMA]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\Cinema_Plus-1.2V28.07-nv-ie] =>PUP.CrossRider
[HKCU\Software\Cinema_Plus-1.2V28.07]
[HKCU\Software\Clubic]
[HKCU\Software\EasyPlus]
[HKCU\Software\EffeTech]
[HKCU\Software\GoldenGate]
[HKCU\Software\InstallPath]
[HKCU\Software\Object Browser-nv-ie] =>PUP.CrossRider
[HKCU\Software\Object Browser-nv] =>PUP.ObjectBrowser
[HKCU\Software\PPStream]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider
[HKCU\Software\iWebar-nv] =>PUP.CrossRider
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\PartnerShared]
[HKLM\Software\WajaInternetEn]
[HKLM\Software\Wow6432Node\Cinema_Plus-1.2V28.07-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Object Browser-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Object Browser-nv] =>PUP.ObjectBrowser
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\iWebar-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\iWebar-nv] =>PUP.CrossRider
~ Key Software: 265 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/08/2015 - 16:25:50 - [] ----D C:\Program Files (x86)\a4f7a479-7dec-468a-87e4-c6d2eef68b5b
O43 - CFD: 22/08/2015 - 16:45:11 - [] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 21/08/2015 - 16:40:13 - [] ----D C:\Program Files (x86)\baidu
O43 - CFD: 24/05/2015 - 15:41:33 - [] ----D C:\Program Files (x86)\CCVerify
O43 - CFD: 24/05/2015 - 16:47:59 - [] ----D C:\Program Files (x86)\Clipboard Sync
O43 - CFD: 11/06/2015 - 19:07:18 - [] ----D C:\Program Files (x86)\EtherDetect
O43 - CFD: 22/08/2015 - 18:54:50 - [] ----D C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11
O43 - CFD: 22/08/2015 - 18:54:55 - [] ----D C:\Program Files (x86)\F4F6EEAE-1440183341-11E4-B57F-68F728445E11
O43 - CFD: 21/08/2015 - 16:26:40 - [] ----D C:\Program Files (x86)\f603a7e0-dabc-4744-aa04-2e3b08a3fff6
O43 - CFD: 22/08/2015 - 16:40:39 - [] ----D C:\Program Files (x86)\gmsd_fr_005010067 =>PUP.CrossRider
O43 - CFD: 21/08/2015 - 16:50:48 - [] ----D C:\Program Files (x86)\MiniLite
O43 - CFD: 09/12/2014 - 14:10:35 - [0] ----D C:\Program Files (x86)\New Folder
O43 - CFD: 24/05/2015 - 16:47:59 - [] ----D C:\ProgramData\14650366850879842073
O43 - CFD: 09/12/2014 - 14:16:47 - [] ----D C:\ProgramData\Energy Manager
O43 - CFD: 21/08/2015 - 20:49:18 - [] ----D C:\ProgramData\Johsuuulfe
O43 - CFD: 29/07/2015 - 23:54:01 - [] ----D C:\ProgramData\LU
O43 - CFD: 29/07/2015 - 20:35:18 - [0] ----D C:\ProgramData\Office2013
O43 - CFD: 21/08/2015 - 20:53:29 - [] ----D C:\ProgramData\uHQcHQE
O43 - CFD: 21/08/2015 - 23:13:29 - [] ----D C:\ProgramData\update
O43 - CFD: 24/05/2015 - 15:41:33 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Credit Card Verifier
O43 - CFD: 11/06/2015 - 19:06:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EtherDetect
O43 - CFD: 18/03/2014 - 11:38:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22/07/2015 - 13:38:44 - [0] ----D C:\Users\daniel\AppData\Roaming\0V1L2Z2Z1T1I1L1T =>Adware.InstallCore
O43 - CFD: 22/08/2015 - 16:41:54 - [] -SH-D C:\Users\daniel\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 20/07/2015 - 16:46:34 - [] --H-D C:\Users\daniel\AppData\Roaming\GoldenGate
O43 - CFD: 15/07/2015 - 16:26:05 - [0] -SH-D C:\Users\daniel\AppData\Local\EmieBrowserModeList
O43 - CFD: 29/07/2015 - 00:06:40 - [] ----D C:\Users\daniel\AppData\Local\FB5B040C-6CCF-4D70-8991-E5CA2E4B519
O43 - CFD: 22/08/2015 - 16:45:14 - [] ----D C:\Users\daniel\AppData\Local\gmsd_fr_005010067 =>PUP.CrossRider
O43 - CFD: 11/06/2015 - 12:47:02 - [] ----D C:\Users\daniel\AppData\Local\GWX
O43 - CFD: 21/08/2015 - 16:23:29 - [] ----D C:\Users\daniel\AppData\Local\Installer
O43 - CFD: 22/08/2015 - 19:04:51 - [] ----D C:\Users\daniel\AppData\Local\TVTime
O43 - CFD: 22/08/2015 - 16:45:11 - [] ----D C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect
