Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2015.4.25.42 - Nicolas Coolman (2015-04-25)
~ Lancé par paulo (2015-04-27 16:57:37)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.1
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : MWMQ6
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)
---\\ Logiciels de protection du système
Spybot - Search & Destroy v2.3.39
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.00
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3909 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 313 GB (69%) free of 448 GB
---\\ Mode de connexion au système
~ Computer Name: PAULOPORTABLE
~ User Name: paulo
~ All Users Names: paulo, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\paulo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\paulo\AppData\Roaming\
~ %Desktop% : C:\Users\paulo\Desktop\
~ %Favorites% : C:\Users\paulo\Favorites\
~ %LocalAppData% : C:\Users\paulo\AppData\Local\
~ %StartMenu% : C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 313 Go of 448 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.2015-01-27 - 18:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2014-10-28 - 20:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2015-03-12 - 21:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-10-28 - 20:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.2014-09-24 - 10:34:58.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2014-09-24 - 11:48:38.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2014-09-24 - 11:03:07.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2014-09-24 - 10:44:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.2014-10-06 - 22:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.2014-09-24 - 10:35:02.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2014-10-08 - 02:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-10-15 - 03:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 06:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2014-09-24 - 10:03:44.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2014-09-24 - 10:44:42.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/262
~ Mes musiques (My Musics) : 92/36941
~ Mes Videos (My Videos) : 1/238
~ Mes Favoris (My Favorites) : 1/139
~ Mes Documents (My Documents) : 2/29
~ Mon Bureau (My Desktop) : 2/10316
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 32s
---\\ Processus lancés
[MD5.98536348E54E712FD26DA87F67DE0FF0] - (.System NotifierV10.03 - System NotifierV10.03 exe.) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-10.exe [1397760] [PID.6320] =>PUP.SystemNotifier
[MD5.7016A5D74459577060366F7D1E44F495] - (.FileProperties_CompanyName - FileProperties_FileDescription.) -- C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe [1417216] [PID.8464] =>PUP.CrossRider
[MD5.7016A5D74459577060366F7D1E44F495] - (.FileProperties_CompanyName - FileProperties_FileDescription.) -- C:\Program Files (x86)\new game\new_game_notification_service.exe [1417216] [PID.8448] =>PUP.CrossRider
[MD5.E6F3BF2F8E2B81E67823106E68D71C50] - (...) -- C:\Users\paulo\AppData\Local\gmsd_ca_391\upgmsd_ca_391.exe [3306952] [PID.4880]
[MD5.8C3C61A8365498EDD6140003BCDDDDD8] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [624192] [PID.6360]
[MD5.2759F22A2E98ACFE664019534E33508E] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\paulo\AppData\Roaming\Dropbox\bin\Dropbox.exe [43376600] [PID.7784]
[MD5.F336AD03BE347DD5B585AD36AC78751B] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584] [PID.8332]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.3272]
[MD5.BA509E712118480C4D66B2957039F488] - (.Goobzo - Update Helper.) -- C:\Program Files (x86)\YTDownloader\BrowserHelper.exe [428392] [PID.1136] =>PUP.YTDownloader
[MD5.40E3C49CCB0103001590A4966238C758] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8200704] [PID.952]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\paulo\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\prefs.js
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\user.js
M3 - MFPP: Plugins - [paulo] -- C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\searchplugins\trovi.xml
M2 - MFEP: prefs.js [paulo - yuftifbi.default\eastasian@eunheui] [] eastasianeunheui v1005.73.535 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\https-everywhere@eff.org] [] HTTPS-Everywhere v5.0.2 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack] [] jid0GjwrPchS3Ugt7xydvqVK4DQk8Lsjetpack v1007.29.93 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack] [] jid0MXvUXM1npF7yTcY3bpZVht72AR4jetpack v1001.1.22 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\pagerank-client@koeniglich.ch] [] pagerankclientkoeniglichch v1005.2.89 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\slimaddonmanager@opendfki.de] [] slimaddonmanageropendfkide v1004.85.452 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\TTSD90021300@PYDKGV101145942.com] [] Ge-Force v1004.85.452 (..) =>PUP.CrossRider
M2 - MFEP: prefs.js [paulo - yuftifbi.default\YuhpuVq7A@gmail.com] [] mr fun v1004.85.452 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\{146f1820-2b0d-49ef-acbf-d85a6986e10c}] [] 146f18202b0d49efacbfd85a6986e10c v1005.20.140 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\{6ddefd54-f051-ae7f-f6af-093329c8a678}] [] Zoom It v1005.20.140 (..) =>PUP.ZoomIt
M2 - MFEP: prefs.js [paulo - yuftifbi.default\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] [] Flash and Video Download v1.69 (..)
M2 - MFEP: Extension [paulo - yuftifbi.default] 59D317DB041748fdB89B47E6F96058F3@defext.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid1-FB1bBgFMk5H6Wg@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid1-HAV2inXAnQPIeA@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid1-sNL73VCI4UB0Fw@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {5906a05d-88b0-4097-80ee-2301046e6d00}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {ec77f4a0-0b26-11dd-8911-54c255d89593}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 41 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 21 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15518)
~ Hosts File: Scanned in 00mn 11s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Browser Good 1.0.0.7 [64Bits] - {2dd0916f-60de-4413-8198-d3c9d9b959d1} . (.Browser Good - Browser Good.) -- C:\Program Files (x86)\Browser Good\BrowserGoodbho.dll =>PUP.BrowserGood
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Clé orpheline =>PUP.ShopperPro
~ BHO: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SmileysWeLove - [HKLM]{CF0F43AB-9C23-4D7B-8040-201B82844854} . (...) -- C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll =>Adware.SmileyBar
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Dll-Files Fixer.lnk . (.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\QuickLaunch [paulo]: Dll-Files Fixer.lnk . (.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O4 - GS\QuickLaunch [paulo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\TaskBar [paulo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\TaskBar [paulo]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\Program [paulo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
~ Global Startup: 9 Legitimates Filtered in 00mn 08s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [paulo]: hqghumeaylnlf.lnk . (.PC Utilities Software Limited - OptimizerPro – Clean up your PC.) -- C:\ProgramData\{d1da31e1-91f2-29d4-d1da-a31e191fc786}\hqghumeaylnlf.exe =>PUP.OptimizerPro
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [FAHConsole] . (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHConsole.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [3D BubbleSound] C:\Program Files\BubbleSound\3D BubbleSound.exe (.not file.) =>PUP.BubbleSound
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [SwvUpdtr] C:\Users\paulo\AppData\Local\2924\Updater.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_57277FB9FEF1817D5EA6E8B2A0E2A4DB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F02FD6093D5946ED42074B28BF576180] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowse
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [RadioController] . (.Dritek System Inc. - RF Button Helper.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKLM\..\Wow6432Node\Run: [gmsd_ca_352] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [gmsd_ca_391] . (...) -- C:\Program Files (x86)\gmsd_ca_391\gmsd_ca_391.exe
O4 - HKLM\..\Wow6432Node\Run: [rec_ca_25] . (...) -- C:\Program Files (x86)\rec_ca_25\rec_ca_25.exe
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\RunOnce: [Import FF:0] C:\Users\paulo\AppData\Local\browser extensions\Resources\certutil.exe (.not file.) =>PUP.Dealio
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_ca_391.exe] . (...) -- C:\Users\paulo\AppData\Local\gmsd_ca_391\upgmsd_ca_391.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [SwvUpdtr] C:\Users\paulo\AppData\Local\2924\Updater.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [HP Deskjet 3520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [GoogleChromeAutoLaunch_57277FB9FEF1817D5EA6E8B2A0E2A4DB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [GoogleChromeAutoLaunch_F02FD6093D5946ED42074B28BF576180] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowse
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
~ Application: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpDomain = nx.cgocable.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpDomain = nx.cgocable.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: CCL (CCL) . (...) - C:\Program Files (x86)\IGS\CCL.exe (.not file.)
