cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

—\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G2 – GCE: Preference [User Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Désactivé )
G2 – GCE: Preference [User Data\Default] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (Désactivé )
G2 – GCE: Preference [User Data\Default] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (Activé )
G2 – GCE: Preference [User Data\Default] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (Activé)
G2 – GCE: Preference [User Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (Activé )
G2 – GCE: Preference [User Data\Default] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (Activé)
G2 – GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (Activé)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frevens Pro 12 v.1.26.15, (Activé)
G2 – GCE: Preference [User Data\Default] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (Activé)
G2 – GCE: Preference [User Data\Default] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (Activé)
G2 – EXT: C:\Users\Maylis\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter]

—\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P1,P2,M0,M1,M2)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp12765@crossrider.com] [] Savings Wave v2.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp2258@crossrider.com] [] I Want This v5.0.7.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings Wave\Savings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc – Services x86 BHO.) — C:\Program Files (x86)\Services x86\Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\Feven\Feven-bho.dll

—\\ Tâches planifiées en automatique (O39)
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\Users\Coolman\AppData\Local\Updater12765\Updater12765.exe [210312]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-chromeinstaller.job [1872]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-codedownloader.job [1176]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-enabler.job [1076]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-firefoxinstaller.job [1796]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-updater.job [1172]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1976]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1262]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-enabler.job [1162]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1900]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-updater.job [1356]
[MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe [464232]
[MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\Feven\Feven-codedownloader.exe [478568]
[MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\Feven\Feven-enabler.exe [345960]
[MD5.DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-firefoxinstaller.exe [725352]
[MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\Feven\Feven-updater.exe [364392]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-chromeinstaller.job [1296]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-codedownloader.job [1908]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-enabler.job [1832]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-firefoxinstaller.job [1200]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-updater.job [1100]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-codedownloader.job [1446]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-enabler.job [1346]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-firefoxinstaller.job [2506]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-updater.job [1492]

—\\ Logiciels installés (O42)
O42 – Logiciel: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Logiciel: Services x86 – (.Corporate Inc.) [HKLM][64Bits] — Services x86
O42 – Logiciel: video-high – (.videohq.) [HKLM] — video-high
O42 – Logiciel: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11

—\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Services x86]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Savings Wave]
[HKCU\Software\Cr_Installer]
[HKLM\Software\Shop-Up]
[HKCU\Software\video-high]

—\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-D C:\Users\Coolman\AppData\Local\Services x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-D C:\Users\Coolman\AppData\Local\Savings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-D C:\Users\Coolman\AppData\Local\Updater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-D C:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-D C:\Program Files\Shop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-D C:\Program Files\video-high
O43 – CFD: 2014-04-25 – 03:20:22 – [] —-D C:\Program Files (x86)\BetterDeals-11

—\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\chrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773]
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\firefox_266215028a0bf0cee2a4f5132062976d.ico [295606]

—\\ Search Browser Infection (O69)
O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(« extensions.crossrider.bic », « 13de1811d542bec9b2bf2643f3b612eb »);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(« extensions.crossriderapp12765.12765.InstallationThankYouPage », true);

—\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider

—\\ Scan Additionnel (O88 )
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11]
[HKLM\Software\Wow6432Node\Services x86]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Savings Wave]
[HKCU\Software\Cr_Installer]
[HKLM\Software\Classes\CrossriderApp0002258.BHO.1]
[HKLM\Software\Classes\CrossriderApp0002258.FBApi.1]
[HKLM\Software\Classes\CrossriderApp0002258.Sandbox.1]
[HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm]
[HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod
C:\Users\Coolman\AppData\Local\Services x86
C:\Users\Coolman\AppData\Local\Savings Wave
C:\Users\Coolman\AppData\Local\Updater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program Files\Shop-Up
C:\WINDOWS\tasks\Shop-Up-updater.job
C:\WINDOWS\tasks\Shop-Up-enabler.job
C:\WINDOWS\tasks\Shop-Up-chromeinstaller.job
C:\WINDOWS\tasks\Shop-Up-firefoxinstaller.job
C:\WINDOWS\tasks\Shop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-Up\Shop-Up-updater.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-enabler.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11

Publicité


Signaler le contenu de ce document

Publicité