~ Program Folder: 203 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.AF6C9D69E608A6818B28455F5F1F18F6] - 12/08/2015 - 09:45:42 ---A- . (...) -- C:\Windows\System32\Uiviuuj64.dll [353608]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/08/2015 - 15:05:50 ---A- . (...) -- C:\Windows\hgfs.sys [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/08/2015 - 15:05:50 ---A- . (...) -- C:\Windows\prleth.sys [0]
O44 - LFC:[MD5.72E7D53B5F021B7EEB39F0F2D7608D2E] - 21/08/2015 - 15:26:18 ---A- . (...) -- C:\task.vbs [801]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/08/2015 - 15:40:05 ---A- . (...) -- C:\dummy.htm [0]
O44 - LFC:[MD5.6BF36477D6E7D9F7A4832DE5C3D6B52E] - 21/08/2015 - 17:16:34 ---A- . (...) -- C:\Windows\System32\UiviuujOff.ini [2528]
O44 - LFC:[MD5.E47A844AC4B2A85B1E4EAE78C6E40FD9] - 21/08/2015 - 22:56:24 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [180]
O44 - LFC:[MD5.0DA3FBC2ECE10BF259F3F4F2FE08FE86] - 22/08/2015 - 13:20:42 ---A- . (.Cherimoya Ltd - Cherimoya Ltd.) -- C:\Windows\System32\Drivers\cherimoya.sys [61336]
O44 - LFC:[MD5.9CAB01E46D49F8E8C7167CA964FD681C] - 22/08/2015 - 13:23:59 ---A- . (...) -- C:\Windows\System32\Drivers\bsdriver.sys [34712]
O44 - LFC:[MD5.A3C1EA6A2CA07075C0E0DE1D99F5CD39] - 22/08/2015 - 14:43:02 ----- . (...) -- C:\bootsqm.dat [6352]
O44 - LFC:[MD5.410F0448F263B5C85D4E698CAA40874E] - 22/08/2015 - 15:07:34 ---A- . (...) -- C:\Windows\System32\VfService.trf [2560]
~ Files: 27 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.B5E87422A8A2D551DB12EDAB8F1D2B77] - 22/08/2015 - 15:49:34 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-7064871B.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.3A062884BC35D0E2BD831C6E0783B61C] - 21/08/2015 - 15:16:42 ---A- - C:\Windows\Prefetch\BOXORE.EXE-A21182E0.pf =>Adware.Boxore
O45 - LFCP:[MD5.93AECAE1BF9564B82BF63001ABC7B8A4] - 21/08/2015 - 15:08:49 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-4B6442B4.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.A0DA8A3BBD853915A00EA98E5D187DCA] - 21/08/2015 - 15:34:46 ---A- - C:\Windows\Prefetch\CINEMAPLUS-3.3C_NOTIFICATION_-CC49E5C0.pf =>PUP.CrossRider
O45 - LFCP:[MD5.918C6027D152E177FC1FEA5D458ABACF] - 22/08/2015 - 15:40:50 ---A- - C:\Windows\Prefetch\GMSD_FR_005010067.EXE-F5267D10.pf =>PUP.CrossRider
O45 - LFCP:[MD5.1E5806B1907B86EA38C0B58C2937263B] - 22/08/2015 - 13:30:37 ---A- - C:\Windows\Prefetch\PREDM.EXE-9672AB44.pf =>Adware.Downware
O45 - LFCP:[MD5.984853A26B0F333D0F396E2C85F04DB2] - 21/08/2015 - 15:45:20 ---A- - C:\Windows\Prefetch\PREDM.TMP-04F17A41.pf =>Adware.Downware
O45 - LFCP:[MD5.D3CF44178C927CEE9E98C8A13D307F98] - 21/08/2015 - 15:41:31 ---A- - C:\Windows\Prefetch\PREDM.TMP-36CE14C5.pf =>Adware.Downware
O45 - LFCP:[MD5.6300FE1B423901567A9C015A357CAEBF] - 22/08/2015 - 13:30:38 ---A- - C:\Windows\Prefetch\PREDM.TMP-41E2B89A.pf =>Adware.Downware
O45 - LFCP:[MD5.E30733CB52C1BDB76447C65F6D4AF655] - 21/08/2015 - 15:39:27 ---A- - C:\Windows\Prefetch\PREDM.TMP-B8F42E5F.pf =>Adware.Downware
O45 - LFCP:[MD5.54F574BEC8052D92BC651EAFFE667A6B] - 21/08/2015 - 16:04:03 ---A- - C:\Windows\Prefetch\PREDM.TMP-D525B169.pf =>Adware.Downware
O45 - LFCP:[MD5.1BDD68465E6A048F8C1097DF844D86FF] - 21/08/2015 - 20:04:49 ---A- - C:\Windows\Prefetch\UPGMSD_FR_005010066.EXE-9D301522.pf =>PUP.CrossRider
O45 - LFCP:[MD5.E4DC8BE59453A7B215530B4DB35DA81A] - 22/08/2015 - 15:43:51 ---A- - C:\Windows\Prefetch\UPGMSD_FR_005010067.EXE-88759A0C.pf =>PUP.CrossRider
O45 - LFCP:[MD5.855DF5F3454A8A5A24995BC147A902F6] - 21/08/2015 - 15:09:44 ---A- - C:\Windows\Prefetch\UPMBOT_FR_014010066.EXE-FCF9E9C8.pf =>PUP.CrossRider
O45 - LFCP:[MD5.80C74401241D947B81E9E431BE2CE206] - 22/08/2015 - 15:08:43 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-7B5C877B.pf =>P2P.µTorrent
~ Prefetcher: 15 Legitimates Filtered in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:19/05/2015 - 11:16:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29168] =>.ALWIL Software
O58 - SDL:19/05/2015 - 11:16:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65736] =>.ALWIL Software
O58 - SDL:19/05/2015 - 11:16:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [272248] =>.ALWIL Software