O23 - Service: URL Sign In (qodukyqu) . (...) - C:\Users\paulo\AppData\Roaming\VOPackage\nsz62B6.tmpfs (.not file.) =>Adware.Downware
O23 - Service: Quick Ref 1.10.0.9 Client Service (qrsvc_1.10.0.9) . (...) - C:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exe (.not file.) =>PUP.QuickRef
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Search Module Update (SMUpd) . (.Search Module Ltd. - Search Module Update Service.) - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe =>PUP.Goobzo
O23 - Service: Util Browser Good (Util Browser Good) . (...) - C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe =>PUP.BrowserGood
~ Services: 5 Legitimates Filtered in 00mn 03s
---\\ Tâches planifiées en automatique (O39)
[MD5.D2701DF13A718999A1997F8E0AB6C293] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-1-6] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6.exe [1408512] =>PUP.CrossRider
[MD5.D2D2C4CA69A53C7CCEC93C5C48F9AE40] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-1-7] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7.exe [991744] =>PUP.CrossRider
[MD5.BE3DE9436BF82F940DFE666F35EBAC19] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-10_user] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-10.exe [1397760] =>PUP.CrossRider
[MD5.762A984800EC9432C0D8425A42952A6E] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-4] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-4.exe [1437696] =>PUP.CrossRider
[MD5.52BCD8D71EB35BF06650F77EB5EE4513] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-5] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-5.exe [1035264] =>PUP.CrossRider
[MD5.52BCD8D71EB35BF06650F77EB5EE4513] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-5_user] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-5.exe [1035264] =>PUP.CrossRider
[MD5.057231DB0A6FC2583A5E2DD5E9DEE477] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-6] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-6.exe [1452032] =>PUP.CrossRider
[MD5.D2D2C4CA69A53C7CCEC93C5C48F9AE40] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-7] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-7.exe [991744] =>PUP.CrossRider
[MD5.98536348E54E712FD26DA87F67DE0FF0] [APT] [a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user] (.System NotifierV10.03.) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-10.exe [1397760] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [a250569a-98c2-4048-95cc-84eb2edcd0f9-5] (...) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.exe (.not file.) [0] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user] (...) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.exe (.not file.) [0] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [AI_Updater] (...) -- C:\Program Files (x86)\Tuneup computer\updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [avaavaxvyy] (...) -- C:\Users\paulo\AppData\Local\avaavaxvyy\avaavaxvyy.exe (.not file.) [0] =>Adware.Pirrit
[MD5.00000000000000000000000000000000] [APT] [boosterpop] (...) -- C:\Program Files (x86)\Tuneup computer\Probsalert.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Crossbrowse] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe (.not file.) [0] =>PUP.CrossBrowse
[MD5.00000000000000000000000000000000] [APT] [HDNINSTSCHD] (...) -- C:\WINDOWS\PCBHDNW\hdnInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [IEError] (...) -- C:\Program Files (x86)\Tuneup computer\Popialert.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [IE_ERR4WDR] (...) -- C:\Program Files (x86)\Portable WeatherApp\IEError.exe (.not file.) [0]
[MD5.7016A5D74459577060366F7D1E44F495] [APT] [mr_fun_notification_service] (.FileProperties_CompanyName.) -- C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe [1417216] =>PUP.CrossRider
[MD5.5F126BD699C6B4D75E22DACDB74AD314] [APT] [mr_fun_updating_service] (...) -- C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe [96256] =>PUP.CrossRider
[MD5.7016A5D74459577060366F7D1E44F495] [APT] [new_game_notification_service] (.FileProperties_CompanyName.) -- C:\Program Files (x86)\new game\new_game_notification_service.exe [1417216] =>PUP.CrossRider
[MD5.5F126BD699C6B4D75E22DACDB74AD314] [APT] [new_game_updating_service] (...) -- C:\Program Files (x86)\new game\new_game_updating_service.exe [96256] =>PUP.CrossRider
[MD5.2A33F475AC1FB16995A824F91AC33715] [APT] [QJNFZ] (.System NotifierV10.03.) -- C:\Users\paulo\AppData\Roaming\QJNFZ.exe [1973760] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [SmartWeb Upgrade Trigger Task] (...) -- C:\Users\paulo\AppData\Local\SmartWeb\SmartWebHelper.exe (.not file.) [0] =>PUP.SmartWeb
[MD5.4561E512C1B798226B21B23A667C4514] [APT] [SMWUpd] (.Goobzo.) -- C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [750000] =>PUP.Goobzo
[MD5.00000000000000000000000000000000] [APT] [SMW_UpdateTask_Time_3834343338323638352d4a235b2a5a45784145573732] (...) -- C:\ProgramData\SearchModule\smhe.js" smu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [UPDTEXE4_WDR] (...) -- C:\Program Files (x86)\Portable WeatherApp\updater.exe (.not file.) [0]
[MD5.593BC6A2E29EC3DDE3571C3B8422A11C] [APT] [xGgQ5Z8X86GDE] (...) -- C:\Users\paulo\AppData\Roaming\xGgQ5Z8X86GDE.exe [1224704]
[MD5.00000000000000000000000000000000] [APT] [{0F7C3013-A7CC-4BC9-96AD-9D5B253FDB88}] (...) -- C:\Program Files\Elantech\ETDUn_inst.exe (.not file.) [0]
[MD5.A303B40E464472F51DC203F7C96E248D] [APT] [C5A3BB37E7764FD69BB3D8A75A7BB3E1] (.JellySplit.) -- C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1\C5A3BB37E7764FD69BB3D8A75A7BB3E1.exe [487424]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-6 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6.job [3476]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-6 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6 [3476]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-7 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7.job [3820]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-7 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7 [3820]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-10_user - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-10_user.job [2114]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-10_user - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-10_user [2114]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-4 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4.job [4496] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-4 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4 [4496] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5.job [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5 [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5_user - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user.job [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5_user - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-6 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6.job [6208] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-6 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6 [6208] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-7 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7.job [5864] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-7 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7 [5864] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user - (.System NotifierV10.03.) -- C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user.job [2140] =>PUP.SystemNotifier
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user - (.System NotifierV10.03.) -- C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user [2140] =>PUP.SystemNotifier
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5 - (...) -- C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.job [2474] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5 - (...) -- C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5 [2474] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user - (...) -- C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user.job [2474] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user - (...) -- C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user [2474] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
O39 - APT: Crossbrowse - (...) -- C:\Windows\Tasks\Crossbrowse.job [1084] =>PUP.CrossBrowse
O39 - APT: Crossbrowse - (...) -- C:\Windows\System32\Tasks\Crossbrowse [1084] =>PUP.CrossBrowse
O39 - APT: - (..) -- C:\Windows\Tasks\DLL-Files FixerASKUSER.job [312] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-Files FixerASKUSER [312] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY [304] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates [320] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [926] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [926] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [930] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [930] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
O39 - APT: mr_fun_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\Tasks\mr_fun_notification_service.job [1318] =>PUP.CrossRider
O39 - APT: mr_fun_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\System32\Tasks\mr_fun_notification_service [1318] =>PUP.CrossRider
O39 - APT: mr_fun_updating_service - (...) -- C:\Windows\Tasks\mr_fun_updating_service.job [680] =>PUP.CrossRider
O39 - APT: mr_fun_updating_service - (...) -- C:\Windows\System32\Tasks\mr_fun_updating_service [680] =>PUP.CrossRider
O39 - APT: new_game_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\Tasks\new_game_notification_service.job [1330] =>PUP.CrossRider
O39 - APT: new_game_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\System32\Tasks\new_game_notification_service [1330] =>PUP.CrossRider
O39 - APT: new_game_updating_service - (...) -- C:\Windows\Tasks\new_game_updating_service.job [692] =>PUP.CrossRider
O39 - APT: new_game_updating_service - (...) -- C:\Windows\System32\Tasks\new_game_updating_service [692] =>PUP.CrossRider
O39 - APT: QJNFZ - (.System NotifierV10.03.) -- C:\Windows\Tasks\QJNFZ.job [1364] =>PUP.SystemNotifier
O39 - APT: QJNFZ - (.System NotifierV10.03.) -- C:\Windows\System32\Tasks\QJNFZ [1364] =>PUP.SystemNotifier
O39 - APT: xGgQ5Z8X86GDE - (...) -- C:\Windows\Tasks\xGgQ5Z8X86GDE.job [1026]
O39 - APT: xGgQ5Z8X86GDE - (...) -- C:\Windows\System32\Tasks\xGgQ5Z8X86GDE [1026]
~ Scheduled Task: 101 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Browser Good - (.Browser Good.) [HKLM][64Bits] -- Browser Good =>PUP.BrowserGood
O42 - Logiciel: Ge-Force - (.Webar.) [HKLM][64Bits] -- Ge-Force =>PUP.CrossRider
O42 - Logiciel: Search Module Plus - (.Goobzo.) [HKLM][64Bits] -- Search Module Plus =>PUP.Goobzo
O42 - Logiciel: Search module - (.Goobzo.) [HKLM][64Bits] -- Search module =>PUP.Goobzo
O42 - Logiciel: Smileys We Love Toolbar for IE - (.SqueekyChocolate, LLC.) [HKLM][64Bits] -- {5D57E386-D294-41BA-9146-FADE0C76EB2A} =>Adware.SmileyBar
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ArenaHD]
[HKCU\Software\Browser Good] =>PUP.BrowserGood
[HKCU\Software\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider
[HKCU\Software\Cinema Plus Pro 3.2cV30.03] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV05.04] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider
[HKCU\Software\CinemaPlusPro3.2cV30.03]
[HKCU\Software\ClientConnect]
[HKCU\Software\Corez]
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider
[HKCU\Software\Ge-Force-nv] =>PUP.CrossRider
[HKCU\Software\Ge-Force] =>PUP.CrossRider
[HKCU\Software\GigaClicks] =>PUP.GigaClicks
[HKCU\Software\HighDefAction]
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\LoadTool]
[HKCU\Software\MediapVers2.3-nv-ie] =>PUP.CrossRider
[HKCU\Software\QJNFZ]
[HKCU\Software\Reg]
[HKCU\Software\Solid Program]
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer