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:22/08/2015 - 13:23:59 ---A- . (...) -- C:\Windows\System32\Drivers\bsdriver.sys [34712]
O58 - SDL:18/06/2015 - 11:08:44 ---A- . (.Cherimoya Ltd - Cherimoya Ltd.) -- C:\Windows\System32\Drivers\cherimoya.sys [61336]
O58 - SDL:23/04/2015 - 14:10:05 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696]
O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 60 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin [269992]
O61 - LFC: 21/08/2015 - 20:18:42 ---A- . (...) -- C:\Users\daniel\AppData\Local\Installer\Install_15730\DCYTDownloader.exe [1446912] =>PUP.YTDownloader
O61 - LFC: 21/08/2015 - 20:18:42 ---A- . (...) -- C:\Users\daniel\AppData\Local\gmsd_fr_005010067\upgmsd_fr_005010067.exe [3333264] =>PUP.CrossRider
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe [1733632]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll [718072]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\libevent_core-2-0-5.dll [416614]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\libevent_extra-2-0-5.dll [411369]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll [523262]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\libgmp-10.dll [829335]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll [92599]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\tor.exe [2034176]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll [107520]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\tor\Tor Browser\Browser\libssp-0.dll [92599]
O61 - LFC: 21/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Downloads\Firefox Setup Stub 40.0.2.exe [242976]
O61 - LFC: 22/08/2015 - 20:18:42 ---A- . (...) -- C:\Users\daniel\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 22/08/2015 - 20:18:42 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\2KJ50NQZ\bxwr[1].exe [66262]
O61 - LFC: 22/08/2015 - 20:18:42 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\2KJ50NQZ\setup_gmsd_fr[1].exe [5793424]
O61 - LFC: 22/08/2015 - 20:18:42 ---A- . (...) -- C:\Users\daniel\AppData\Local\gmsd_fr_005010067\Download\myoffergroup_fr.exe [4247552] =>PUP.CrossRider
O61 - LFC: 22/08/2015 - 20:18:42 ---A- . (.AnyProtect.com.) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EXC8S8E8\AnyProtect[1].exe [6434816] =>PUP.AnyProtect
O61 - LFC: 22/08/2015 - 20:18:42 ---A- . (.CMI Limited.) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\2KJ50NQZ\AnyProtectSetup[1].exe [613255] =>PUP.CMILimited
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EXC8S8E8\FinalInstaller_dotnet4[1].exe [3001344]
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EXC8S8E8\Validate[1].exe [61981]
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EXC8S8E8\setup_362[1].exe [254464]
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EYPAFZA9\VuuPC_VO2_8907[1].exe [230007] =>PUP.VuuPC
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EYPAFZA9\cmmdWriter[1].exe [0]
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\EYPAFZA9\policyname[1].exe [55963]
O61 - LFC: 22/08/2015 - 20:18:43 ---A- . (...) -- C:\Users\daniel\AppData\Local\Microsoft\Windows\INetCache\IE\YU7RGQ96\setup_v20[1].exe [123471]
O61 - LFC: 22/08/2015 - 20:18:46 ---A- . (...) -- C:\Users\daniel\Desktop\AdwCleaner-5.003.exe [1605632]
O61 - LFC: 22/08/2015 - 20:18:47 ---A- . (...) -- C:\Users\daniel\Downloads\ZHPDiag3-2015.8.20.122.exe [1895424] =>.Nicolas Coolman
~ 558 Fichiers temporaires (Temporary files)
~ Files: 251 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Launcher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (oursurfing) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {4891F32F-1A08-46C9-859D-3AE8199C3320} - () - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {4AF3E9A3-81AB-4D3B-9A8A-DB64F2DB30D8} - (Bing.com) - http://www.trovi.com =>Hijacker.TroviCom
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.oursurfing.com =>Hijacker.OurSurfing