[HKCU\Software\System NotifierV10.03] =>PUP.SystemNotifier
[HKCU\Software\SystemNotifierV10.03] =>PUP.SystemNotifier
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\YorkNewCin]
[HKCU\Software\mr fun]
[HKCU\Software\mrfun]
[HKCU\Software\new game]
[HKCU\Software\newgame]
[HKCU\Software\xGgQ5Z8X86GDE]
[HKLM\Software\ArenaHD]
[HKLM\Software\HighDefAction]
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\RPC2]
[HKLM\Software\RPC]
[HKLM\Software\SearchModulePlus]
[HKLM\Software\SearchModule]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\AdGazelle] =>PUP.AdGazelle
[HKLM\Software\Wow6432Node\ArenaHD]
[HKLM\Software\Wow6432Node\Browser Good] =>PUP.BrowserGood
[HKLM\Software\Wow6432Node\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CurrentControlSet]
[HKLM\Software\Wow6432Node\Ge-Force-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Ge-Force-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\GigaClicks] =>PUP.GigaClicks
[HKLM\Software\Wow6432Node\Hatchiho]
[HKLM\Software\Wow6432Node\HighDefAction]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\MediapVers2.3-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\PJ]
[HKLM\Software\Wow6432Node\RPC2]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\Rpc]
[HKLM\Software\Wow6432Node\SearchModulePlus]
[HKLM\Software\Wow6432Node\SearchModule]
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\WinPj]
[HKLM\Software\Wow6432Node\YorkNewCin]
[HKLM\Software\Wow6432Node\a0c77a9d-2066-4224-9794-673d6588a001] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\e03c07b6-ce34-4366-abf2-5484768b8d6d] =>PUP.CrossRider
[HKLM\Software\YorkNewCin]
~ Key Software: 317 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2015-04-14 - 23:10:13 - [] ----D C:\Program Files (x86)\37a3dab8-89d0-4c3f-8440-5af844574538
O43 - CFD: 2015-04-23 - 23:31:38 - [] ----D C:\Program Files (x86)\418909e2-631c-46f1-bca8-978677e79c8d
O43 - CFD: 2015-04-24 - 21:07:47 - [] ----D C:\Program Files (x86)\Browser Good =>PUP.BrowserGood
O43 - CFD: 2015-04-23 - 23:31:38 - [] ----D C:\Program Files (x86)\cc33d447-507a-4331-a4eb-e0a31763903a
O43 - CFD: 2015-03-30 - 16:35:41 - [0] ----D C:\Program Files (x86)\Cinema Plus Pro 3.2cV30.03 =>PUP.CrossRider
O43 - CFD: 2015-04-06 - 04:18:52 - [0] ----D C:\Program Files (x86)\CinemaPlus-3.2cV05.04 =>PUP.CrossRider
O43 - CFD: 2015-04-16 - 20:27:58 - [] ----D C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 2015-04-23 - 23:34:15 - [] ----D C:\Program Files (x86)\Ge-Force =>PUP.CrossRider
O43 - CFD: 2015-04-15 - 09:06:59 - [] ----D C:\Program Files (x86)\gmsd_ca_391
O43 - CFD: 2015-04-17 - 09:36:01 - [0] ----D C:\Program Files (x86)\Hatchiho
O43 - CFD: 2015-04-03 - 01:32:13 - [] ----D C:\Program Files (x86)\mr fun
O43 - CFD: 2015-04-14 - 23:31:09 - [] ----D C:\Program Files (x86)\new game
O43 - CFD: 2015-03-29 - 23:23:41 - [] ----D C:\Program Files (x86)\Online 8 Ball Pool Multiplayer
O43 - CFD: 2015-04-23 - 22:18:41 - [] ----D C:\Program Files (x86)\rec_ca_25
O43 - CFD: 2015-04-23 - 23:37:00 - [] ----D C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro
O43 - CFD: 2015-01-25 - 19:54:56 - [] ----D C:\Program Files (x86)\Smileys We Love Toolbar for IE =>Adware.SmileyBar
O43 - CFD: 2015-04-23 - 23:38:40 - [] ----D C:\Program Files (x86)\System NotifierV10.03 =>PUP.SystemNotifier
O43 - CFD: 2015-02-01 - 23:21:38 - [] ----D C:\Program Files (x86)\W3Schools Hider
O43 - CFD: 2015-03-30 - 13:14:54 - [] ----D C:\Program Files (x86)\YouTube Download Pool
O43 - CFD: 2015-04-23 - 23:56:54 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader
O43 - CFD: 2015-03-29 - 23:23:26 - [] ----D C:\ProgramData\1482331845906460859
O43 - CFD: 2015-04-23 - 23:32:59 - [] ----D C:\ProgramData\1d6998500000107e
O43 - CFD: 2015-02-14 - 22:32:05 - [0] ----D C:\ProgramData\3528706942
O43 - CFD: 2015-04-16 - 20:34:41 - [] ----D C:\ProgramData\52e6498600002704
O43 - CFD: 2015-04-22 - 00:02:38 - [] ----D C:\ProgramData\738de9f00006133
O43 - CFD: 2015-04-14 - 23:26:09 - [] ----D C:\ProgramData\ab2427e8b489498fb2c5949226c34784
O43 - CFD: 2015-04-25 - 10:14:12 - [] ----D C:\ProgramData\AppMgr3.01.5851619
O43 - CFD: 2013-02-05 - 21:00:40 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2015-01-25 - 19:51:38 - [] ----D C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1
O43 - CFD: 2015-04-25 - 01:12:34 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 2015-04-15 - 00:01:10 - [] ----D C:\ProgramData\f30941000050bf
O43 - CFD: 2015-04-23 - 23:24:52 - [] ----D C:\ProgramData\Kikblaster
O43 - CFD: 2015-01-25 - 19:52:13 - [] ----D C:\ProgramData\nfeajljhnbfcgheimohflfhoiemimheo
O43 - CFD: 2014-12-05 - 23:36:48 - [] ----D C:\ProgramData\OEM_E471269A730E
O43 - CFD: 2015-01-25 - 19:54:17 - [] ----D C:\ProgramData\rSsGyvCuU
O43 - CFD: 2015-04-23 - 23:25:12 - [] ----D C:\ProgramData\SearchModule
O43 - CFD: 2015-01-07 - 14:05:31 - [] ----D C:\ProgramData\SearchModulePlus
O43 - CFD: 2015-04-25 - 01:17:15 - [] ----D C:\ProgramData\{2ccd85f2-89f0-edad-2ccd-d85f289f17ca}
O43 - CFD: 2015-04-23 - 23:28:52 - [] ----D C:\ProgramData\{d1da31e1-91f2-29d4-d1da-a31e191fc786}
O43 - CFD: 2015-04-12 - 20:03:34 - [] ----D C:\ProgramData\{d78c88f8-5a98-28c9-d78c-c88f85a923e1}
O43 - CFD: 2015-04-06 - 04:20:09 - [] ----D C:\ProgramData\{d7b6279a-1c7c-9308-d7b6-6279a1c79e68}
O43 - CFD: 2015-04-21 - 23:58:17 - [] ----D C:\ProgramData\{f6726664-eb5e-be7f-f672-26664eb59993}
O43 - CFD: 2014-09-24 - 14:10:43 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
O43 - CFD: 2015-02-24 - 14:15:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 2015-01-25 - 19:54:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE =>Adware.SmileyBar
O43 - CFD: 2014-09-24 - 11:03:53 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015-04-17 - 09:23:39 - [] ----D C:\Users\paulo\AppData\Roaming\0D85D3DC-1427734435-E211-9E12-2089845C5253
O43 - CFD: 2015-04-15 - 09:24:09 - [] -SH-D C:\Users\paulo\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 2015-01-26 - 02:10:09 - [0] ----D C:\Users\paulo\AppData\Roaming\Booster Web
O43 - CFD: 2014-12-05 - 23:35:46 - [] ----D C:\Users\paulo\AppData\Roaming\lm
O43 - CFD: 2015-01-25 - 19:55:07 - [] ----D C:\Users\paulo\AppData\Roaming\smileyswelove =>Adware.SmileyBar
O43 - CFD: 2015-04-14 - 23:29:13 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1427720233-E211-9E12-2089845C5253
O43 - CFD: 2015-04-15 - 08:40:17 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1427720252-E211-9E12-2089845C5253
O43 - CFD: 2015-04-16 - 20:31:26 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1427720905-E211-9E12-2089845C5253
O43 - CFD: 2015-04-16 - 20:31:26 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1428870958-E211-9E12-2089845C5253
O43 - CFD: 2015-04-16 - 20:31:26 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1429088861-E211-9E12-2089845C5253
O43 - CFD: 2015-04-23 - 23:40:10 - [] ----D C:\Users\paulo\AppData\Local\BrowserHelper =>PUP.BrowserHelper
O43 - CFD: 2015-04-16 - 20:48:23 - [] ----D C:\Users\paulo\AppData\Local\CelebrityAlert
O43 - CFD: 2015-04-16 - 20:28:29 - [] ----D C:\Users\paulo\AppData\Local\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 2015-04-21 - 20:02:09 - [] -SH-D C:\Users\paulo\AppData\Local\EmieBrowserModeList
O43 - CFD: 2015-04-27 - 16:48:51 - [] ----D C:\Users\paulo\AppData\Local\gmsd_ca_391
O43 - CFD: 2015-04-23 - 23:30:35 - [] ----D C:\Users\paulo\AppData\Local\Installer
O43 - CFD: 2015-04-17 - 09:55:27 - [] ----D C:\Users\paulo\AppData\Local\PackageStaging
O43 - CFD: 2015-04-23 - 22:18:42 - [] ----D C:\Users\paulo\AppData\Local\rec_ca_25
O43 - CFD: 2015-04-17 - 09:36:01 - [0] ----D C:\Users\paulo\AppData\Local\SmartWeb =>PUP.SmartWeb
~ Program Folder: 231 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 2015-04-14 - 22:33:58 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
O44 - LFC:[MD5.8978531AB12BC3ADAB670EDD3CD53EC3] - 2015-04-14 - 23:02:01 ---A- . (...) -- C:\Windows\wininit.ini [3480]
O44 - LFC:[MD5.1C391F110EBB9CCB197913A81CDA26B3] - 2015-04-15 - 07:32:48 ---A- . (...) -- C:\Windows\System32\CCLOff.ini [8760]
O44 - LFC:[MD5.6890D992A8E2AB9A68C21B17DB9B9AD1] - 2015-04-15 - 08:10:41 ---A- . (...) -- C:\Windows\System32\DCLOff.ini [8648]
O44 - LFC:[MD5.459AEE6534F08322ECA4E9359C0CDABE] - 2015-04-21 - 20:20:43 ---A- . (.Pas de propriétaire - Application ContextH.) -- C:\Windows\System32\BWContextHandler.dll [53248]
O44 - LFC:[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - 2015-04-21 - 20:23:07 ---A- . (.Pas de propriétaire - Gestionnaire de contexte pour réseau person.) -- C:\Windows\System32\BthpanContextHandler.dll [96256]
O44 - LFC:[MD5.97F55D94100BA13A9C0647A4F193700A] - 2015-04-21 - 20:29:47 ---A- . (.Windows (R) Win 7 DDK provider - DSC.) -- C:\Windows\System32\DscCoreConfProv.dll [200192]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 2015-04-21 - 22:26:02 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75]
O44 - LFC:[MD5.87935C50424535E8C749E40A2672DF18] - 2015-04-21 - 22:56:20 ----- . (...) -- C:\Windows\DtcInstall.log [324]
O44 - LFC:[MD5.17C0BEDEC6AF7C5C9667D691F3D16638] - 2015-04-23 - 18:15:49 ---A- . (...) -- C:\Windows\Sandboxie.ini [1562]
~ Files: 2299 Legitimates Filtered in 01mn 15s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2013-08-12 - 18:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:2012-11-20 - 05:48:40 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [331152]
O58 - SDL:2013-08-22 - 07:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:2014-08-15 - 23:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 50 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: Hijackthis Version Française - (.Pc-Help-Bordeaux.) [HKLM] -- Hijackthis Version Française_is1
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowse
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Search Module) - http://www-searching.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D07056D0-35C3-4E58-83D5-FF2E10E027B3} - (Trovi) - http://www.trovi.com =>Hijacker.TroviCom
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.2A33F475AC1FB16995A824F91AC33715] [SPRF][2015-04-23] (.System NotifierV10.03 - System NotifierV10.03 exe.) -- C:\Users\paulo\AppData\Roaming\QJNFZ.exe [1973760] =>PUP.SystemNotifier
[MD5.593BC6A2E29EC3DDE3571C3B8422A11C] [SPRF][2015-04-03] (...) -- C:\Users\paulo\AppData\Roaming\xGgQ5Z8X86GDE.exe [1224704]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 2015-04-14 - 23:26:09 - [] ----D C:\ProgramData\ab2427e8b489498fb2c5949226c34784
O43 - CFD: 2015-01-25 - 19:51:38 - [] ----D C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1
[MD5.A303B40E464472F51DC203F7C96E248D] [SRI] (.JellySplit - C5A3BB37E7764FD69BB3D8A75A7BB3E1.) -- C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1\C5A3BB37E7764FD69BB3D8A75A7BB3E1.exe [487424]
~ Files: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A5841F20-A133-426A-B3E2-690670215539}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{781C3B0D-3CE3-48C5-BF40-B9A8DEE9928D}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{4CF9F9FD-0C87-4C72-BEC8-481AA9FA259A}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{29B8A4F8-A0BF-4F03-A839-78BB99E776FC}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{33ED2EC1-4A7C-4C52-B78A-F094AF66161C}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{228543FE-EB4B-459D-BB5E-88749E0AFDA9}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{36EE2624-72F4-42AD-8405-972BF302C94E}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{C95AD288-82B8-45A6-B4AC-6D1D1E25BBDE}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{588880E8-291D-4889-92D3-906DEC5E8717}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
~ Firewall: 9 Legitimates Filtered in 00mn 03s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "683E75D5492DAB141964AFEDC067BEA2" . (.Smileys We Love Toolbar for IE.) -- C:\WINDOWS\Installer\{5D57E386-D294-41BA-9146-FADE0C76EB2A}\_853F67D554F05449430E7E.exe =>Adware.SmileyBar
O90 - PUC: "75FA496A198926D428C4E7551A63A141" . (.eBay Worldwide.) -- c:\WINDOWS\Installer\{A694AF57-9891-4D62-824C-7E55A1361A14}\_853F67D554F05449430E7E.exe =>Toolbar.eBay
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 7 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowserGood_RASAPI32 =>PUP.BrowserGood
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowserGood_RASMANCS =>PUP.BrowserGood
~ BTK: 18 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{0DDD0901-01F1-3F7E-BAAA-0A56984C0A51}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar
[HKCR\CLSID\{227a0297-ebb0-421f-b153-93d6b33b9272}] (youtubeadblocker) =>PUP.Multiplug
[HKCR\CLSID\{3D954F15-72BA-3C5E-8B2B-BF0D65A1B98B}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar
[HKCR\CLSID\{7FD45008-86E6-3366-B2F2-00120191DE57}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar
[HKCR\CLSID\{A830CF64-0BF6-3C3D-9AC2-713DCE11059B}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar
[HKCR\CLSID\{AE815BAF-3E4E-3159-9B64-3E3B641B6629}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar
[HKCR\CLSID\{BFB18DD2-51C1-34EC-BE7F-58B9D83B2B33}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar
[HKCR\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}] (SmileysWeLove) =>Adware.SmileyBar
[HKCR\CLSID\{D029C6E7-2145-323B-8340-0AEC5315042F}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar
[HKCR\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}] (SmileysWeLoveToolbar) =>Adware.SmileyBar
[HKCR\CLSID\{f25b28d4-8f79-4d0c-a90b-2100652f13f8}] (youtubeadblocker) =>PUP.Multiplug
~ BCK: 5216 Legitimates Filtered in 00mn 11s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2015-04-14 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 2015-04-25 455928 | (AppMgr3.01.5851619) . (...) - C:\ProgramData\AppMgr3.01.5851619\AppMgr.exe
SS - | Disabled 2015-04-17 178688 | (belypuxo) . (...) - C:\Users\paulo\AppData\Roaming\0D85D3DC-1427734435-E211-9E12-2089845C5253\nsj61FE.tmp
SS - | Disabled 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 2012-08-20 176640 | (BrcmCardReader) . (.Broadcom Corp..) - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
SS - | Disabled 2015-03-30 195584 | (byhyxogi) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1427720233-E211-9E12-2089845C5253\cnseE7EC.tmp
SS - | Disabled 2012-10-26 2449552 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
SS - | Auto 1658-07-22 0 | (CCL) . (...) - C:\Program Files (x86)\IGS\CCL.exe
SS - | Demand 2014-01-29 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Disabled 2015-03-30 156160 | (cyryjunu) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1427720905-E211-9E12-2089845C5253\insu454D.tmp
SS - | Disabled 2012-11-16 469648 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
SS - | Disabled 2012-12-10 350544 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SS - | Disabled 2012-07-11 174160 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Disabled 2012-10-23 658064 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SS - | Disabled 2013-02-05 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 2015-03-30 183808 | (gipojoco) . (...) - C:\Users\paulo\AppData\Roaming\0D85D3DC-1427734435-E211-9E12-2089845C5253\jnsa3D0B.tmp
SS - | Disabled 2015-04-23 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Disabled 2015-04-23 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Disabled 2015-04-12 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 2015-04-12 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 2015-04-06 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 2015-04-15 127488 | (nofexexy) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1429088861-E211-9E12-2089845C5253\insc46DD.tmp
SS - | Disabled 2012-11-02 259136 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SS - | Disabled 2015-01-25 2734400 | (nTvKfwvKNP) . (.Rational Thought Solutions.) - C:\ProgramData\rSsGyvCuU\nTvKfwvKNP.exe =>Adware.StormAlert
SS - | Auto 1658-07-22 0 | (qodukyqu) . (...) - C:\Users\paulo\AppData\Roaming\VOPackage\nsz62B6.tmpfs =>Adware.Downware
SS - | Auto 1658-07-22 0 | (qrsvc_1.10.0.9) . (...) - C:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exe =>PUP.QuickRef
SS - | Disabled 2013-02-05 96880 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SS - | Disabled 2014-12-23 2719080 | (SMUpdPlus) . (.Search Module Plus Ltd..) - C:\Program Files\Common Files\GBUpdatePlus\smu.exe
SS - | Auto 2015-04-24 398584 | (Util Browser Good) . (...) - C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe =>PUP.BrowserGood
SS - | Disabled 2015-04-12 107008 | (winisyli) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1428870958-E211-9E12-2089845C5253\insl2844.tmp
SS - | Disabled 2015-03-30 246272 | (xulefedi) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1427720252-E211-9E12-2089845C5253\snsg2D30.tmp
SR - | Disabled 2015-01-08 22376 | (BrsHelper) . (...) - C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader
SR - | Auto 2014-04-25 1738200 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 2014-04-25 2081752 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 2014-04-25 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 2015-04-22 2720176 | (SMUpd) . (.Search Module Ltd..) - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe =>PUP.Goobzo
SR - | Demand 1658-07-22 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 1658-07-22 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 2014-10-28 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-04-25)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 99
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}] =>PUP.BrowserGood^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\SYSTEM\CurrentControlSet\Services\qodukyqu] =>Adware.Downware^
[HKLM\SYSTEM\CurrentControlSet\Services\qrsvc_1.10.0.9] =>PUP.QuickRef^
[HKLM\SYSTEM\CurrentControlSet\Services\SMUpd] =>PUP.Goobzo^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Browser Good] =>PUP.BrowserGood^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Browser Good] =>PUP.BrowserGood^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus] =>PUP.Goobzo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search module] =>PUP.Goobzo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5D57E386-D294-41BA-9146-FADE0C76EB2A}] =>Adware.SmileyBar^
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{CF0F43AB-9C23-4D7B-8040-201B82844854} =>Adware.SmileyBar^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:3D BubbleSound =>PUP.BubbleSound^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SwvUpdtr =>PUP.Nosibay^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Import FF:0 =>PUP.Dealio^
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\extensions\TTSD90021300@PYDKGV101145942.com =>PUP.CrossRider^
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\extensions\{6ddefd54-f051-ae7f-f6af-093329c8a678} =>PUP.ZoomIt^
C:\Program Files (x86)\Browser Good =>PUP.BrowserGood^
C:\Program Files (x86)\Cinema Plus Pro 3.2cV30.03 =>PUP.CrossRider^
C:\Program Files (x86)\CinemaPlus-3.2cV05.04 =>PUP.CrossRider^
C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowse^
C:\Program Files (x86)\Ge-Force =>PUP.CrossRider^
C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro^
C:\Program Files (x86)\Smileys We Love Toolbar for IE =>Adware.SmileyBar^
C:\Program Files (x86)\System NotifierV10.03 =>PUP.SystemNotifier^
C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE =>Adware.SmileyBar^
C:\Users\paulo\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\paulo\AppData\Roaming\smileyswelove =>Adware.SmileyBar^
C:\Users\paulo\AppData\Local\BrowserHelper =>PUP.BrowserHelper^
C:\Users\paulo\AppData\Local\Crossbrowse =>PUP.CrossBrowse^
C:\Users\paulo\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Users\paulo\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\paulo\Downloads\PC Performer =>Rogue.PCPerformer
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-10.exe =>PUP.SystemNotifier^
C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe =>PUP.CrossRider^
C:\Program Files (x86)\new game\new_game_notification_service.exe =>PUP.CrossRider^
C:\Program Files (x86)\YTDownloader\BrowserHelper.exe =>PUP.YTDownloader^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-10.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-4.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-5.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-7.exe =>PUP.CrossRider^
C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe =>PUP.CrossRider^
C:\Program Files (x86)\new game\new_game_updating_service.exe =>PUP.CrossRider^
C:\Users\paulo\AppData\Roaming\QJNFZ.exe =>PUP.SystemNotifier^
C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe =>PUP.Goobzo^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4 =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5 =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6 =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7 =>PUP.CrossRider^
C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user.job =>PUP.SystemNotifier^
C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user =>PUP.SystemNotifier^
C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5 =>PUP.CrossRider^
C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user =>PUP.CrossRider^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\Crossbrowse.job =>PUP.CrossBrowse^
C:\Windows\System32\Tasks\Crossbrowse =>PUP.CrossBrowse^
C:\Windows\Tasks\DLL-Files FixerASKUSER.job =>PUP.DllFilesFixer^
C:\Windows\System32\Tasks\DLL-Files FixerASKUSER =>PUP.DllFilesFixer^
C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY =>PUP.DllFilesFixer^
C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates =>PUP.DllFilesFixer^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
C:\Windows\Tasks\mr_fun_notification_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\mr_fun_notification_service =>PUP.CrossRider^
C:\Windows\Tasks\mr_fun_updating_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\mr_fun_updating_service =>PUP.CrossRider^
C:\Windows\Tasks\new_game_notification_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\new_game_notification_service =>PUP.CrossRider^
C:\Windows\Tasks\new_game_updating_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\new_game_updating_service =>PUP.CrossRider^
C:\Windows\Tasks\QJNFZ.job =>PUP.SystemNotifier^
C:\Windows\System32\Tasks\QJNFZ =>PUP.SystemNotifier^
[HKCU\Software\Browser Good] =>PUP.BrowserGood^
[HKCU\Software\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Cinema Plus Pro 3.2cV30.03] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV05.04] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider^
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser^
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Ge-Force-nv] =>PUP.CrossRider^
[HKCU\Software\Ge-Force] =>PUP.CrossRider^
[HKCU\Software\GigaClicks] =>PUP.GigaClicks^
[HKCU\Software\MediapVers2.3-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^
[HKCU\Software\System NotifierV10.03] =>PUP.SystemNotifier^
[HKCU\Software\SystemNotifierV10.03] =>PUP.SystemNotifier^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\AdGazelle] =>PUP.AdGazelle^
[HKLM\Software\Wow6432Node\Browser Good] =>PUP.BrowserGood^
[HKLM\Software\Wow6432Node\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Ge-Force-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\GigaClicks] =>PUP.GigaClicks^
[HKLM\Software\Wow6432Node\MediapVers2.3-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\a0c77a9d-2066-4224-9794-673d6588a001] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\e03c07b6-ce34-4366-abf2-5484768b8d6d] =>PUP.CrossRider^
[HKCR\CLSID\{0DDD0901-01F1-3F7E-BAAA-0A56984C0A51}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar^
[HKCR\CLSID\{227a0297-ebb0-421f-b153-93d6b33b9272}] (youtubeadblocker) =>PUP.Multiplug^