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\daniel\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Keygen.exe.log =>.Crack,Keygen
C:\Users\daniel\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Keygen.exe.log =>.Crack,Keygen
~ Files: Scanned in 01mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\daniel\AppData\Roaming\0ARMCmWhlbBae8WrStwHhjYMA.exe [1579520]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\daniel\AppData\Roaming\kOKpt6VGDta2JnOAmX.exe [1246720]
[MD5.1017D82D1739BEF94DA5084614E088D7] [SPRF][31/07/2015] (.Systems - Systemss.) -- C:\Users\daniel\AppData\Roaming\Systemup.exe [98816]
[MD5.7E584580AE57FA86520F59343BF9A270] [SPRF][22/08/2015] (.Pas de propriétaire - AdwCleaner.) -- C:\Users\daniel\Desktop\AdwCleaner-5.003.exe [1605632]
[MD5.B6129700128E27EB7B235710CC4B2492] [SPRF][26/08/2014] (.www.moofdev.net - Ratio Master.) -- C:\Users\daniel\Desktop\RM.exe [278528]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{AE24A52E-90C2-4EC6-B4CD-B835F4594221}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{E12CC0AF-CAF1-429D-9A80-41CB6766C608}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/08/2015 269000 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/03/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 01/08/2015 144200 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/08/2015 144200 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 01/07/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
SS - | Demand 26/06/2015 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
SS - | Demand 13/08/2015 149160 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 25/06/2015 327296 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 09/12/2014 67856 | (VeriFaceSrv) . (...) - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
SS - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/05/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 22/01/2014 84992 | (BTDevManager) . (...) - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
SR - | Auto 25/07/2013 206552 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 21/08/2015 137728 | (fimevebo) . (...) - C:\Program Files (x86)\F4F6EEAE-1440183341-11E4-B57F-68F728445E11\hnsgC59B.tmp
SR - | Auto 12/03/2014 282096 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 01/07/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
SR - | Auto 21/08/2015 227328 | (jimocoso) . (...) - C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11\jnse5705.tmp
SR - | Auto 06/03/2015 584632 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
SR - | Auto 09/12/2014 198192 | (LenovoWiFiHotspotSvr) . (.Lenovo(beijing) Limited.) - C:\Windows\System32\LenovoWiFiHotspotSvr.exe
SR - | Auto 17/02/2014 38896 | (LUService) . (.Lenovo(beijing) Limited.) - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
SR - | Auto 21/08/2015 2731488 | (MvNEERYfBJp) . (.Ratio Applications.) - C:\ProgramData\uHQcHQE\MvNEERYfBJp.exe
SR - | Auto 12/12/2013 230920 | (NitroDriverReadSpool9) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
SR - | Auto 12/12/2013 69640 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\WINDOWS\SysWOW64\NLSSRV32.exe
SR - | Auto 24/04/2012 390632 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
SR - | Auto 22/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 12/08/2015 174968 | (shopperz12082015 Updater) . (...) - C:\Program Files\shopperz12082015\Ideie.exe =>PUP.Shopperz
SR - | Auto 22/08/2015 328704 | (vyqenugy) . (...) - C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11\knscD3FB.tmp
SR - | Auto 22/08/2015 314880 | (vytipily) . (...) - C:\Program Files (x86)\F4F6EEAE-1440183341-11E4-B57F-68F728445E11\knslA52A.tmp
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/08/2015 137728 | (wytocuke) . (...) - C:\Program Files (x86)\F4F6EEAE-1440166151-11E4-B57F-68F728445E11\hnsy6E29.tmp
~ Services: Scanned in 00mn 20s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by daniel at 22/08/2015 20:20:19