[HKCR\CLSID\{3D954F15-72BA-3C5E-8B2B-BF0D65A1B98B}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar^
[HKCR\CLSID\{7FD45008-86E6-3366-B2F2-00120191DE57}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar^
[HKCR\CLSID\{A830CF64-0BF6-3C3D-9AC2-713DCE11059B}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar^
[HKCR\CLSID\{AE815BAF-3E4E-3159-9B64-3E3B641B6629}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar^
[HKCR\CLSID\{BFB18DD2-51C1-34EC-BE7F-58B9D83B2B33}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar^
[HKCR\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}] (SmileysWeLove) =>Adware.SmileyBar^
[HKCR\CLSID\{D029C6E7-2145-323B-8340-0AEC5315042F}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar^
[HKCR\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}] (SmileysWeLoveToolbar) =>Adware.SmileyBar^
[HKCR\CLSID\{f25b28d4-8f79-4d0c-a90b-2100652f13f8}] (youtubeadblocker) =>PUP.Multiplug^
~ Additionnel Scan: 211818 Items scanned in 00mn 38s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://www.nicolascoolman.fr/blog/ =>PUP.SystemNotifier
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.ZoomIt
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserGood
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://www.nicolascoolman.fr/blog/ =>PUP.DllFilesFixer
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://www.nicolascoolman.fr/blog/ =>PUP.BubbleSound
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowse
http://nicolascoolman.fr/pup-dealio =>PUP.Dealio
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.QuickRef
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/pup-gigaclicks =>PUP.GigaClicks
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>PUP.AdGazelle
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserHelper
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://www.nicolascoolman.fr/blog/ =>Adware.StormAlert
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia
http://www.nicolascoolman.fr/blog/ =>Rogue.PCPerformer
~ MSI: 35 link(s) detected in 00mn 00s
~ 3191 Legitimates filtered by white list
End of the scan (939 lines in 03mn 45s)(0.10)
~ Lancé par paulo (2015-04-27 16:57:37)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.1
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : MWMQ6
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)
---\\ Logiciels de protection du système
Spybot - Search & Destroy v2.3.39
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.00
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3909 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 313 GB (69%) free of 448 GB
---\\ Mode de connexion au système
~ Computer Name: PAULOPORTABLE
~ User Name: paulo
~ All Users Names: paulo, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\paulo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\paulo\AppData\Roaming\
~ %Desktop% : C:\Users\paulo\Desktop\
~ %Favorites% : C:\Users\paulo\Favorites\
~ %LocalAppData% : C:\Users\paulo\AppData\Local\
~ %StartMenu% : C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 313 Go of 448 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.2015-01-27 - 18:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2014-10-28 - 20:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2015-03-12 - 21:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-10-28 - 20:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.2014-09-24 - 10:34:58.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2014-09-24 - 11:48:38.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2014-09-24 - 11:03:07.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2014-09-24 - 10:44:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.2014-10-06 - 22:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.2014-09-24 - 10:35:02.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2014-10-08 - 02:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-10-15 - 03:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 06:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2014-09-24 - 10:03:44.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2014-09-24 - 10:44:42.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/262
~ Mes musiques (My Musics) : 92/36941
~ Mes Videos (My Videos) : 1/238
~ Mes Favoris (My Favorites) : 1/139
~ Mes Documents (My Documents) : 2/29
~ Mon Bureau (My Desktop) : 2/10316
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 32s
---\\ Processus lancés
[MD5.98536348E54E712FD26DA87F67DE0FF0] - (.System NotifierV10.03 - System NotifierV10.03 exe.) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-10.exe [1397760] [PID.6320] =>PUP.SystemNotifier
[MD5.7016A5D74459577060366F7D1E44F495] - (.FileProperties_CompanyName - FileProperties_FileDescription.) -- C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe [1417216] [PID.8464] =>PUP.CrossRider
[MD5.7016A5D74459577060366F7D1E44F495] - (.FileProperties_CompanyName - FileProperties_FileDescription.) -- C:\Program Files (x86)\new game\new_game_notification_service.exe [1417216] [PID.8448] =>PUP.CrossRider
[MD5.E6F3BF2F8E2B81E67823106E68D71C50] - (...) -- C:\Users\paulo\AppData\Local\gmsd_ca_391\upgmsd_ca_391.exe [3306952] [PID.4880]
[MD5.8C3C61A8365498EDD6140003BCDDDDD8] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [624192] [PID.6360]
[MD5.2759F22A2E98ACFE664019534E33508E] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\paulo\AppData\Roaming\Dropbox\bin\Dropbox.exe [43376600] [PID.7784]
[MD5.F336AD03BE347DD5B585AD36AC78751B] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584] [PID.8332]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.3272]
[MD5.BA509E712118480C4D66B2957039F488] - (.Goobzo - Update Helper.) -- C:\Program Files (x86)\YTDownloader\BrowserHelper.exe [428392] [PID.1136] =>PUP.YTDownloader
[MD5.40E3C49CCB0103001590A4966238C758] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8200704] [PID.952]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\paulo\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\prefs.js
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\user.js
M3 - MFPP: Plugins - [paulo] -- C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\searchplugins\trovi.xml
M2 - MFEP: prefs.js [paulo - yuftifbi.default\eastasian@eunheui] [] eastasianeunheui v1005.73.535 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\https-everywhere@eff.org] [] HTTPS-Everywhere v5.0.2 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack] [] jid0GjwrPchS3Ugt7xydvqVK4DQk8Lsjetpack v1007.29.93 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack] [] jid0MXvUXM1npF7yTcY3bpZVht72AR4jetpack v1001.1.22 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\pagerank-client@koeniglich.ch] [] pagerankclientkoeniglichch v1005.2.89 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\slimaddonmanager@opendfki.de] [] slimaddonmanageropendfkide v1004.85.452 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\TTSD90021300@PYDKGV101145942.com] [] Ge-Force v1004.85.452 (..) =>PUP.CrossRider
M2 - MFEP: prefs.js [paulo - yuftifbi.default\YuhpuVq7A@gmail.com] [] mr fun v1004.85.452 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\{146f1820-2b0d-49ef-acbf-d85a6986e10c}] [] 146f18202b0d49efacbfd85a6986e10c v1005.20.140 (..)
M2 - MFEP: prefs.js [paulo - yuftifbi.default\{6ddefd54-f051-ae7f-f6af-093329c8a678}] [] Zoom It v1005.20.140 (..) =>PUP.ZoomIt
M2 - MFEP: prefs.js [paulo - yuftifbi.default\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] [] Flash and Video Download v1.69 (..)
M2 - MFEP: Extension [paulo - yuftifbi.default] 59D317DB041748fdB89B47E6F96058F3@defext.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid1-FB1bBgFMk5H6Wg@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid1-HAV2inXAnQPIeA@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] jid1-sNL73VCI4UB0Fw@jetpack.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {5906a05d-88b0-4097-80ee-2301046e6d00}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {ec77f4a0-0b26-11dd-8911-54c255d89593}.xpi
M2 - MFEP: Extension [paulo - yuftifbi.default] {f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 41 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 21 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15518)
~ Hosts File: Scanned in 00mn 11s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Browser Good 1.0.0.7 [64Bits] - {2dd0916f-60de-4413-8198-d3c9d9b959d1} . (.Browser Good - Browser Good.) -- C:\Program Files (x86)\Browser Good\BrowserGoodbho.dll =>PUP.BrowserGood
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Clé orpheline =>PUP.ShopperPro
~ BHO: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SmileysWeLove - [HKLM]{CF0F43AB-9C23-4D7B-8040-201B82844854} . (...) -- C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll =>Adware.SmileyBar
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Dll-Files Fixer.lnk . (.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\QuickLaunch [paulo]: Dll-Files Fixer.lnk . (.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O4 - GS\QuickLaunch [paulo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\TaskBar [paulo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\TaskBar [paulo]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\Program [paulo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
~ Global Startup: 9 Legitimates Filtered in 00mn 08s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [paulo]: hqghumeaylnlf.lnk . (.PC Utilities Software Limited - OptimizerPro – Clean up your PC.) -- C:\ProgramData\{d1da31e1-91f2-29d4-d1da-a31e191fc786}\hqghumeaylnlf.exe =>PUP.OptimizerPro
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [FAHConsole] . (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHConsole.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [3D BubbleSound] C:\Program Files\BubbleSound\3D BubbleSound.exe (.not file.) =>PUP.BubbleSound
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [SwvUpdtr] C:\Users\paulo\AppData\Local\2924\Updater.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_57277FB9FEF1817D5EA6E8B2A0E2A4DB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F02FD6093D5946ED42074B28BF576180] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowse
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [RadioController] . (.Dritek System Inc. - RF Button Helper.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKLM\..\Wow6432Node\Run: [gmsd_ca_352] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [gmsd_ca_391] . (...) -- C:\Program Files (x86)\gmsd_ca_391\gmsd_ca_391.exe
O4 - HKLM\..\Wow6432Node\Run: [rec_ca_25] . (...) -- C:\Program Files (x86)\rec_ca_25\rec_ca_25.exe
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\RunOnce: [Import FF:0] C:\Users\paulo\AppData\Local\browser extensions\Resources\certutil.exe (.not file.) =>PUP.Dealio
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_ca_391.exe] . (...) -- C:\Users\paulo\AppData\Local\gmsd_ca_391\upgmsd_ca_391.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [SwvUpdtr] C:\Users\paulo\AppData\Local\2924\Updater.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [HP Deskjet 3520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [GoogleChromeAutoLaunch_57277FB9FEF1817D5EA6E8B2A0E2A4DB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [GoogleChromeAutoLaunch_F02FD6093D5946ED42074B28BF576180] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowse
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-1360054346-3453835033-1392024213-1001\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
~ Application: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpDomain = nx.cgocable.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9C0BFA3A-899F-4A35-832A-35DBABF08D7C}: DhcpDomain = nx.cgocable.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: CCL (CCL) . (...) - C:\Program Files (x86)\IGS\CCL.exe (.not file.)
O23 - Service: URL Sign In (qodukyqu) . (...) - C:\Users\paulo\AppData\Roaming\VOPackage\nsz62B6.tmpfs (.not file.) =>Adware.Downware
O23 - Service: Quick Ref 1.10.0.9 Client Service (qrsvc_1.10.0.9) . (...) - C:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exe (.not file.) =>PUP.QuickRef
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Search Module Update (SMUpd) . (.Search Module Ltd. - Search Module Update Service.) - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe =>PUP.Goobzo
O23 - Service: Util Browser Good (Util Browser Good) . (...) - C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe =>PUP.BrowserGood
~ Services: 5 Legitimates Filtered in 00mn 03s
---\\ Tâches planifiées en automatique (O39)
[MD5.D2701DF13A718999A1997F8E0AB6C293] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-1-6] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6.exe [1408512] =>PUP.CrossRider
[MD5.D2D2C4CA69A53C7CCEC93C5C48F9AE40] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-1-7] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7.exe [991744] =>PUP.CrossRider
[MD5.BE3DE9436BF82F940DFE666F35EBAC19] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-10_user] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-10.exe [1397760] =>PUP.CrossRider
[MD5.762A984800EC9432C0D8425A42952A6E] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-4] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-4.exe [1437696] =>PUP.CrossRider
[MD5.52BCD8D71EB35BF06650F77EB5EE4513] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-5] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-5.exe [1035264] =>PUP.CrossRider
[MD5.52BCD8D71EB35BF06650F77EB5EE4513] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-5_user] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-5.exe [1035264] =>PUP.CrossRider
[MD5.057231DB0A6FC2583A5E2DD5E9DEE477] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-6] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-6.exe [1452032] =>PUP.CrossRider
[MD5.D2D2C4CA69A53C7CCEC93C5C48F9AE40] [APT] [646aa85d-05a6-494d-8cae-d006da7dc00c-7] (.Webar.) -- C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-7.exe [991744] =>PUP.CrossRider
[MD5.98536348E54E712FD26DA87F67DE0FF0] [APT] [a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user] (.System NotifierV10.03.) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-10.exe [1397760] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [a250569a-98c2-4048-95cc-84eb2edcd0f9-5] (...) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.exe (.not file.) [0] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user] (...) -- C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.exe (.not file.) [0] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [AI_Updater] (...) -- C:\Program Files (x86)\Tuneup computer\updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [avaavaxvyy] (...) -- C:\Users\paulo\AppData\Local\avaavaxvyy\avaavaxvyy.exe (.not file.) [0] =>Adware.Pirrit
[MD5.00000000000000000000000000000000] [APT] [boosterpop] (...) -- C:\Program Files (x86)\Tuneup computer\Probsalert.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Crossbrowse] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe (.not file.) [0] =>PUP.CrossBrowse
[MD5.00000000000000000000000000000000] [APT] [HDNINSTSCHD] (...) -- C:\WINDOWS\PCBHDNW\hdnInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [IEError] (...) -- C:\Program Files (x86)\Tuneup computer\Popialert.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [IE_ERR4WDR] (...) -- C:\Program Files (x86)\Portable WeatherApp\IEError.exe (.not file.) [0]
[MD5.7016A5D74459577060366F7D1E44F495] [APT] [mr_fun_notification_service] (.FileProperties_CompanyName.) -- C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe [1417216] =>PUP.CrossRider
[MD5.5F126BD699C6B4D75E22DACDB74AD314] [APT] [mr_fun_updating_service] (...) -- C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe [96256] =>PUP.CrossRider
[MD5.7016A5D74459577060366F7D1E44F495] [APT] [new_game_notification_service] (.FileProperties_CompanyName.) -- C:\Program Files (x86)\new game\new_game_notification_service.exe [1417216] =>PUP.CrossRider
[MD5.5F126BD699C6B4D75E22DACDB74AD314] [APT] [new_game_updating_service] (...) -- C:\Program Files (x86)\new game\new_game_updating_service.exe [96256] =>PUP.CrossRider
[MD5.2A33F475AC1FB16995A824F91AC33715] [APT] [QJNFZ] (.System NotifierV10.03.) -- C:\Users\paulo\AppData\Roaming\QJNFZ.exe [1973760] =>PUP.SystemNotifier
[MD5.00000000000000000000000000000000] [APT] [SmartWeb Upgrade Trigger Task] (...) -- C:\Users\paulo\AppData\Local\SmartWeb\SmartWebHelper.exe (.not file.) [0] =>PUP.SmartWeb
[MD5.4561E512C1B798226B21B23A667C4514] [APT] [SMWUpd] (.Goobzo.) -- C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [750000] =>PUP.Goobzo
[MD5.00000000000000000000000000000000] [APT] [SMW_UpdateTask_Time_3834343338323638352d4a235b2a5a45784145573732] (...) -- C:\ProgramData\SearchModule\smhe.js" smu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [UPDTEXE4_WDR] (...) -- C:\Program Files (x86)\Portable WeatherApp\updater.exe (.not file.) [0]
[MD5.593BC6A2E29EC3DDE3571C3B8422A11C] [APT] [xGgQ5Z8X86GDE] (...) -- C:\Users\paulo\AppData\Roaming\xGgQ5Z8X86GDE.exe [1224704]
[MD5.00000000000000000000000000000000] [APT] [{0F7C3013-A7CC-4BC9-96AD-9D5B253FDB88}] (...) -- C:\Program Files\Elantech\ETDUn_inst.exe (.not file.) [0]
[MD5.A303B40E464472F51DC203F7C96E248D] [APT] [C5A3BB37E7764FD69BB3D8A75A7BB3E1] (.JellySplit.) -- C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1\C5A3BB37E7764FD69BB3D8A75A7BB3E1.exe [487424]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-6 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6.job [3476]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-6 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6 [3476]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-7 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7.job [3820]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-1-7 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7 [3820]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-10_user - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-10_user.job [2114]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-10_user - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-10_user [2114]
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-4 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4.job [4496] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-4 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4 [4496] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5.job [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5 [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5_user - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user.job [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-5_user - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user [2792] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-6 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6.job [6208] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-6 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6 [6208] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-7 - (.Webar.) -- C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7.job [5864] =>PUP.CrossRider
O39 - APT: 646aa85d-05a6-494d-8cae-d006da7dc00c-7 - (.Webar.) -- C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7 [5864] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user - (.System NotifierV10.03.) -- C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user.job [2140] =>PUP.SystemNotifier
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user - (.System NotifierV10.03.) -- C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user [2140] =>PUP.SystemNotifier
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5 - (...) -- C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.job [2474] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5 - (...) -- C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5 [2474] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user - (...) -- C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user.job [2474] =>PUP.CrossRider
O39 - APT: a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user - (...) -- C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user [2474] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
O39 - APT: Crossbrowse - (...) -- C:\Windows\Tasks\Crossbrowse.job [1084] =>PUP.CrossBrowse
O39 - APT: Crossbrowse - (...) -- C:\Windows\System32\Tasks\Crossbrowse [1084] =>PUP.CrossBrowse
O39 - APT: - (..) -- C:\Windows\Tasks\DLL-Files FixerASKUSER.job [312] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-Files FixerASKUSER [312] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY [304] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates [320] =>PUP.DllFilesFixer
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [926] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [926] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [930] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [930] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
O39 - APT: mr_fun_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\Tasks\mr_fun_notification_service.job [1318] =>PUP.CrossRider
O39 - APT: mr_fun_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\System32\Tasks\mr_fun_notification_service [1318] =>PUP.CrossRider
O39 - APT: mr_fun_updating_service - (...) -- C:\Windows\Tasks\mr_fun_updating_service.job [680] =>PUP.CrossRider
O39 - APT: mr_fun_updating_service - (...) -- C:\Windows\System32\Tasks\mr_fun_updating_service [680] =>PUP.CrossRider
O39 - APT: new_game_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\Tasks\new_game_notification_service.job [1330] =>PUP.CrossRider
O39 - APT: new_game_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\System32\Tasks\new_game_notification_service [1330] =>PUP.CrossRider
O39 - APT: new_game_updating_service - (...) -- C:\Windows\Tasks\new_game_updating_service.job [692] =>PUP.CrossRider
O39 - APT: new_game_updating_service - (...) -- C:\Windows\System32\Tasks\new_game_updating_service [692] =>PUP.CrossRider