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by daniel at 22/08/2015 20:20:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 45

[HKLM\SYSTEM\CurrentControlSet\Services\shopperz12082015 Updater] =>PUP.Shopperz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect] =>PUP.CMILimited^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:shopperz12082015 =>PUP.Shopperz^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upgmsd_fr_005010067.exe =>PUP.CrossRider^
C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^
C:\Program Files (x86)\gmsd_fr_005010067 =>PUP.CrossRider^
C:\Users\daniel\AppData\Roaming\0V1L2Z2Z1T1I1L1T =>Adware.InstallCore^
C:\Users\daniel\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\daniel\AppData\Local\gmsd_fr_005010067 =>PUP.CrossRider^
C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\daniel\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\daniel\AppData\Local\Software =>Adware.Boxore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files\shopperz12082015\Tuejet.exe =>PUP.Shopperz^
C:\Users\daniel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Users\daniel\AppData\Local\gmsd_fr_005010067\upgmsd_fr_005010067.exe =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_005010067\gmsd_fr_005010067.exe =>PUP.CrossRider^
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe =>PUP.AnyProtect^
C:\Users\daniel\AppData\Local\FB5B040C-6CCF-4D70-8991-E5CA2E4B519\FB5B040C-6CCF-4D70-8991-E5CA2E4B519.exe =>Adware.Pirrit^
C:\Program Files\shopperz12082015\Hvnkaufcv.bat" =>PUP.Shopperz^
C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-4.job =>PUP.CrossRider^
C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-5.job =>PUP.CrossRider^
C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-6.job =>PUP.CrossRider^
C:\Windows\Tasks\48d3f0f2-97b7-430d-8042-e426aa67ee79-7.job =>PUP.CrossRider^
C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-4.job =>PUP.CrossRider^
C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-5.job =>PUP.CrossRider^
C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-6.job =>PUP.CrossRider^
C:\Windows\Tasks\5b346b47-f2d7-4c8e-a307-23c7312aa40a-7.job =>PUP.CrossRider^
C:\Windows\Tasks\5d227fb0-86e1-4dca-9da3-83c1315ccc45-5.job =>PUP.CrossRider^
C:\Windows\Tasks\5d227fb0-86e1-4dca-9da3-83c1315ccc45-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
C:\Windows\System32\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-4.job =>PUP.CrossRider^
C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-5.job =>PUP.CrossRider^
C:\Windows\Tasks\c69f8e6e-10f4-478c-a72b-8189aacf3a6f-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\Cinema_Plus-1.2V28.07-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Object Browser-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Object Browser-nv] =>PUP.ObjectBrowser^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider^
[HKCU\Software\iWebar-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Cinema_Plus-1.2V28.07-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Object Browser-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Object Browser-nv] =>PUP.ObjectBrowser^
[HKLM\Software\Wow6432Node\iWebar-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\iWebar-nv] =>PUP.CrossRider^
~ Additionnel Scan: 209732 Items scanned in 00mn 35s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://www.nicolascoolman.fr/blog/ =>PUP.Shopperz
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.ASPackage
http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.CMILimited
http://nicolascoolman.fr/pup-objectbrowser =>PUP.ObjectBrowser
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://nicolascoolman.fr/pup-vuupc =>PUP.VuuPC
http://www.nicolascoolman.fr/blog/ =>Hijacker.OurSurfing
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia
~ MSI: 22 link(s) detected in 00mn 00s



~ 1003 Legitimates filtered by white list
End of the scan (711 lines in 03mn 25s)(2.10)

Publicité


Signaler le contenu de ce document

Publicité