O39 - APT: QJNFZ - (.System NotifierV10.03.) -- C:\Windows\Tasks\QJNFZ.job [1364] =>PUP.SystemNotifier
O39 - APT: QJNFZ - (.System NotifierV10.03.) -- C:\Windows\System32\Tasks\QJNFZ [1364] =>PUP.SystemNotifier
O39 - APT: xGgQ5Z8X86GDE - (...) -- C:\Windows\Tasks\xGgQ5Z8X86GDE.job [1026]
O39 - APT: xGgQ5Z8X86GDE - (...) -- C:\Windows\System32\Tasks\xGgQ5Z8X86GDE [1026]
~ Scheduled Task: 101 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Browser Good - (.Browser Good.) [HKLM][64Bits] -- Browser Good =>PUP.BrowserGood
O42 - Logiciel: Ge-Force - (.Webar.) [HKLM][64Bits] -- Ge-Force =>PUP.CrossRider
O42 - Logiciel: Search Module Plus - (.Goobzo.) [HKLM][64Bits] -- Search Module Plus =>PUP.Goobzo
O42 - Logiciel: Search module - (.Goobzo.) [HKLM][64Bits] -- Search module =>PUP.Goobzo
O42 - Logiciel: Smileys We Love Toolbar for IE - (.SqueekyChocolate, LLC.) [HKLM][64Bits] -- {5D57E386-D294-41BA-9146-FADE0C76EB2A} =>Adware.SmileyBar
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ArenaHD]
[HKCU\Software\Browser Good] =>PUP.BrowserGood
[HKCU\Software\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider
[HKCU\Software\Cinema Plus Pro 3.2cV30.03] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV05.04] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider
[HKCU\Software\CinemaPlusPro3.2cV30.03]
[HKCU\Software\ClientConnect]
[HKCU\Software\Corez]
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider
[HKCU\Software\Ge-Force-nv] =>PUP.CrossRider
[HKCU\Software\Ge-Force] =>PUP.CrossRider
[HKCU\Software\GigaClicks] =>PUP.GigaClicks
[HKCU\Software\HighDefAction]
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\LoadTool]
[HKCU\Software\MediapVers2.3-nv-ie] =>PUP.CrossRider
[HKCU\Software\QJNFZ]
[HKCU\Software\Reg]
[HKCU\Software\Solid Program]
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer
[HKCU\Software\System NotifierV10.03] =>PUP.SystemNotifier
[HKCU\Software\SystemNotifierV10.03] =>PUP.SystemNotifier
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\YorkNewCin]
[HKCU\Software\mr fun]
[HKCU\Software\mrfun]
[HKCU\Software\new game]
[HKCU\Software\newgame]
[HKCU\Software\xGgQ5Z8X86GDE]
[HKLM\Software\ArenaHD]
[HKLM\Software\HighDefAction]
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\RPC2]
[HKLM\Software\RPC]
[HKLM\Software\SearchModulePlus]
[HKLM\Software\SearchModule]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\AdGazelle] =>PUP.AdGazelle
[HKLM\Software\Wow6432Node\ArenaHD]
[HKLM\Software\Wow6432Node\Browser Good] =>PUP.BrowserGood
[HKLM\Software\Wow6432Node\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\CurrentControlSet]
[HKLM\Software\Wow6432Node\Ge-Force-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Ge-Force-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\GigaClicks] =>PUP.GigaClicks
[HKLM\Software\Wow6432Node\Hatchiho]
[HKLM\Software\Wow6432Node\HighDefAction]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\MediapVers2.3-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\PJ]
[HKLM\Software\Wow6432Node\RPC2]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\Rpc]
[HKLM\Software\Wow6432Node\SearchModulePlus]
[HKLM\Software\Wow6432Node\SearchModule]
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\WinPj]
[HKLM\Software\Wow6432Node\YorkNewCin]
[HKLM\Software\Wow6432Node\a0c77a9d-2066-4224-9794-673d6588a001] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\e03c07b6-ce34-4366-abf2-5484768b8d6d] =>PUP.CrossRider
[HKLM\Software\YorkNewCin]
~ Key Software: 317 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2015-04-14 - 23:10:13 - [] ----D C:\Program Files (x86)\37a3dab8-89d0-4c3f-8440-5af844574538
O43 - CFD: 2015-04-23 - 23:31:38 - [] ----D C:\Program Files (x86)\418909e2-631c-46f1-bca8-978677e79c8d
O43 - CFD: 2015-04-24 - 21:07:47 - [] ----D C:\Program Files (x86)\Browser Good =>PUP.BrowserGood
O43 - CFD: 2015-04-23 - 23:31:38 - [] ----D C:\Program Files (x86)\cc33d447-507a-4331-a4eb-e0a31763903a
O43 - CFD: 2015-03-30 - 16:35:41 - [0] ----D C:\Program Files (x86)\Cinema Plus Pro 3.2cV30.03 =>PUP.CrossRider
O43 - CFD: 2015-04-06 - 04:18:52 - [0] ----D C:\Program Files (x86)\CinemaPlus-3.2cV05.04 =>PUP.CrossRider
O43 - CFD: 2015-04-16 - 20:27:58 - [] ----D C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 2015-04-23 - 23:34:15 - [] ----D C:\Program Files (x86)\Ge-Force =>PUP.CrossRider
O43 - CFD: 2015-04-15 - 09:06:59 - [] ----D C:\Program Files (x86)\gmsd_ca_391
O43 - CFD: 2015-04-17 - 09:36:01 - [0] ----D C:\Program Files (x86)\Hatchiho
O43 - CFD: 2015-04-03 - 01:32:13 - [] ----D C:\Program Files (x86)\mr fun
O43 - CFD: 2015-04-14 - 23:31:09 - [] ----D C:\Program Files (x86)\new game
O43 - CFD: 2015-03-29 - 23:23:41 - [] ----D C:\Program Files (x86)\Online 8 Ball Pool Multiplayer
O43 - CFD: 2015-04-23 - 22:18:41 - [] ----D C:\Program Files (x86)\rec_ca_25
O43 - CFD: 2015-04-23 - 23:37:00 - [] ----D C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro
O43 - CFD: 2015-01-25 - 19:54:56 - [] ----D C:\Program Files (x86)\Smileys We Love Toolbar for IE =>Adware.SmileyBar
O43 - CFD: 2015-04-23 - 23:38:40 - [] ----D C:\Program Files (x86)\System NotifierV10.03 =>PUP.SystemNotifier
O43 - CFD: 2015-02-01 - 23:21:38 - [] ----D C:\Program Files (x86)\W3Schools Hider
O43 - CFD: 2015-03-30 - 13:14:54 - [] ----D C:\Program Files (x86)\YouTube Download Pool
O43 - CFD: 2015-04-23 - 23:56:54 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader
O43 - CFD: 2015-03-29 - 23:23:26 - [] ----D C:\ProgramData\1482331845906460859
O43 - CFD: 2015-04-23 - 23:32:59 - [] ----D C:\ProgramData\1d6998500000107e
O43 - CFD: 2015-02-14 - 22:32:05 - [0] ----D C:\ProgramData\3528706942
O43 - CFD: 2015-04-16 - 20:34:41 - [] ----D C:\ProgramData\52e6498600002704
O43 - CFD: 2015-04-22 - 00:02:38 - [] ----D C:\ProgramData\738de9f00006133
O43 - CFD: 2015-04-14 - 23:26:09 - [] ----D C:\ProgramData\ab2427e8b489498fb2c5949226c34784
O43 - CFD: 2015-04-25 - 10:14:12 - [] ----D C:\ProgramData\AppMgr3.01.5851619
O43 - CFD: 2013-02-05 - 21:00:40 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2015-01-25 - 19:51:38 - [] ----D C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1
O43 - CFD: 2015-04-25 - 01:12:34 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 2015-04-15 - 00:01:10 - [] ----D C:\ProgramData\f30941000050bf
O43 - CFD: 2015-04-23 - 23:24:52 - [] ----D C:\ProgramData\Kikblaster
O43 - CFD: 2015-01-25 - 19:52:13 - [] ----D C:\ProgramData\nfeajljhnbfcgheimohflfhoiemimheo
O43 - CFD: 2014-12-05 - 23:36:48 - [] ----D C:\ProgramData\OEM_E471269A730E
O43 - CFD: 2015-01-25 - 19:54:17 - [] ----D C:\ProgramData\rSsGyvCuU
O43 - CFD: 2015-04-23 - 23:25:12 - [] ----D C:\ProgramData\SearchModule
O43 - CFD: 2015-01-07 - 14:05:31 - [] ----D C:\ProgramData\SearchModulePlus
O43 - CFD: 2015-04-25 - 01:17:15 - [] ----D C:\ProgramData\{2ccd85f2-89f0-edad-2ccd-d85f289f17ca}
O43 - CFD: 2015-04-23 - 23:28:52 - [] ----D C:\ProgramData\{d1da31e1-91f2-29d4-d1da-a31e191fc786}
O43 - CFD: 2015-04-12 - 20:03:34 - [] ----D C:\ProgramData\{d78c88f8-5a98-28c9-d78c-c88f85a923e1}
O43 - CFD: 2015-04-06 - 04:20:09 - [] ----D C:\ProgramData\{d7b6279a-1c7c-9308-d7b6-6279a1c79e68}
O43 - CFD: 2015-04-21 - 23:58:17 - [] ----D C:\ProgramData\{f6726664-eb5e-be7f-f672-26664eb59993}
O43 - CFD: 2014-09-24 - 14:10:43 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
O43 - CFD: 2015-02-24 - 14:15:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 2015-01-25 - 19:54:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE =>Adware.SmileyBar
O43 - CFD: 2014-09-24 - 11:03:53 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015-04-17 - 09:23:39 - [] ----D C:\Users\paulo\AppData\Roaming\0D85D3DC-1427734435-E211-9E12-2089845C5253
O43 - CFD: 2015-04-15 - 09:24:09 - [] -SH-D C:\Users\paulo\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 2015-01-26 - 02:10:09 - [0] ----D C:\Users\paulo\AppData\Roaming\Booster Web
O43 - CFD: 2014-12-05 - 23:35:46 - [] ----D C:\Users\paulo\AppData\Roaming\lm
O43 - CFD: 2015-01-25 - 19:55:07 - [] ----D C:\Users\paulo\AppData\Roaming\smileyswelove =>Adware.SmileyBar
O43 - CFD: 2015-04-14 - 23:29:13 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1427720233-E211-9E12-2089845C5253
O43 - CFD: 2015-04-15 - 08:40:17 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1427720252-E211-9E12-2089845C5253
O43 - CFD: 2015-04-16 - 20:31:26 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1427720905-E211-9E12-2089845C5253
O43 - CFD: 2015-04-16 - 20:31:26 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1428870958-E211-9E12-2089845C5253
O43 - CFD: 2015-04-16 - 20:31:26 - [] ----D C:\Users\paulo\AppData\Local\0D85D3DC-1429088861-E211-9E12-2089845C5253
O43 - CFD: 2015-04-23 - 23:40:10 - [] ----D C:\Users\paulo\AppData\Local\BrowserHelper =>PUP.BrowserHelper
O43 - CFD: 2015-04-16 - 20:48:23 - [] ----D C:\Users\paulo\AppData\Local\CelebrityAlert
O43 - CFD: 2015-04-16 - 20:28:29 - [] ----D C:\Users\paulo\AppData\Local\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 2015-04-21 - 20:02:09 - [] -SH-D C:\Users\paulo\AppData\Local\EmieBrowserModeList
O43 - CFD: 2015-04-27 - 16:48:51 - [] ----D C:\Users\paulo\AppData\Local\gmsd_ca_391
O43 - CFD: 2015-04-23 - 23:30:35 - [] ----D C:\Users\paulo\AppData\Local\Installer
O43 - CFD: 2015-04-17 - 09:55:27 - [] ----D C:\Users\paulo\AppData\Local\PackageStaging
O43 - CFD: 2015-04-23 - 22:18:42 - [] ----D C:\Users\paulo\AppData\Local\rec_ca_25
O43 - CFD: 2015-04-17 - 09:36:01 - [0] ----D C:\Users\paulo\AppData\Local\SmartWeb =>PUP.SmartWeb
~ Program Folder: 231 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 2015-04-14 - 22:33:58 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
O44 - LFC:[MD5.8978531AB12BC3ADAB670EDD3CD53EC3] - 2015-04-14 - 23:02:01 ---A- . (...) -- C:\Windows\wininit.ini [3480]
O44 - LFC:[MD5.1C391F110EBB9CCB197913A81CDA26B3] - 2015-04-15 - 07:32:48 ---A- . (...) -- C:\Windows\System32\CCLOff.ini [8760]
O44 - LFC:[MD5.6890D992A8E2AB9A68C21B17DB9B9AD1] - 2015-04-15 - 08:10:41 ---A- . (...) -- C:\Windows\System32\DCLOff.ini [8648]
O44 - LFC:[MD5.459AEE6534F08322ECA4E9359C0CDABE] - 2015-04-21 - 20:20:43 ---A- . (.Pas de propriétaire - Application ContextH.) -- C:\Windows\System32\BWContextHandler.dll [53248]
O44 - LFC:[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - 2015-04-21 - 20:23:07 ---A- . (.Pas de propriétaire - Gestionnaire de contexte pour réseau person.) -- C:\Windows\System32\BthpanContextHandler.dll [96256]
O44 - LFC:[MD5.97F55D94100BA13A9C0647A4F193700A] - 2015-04-21 - 20:29:47 ---A- . (.Windows (R) Win 7 DDK provider - DSC.) -- C:\Windows\System32\DscCoreConfProv.dll [200192]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 2015-04-21 - 22:26:02 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75]
O44 - LFC:[MD5.87935C50424535E8C749E40A2672DF18] - 2015-04-21 - 22:56:20 ----- . (...) -- C:\Windows\DtcInstall.log [324]
O44 - LFC:[MD5.17C0BEDEC6AF7C5C9667D691F3D16638] - 2015-04-23 - 18:15:49 ---A- . (...) -- C:\Windows\Sandboxie.ini [1562]
~ Files: 2299 Legitimates Filtered in 01mn 15s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2013-08-12 - 18:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:2012-11-20 - 05:48:40 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [331152]
O58 - SDL:2013-08-22 - 07:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:2014-08-15 - 23:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 50 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: Hijackthis Version Française - (.Pc-Help-Bordeaux.) [HKLM] -- Hijackthis Version Française_is1
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Search Module) - http://www-searching.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D07056D0-35C3-4E58-83D5-FF2E10E027B3} - (Trovi) - http://www.trovi.com =>Hijacker.TroviCom
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.2A33F475AC1FB16995A824F91AC33715] [SPRF][2015-04-23] (.System NotifierV10.03 - System NotifierV10.03 exe.) -- C:\Users\paulo\AppData\Roaming\QJNFZ.exe [1973760] =>PUP.SystemNotifier
[MD5.593BC6A2E29EC3DDE3571C3B8422A11C] [SPRF][2015-04-03] (...) -- C:\Users\paulo\AppData\Roaming\xGgQ5Z8X86GDE.exe [1224704]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 2015-04-14 - 23:26:09 - [] ----D C:\ProgramData\ab2427e8b489498fb2c5949226c34784
O43 - CFD: 2015-01-25 - 19:51:38 - [] ----D C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1
[MD5.A303B40E464472F51DC203F7C96E248D] [SRI] (.JellySplit - C5A3BB37E7764FD69BB3D8A75A7BB3E1.) -- C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1\C5A3BB37E7764FD69BB3D8A75A7BB3E1.exe [487424]
~ Files: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A5841F20-A133-426A-B3E2-690670215539}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{781C3B0D-3CE3-48C5-BF40-B9A8DEE9928D}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{4CF9F9FD-0C87-4C72-BEC8-481AA9FA259A}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{29B8A4F8-A0BF-4F03-A839-78BB99E776FC}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{33ED2EC1-4A7C-4C52-B78A-F094AF66161C}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{228543FE-EB4B-459D-BB5E-88749E0AFDA9}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{36EE2624-72F4-42AD-8405-972BF302C94E}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{C95AD288-82B8-45A6-B4AC-6D1D1E25BBDE}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
O87 - FAEL: "{588880E8-291D-4889-92D3-906DEC5E8717}" | Out - Private - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe =>PUP.DllFilesFixer
~ Firewall: 9 Legitimates Filtered in 00mn 03s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "683E75D5492DAB141964AFEDC067BEA2" . (.Smileys We Love Toolbar for IE.) -- C:\WINDOWS\Installer\{5D57E386-D294-41BA-9146-FADE0C76EB2A}\_853F67D554F05449430E7E.exe =>Adware.SmileyBar
O90 - PUC: "75FA496A198926D428C4E7551A63A141" . (.eBay Worldwide.) -- c:\WINDOWS\Installer\{A694AF57-9891-4D62-824C-7E55A1361A14}\_853F67D554F05449430E7E.exe =>Toolbar.eBay
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 7 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowserGood_RASAPI32 =>PUP.BrowserGood
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowserGood_RASMANCS =>PUP.BrowserGood
~ BTK: 18 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{0DDD0901-01F1-3F7E-BAAA-0A56984C0A51}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar
[HKCR\CLSID\{227a0297-ebb0-421f-b153-93d6b33b9272}] (youtubeadblocker) =>PUP.Multiplug
[HKCR\CLSID\{3D954F15-72BA-3C5E-8B2B-BF0D65A1B98B}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar
[HKCR\CLSID\{7FD45008-86E6-3366-B2F2-00120191DE57}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar
[HKCR\CLSID\{A830CF64-0BF6-3C3D-9AC2-713DCE11059B}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar
[HKCR\CLSID\{AE815BAF-3E4E-3159-9B64-3E3B641B6629}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar
[HKCR\CLSID\{BFB18DD2-51C1-34EC-BE7F-58B9D83B2B33}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar
[HKCR\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}] (SmileysWeLove) =>Adware.SmileyBar
[HKCR\CLSID\{D029C6E7-2145-323B-8340-0AEC5315042F}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar
[HKCR\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}] (SmileysWeLoveToolbar) =>Adware.SmileyBar
[HKCR\CLSID\{f25b28d4-8f79-4d0c-a90b-2100652f13f8}] (youtubeadblocker) =>PUP.Multiplug
~ BCK: 5216 Legitimates Filtered in 00mn 11s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2015-04-14 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 2015-04-25 455928 | (AppMgr3.01.5851619) . (...) - C:\ProgramData\AppMgr3.01.5851619\AppMgr.exe
SS - | Disabled 2015-04-17 178688 | (belypuxo) . (...) - C:\Users\paulo\AppData\Roaming\0D85D3DC-1427734435-E211-9E12-2089845C5253\nsj61FE.tmp
SS - | Disabled 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 2012-08-20 176640 | (BrcmCardReader) . (.Broadcom Corp..) - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
SS - | Disabled 2015-03-30 195584 | (byhyxogi) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1427720233-E211-9E12-2089845C5253\cnseE7EC.tmp
SS - | Disabled 2012-10-26 2449552 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
SS - | Auto 1658-07-22 0 | (CCL) . (...) - C:\Program Files (x86)\IGS\CCL.exe
SS - | Demand 2014-01-29 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Disabled 2015-03-30 156160 | (cyryjunu) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1427720905-E211-9E12-2089845C5253\insu454D.tmp
SS - | Disabled 2012-11-16 469648 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
SS - | Disabled 2012-12-10 350544 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SS - | Disabled 2012-07-11 174160 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Disabled 2012-10-23 658064 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SS - | Disabled 2013-02-05 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 2015-03-30 183808 | (gipojoco) . (...) - C:\Users\paulo\AppData\Roaming\0D85D3DC-1427734435-E211-9E12-2089845C5253\jnsa3D0B.tmp
SS - | Disabled 2015-04-23 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Disabled 2015-04-23 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Disabled 2015-04-12 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 2015-04-12 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 2015-04-06 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 2015-04-15 127488 | (nofexexy) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1429088861-E211-9E12-2089845C5253\insc46DD.tmp
SS - | Disabled 2012-11-02 259136 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SS - | Disabled 2015-01-25 2734400 | (nTvKfwvKNP) . (.Rational Thought Solutions.) - C:\ProgramData\rSsGyvCuU\nTvKfwvKNP.exe =>Adware.StormAlert
SS - | Auto 1658-07-22 0 | (qodukyqu) . (...) - C:\Users\paulo\AppData\Roaming\VOPackage\nsz62B6.tmpfs =>Adware.Downware
SS - | Auto 1658-07-22 0 | (qrsvc_1.10.0.9) . (...) - C:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exe =>PUP.QuickRef
SS - | Disabled 2013-02-05 96880 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SS - | Disabled 2014-12-23 2719080 | (SMUpdPlus) . (.Search Module Plus Ltd..) - C:\Program Files\Common Files\GBUpdatePlus\smu.exe
SS - | Auto 2015-04-24 398584 | (Util Browser Good) . (...) - C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe =>PUP.BrowserGood
SS - | Disabled 2015-04-12 107008 | (winisyli) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1428870958-E211-9E12-2089845C5253\insl2844.tmp
SS - | Disabled 2015-03-30 246272 | (xulefedi) . (...) - C:\Users\paulo\AppData\Local\0D85D3DC-1427720252-E211-9E12-2089845C5253\snsg2D30.tmp
SR - | Disabled 2015-01-08 22376 | (BrsHelper) . (...) - C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader
SR - | Auto 2014-04-25 1738200 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 2014-04-25 2081752 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 2014-04-25 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 2015-04-22 2720176 | (SMUpd) . (.Search Module Ltd..) - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe =>PUP.Goobzo
SR - | Demand 1658-07-22 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 1658-07-22 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 2014-10-28 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-04-25)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 99
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}] =>PUP.BrowserGood^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\SYSTEM\CurrentControlSet\Services\qodukyqu] =>Adware.Downware^
[HKLM\SYSTEM\CurrentControlSet\Services\qrsvc_1.10.0.9] =>PUP.QuickRef^
[HKLM\SYSTEM\CurrentControlSet\Services\SMUpd] =>PUP.Goobzo^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Browser Good] =>PUP.BrowserGood^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Browser Good] =>PUP.BrowserGood^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus] =>PUP.Goobzo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search module] =>PUP.Goobzo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5D57E386-D294-41BA-9146-FADE0C76EB2A}] =>Adware.SmileyBar^
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{CF0F43AB-9C23-4D7B-8040-201B82844854} =>Adware.SmileyBar^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:3D BubbleSound =>PUP.BubbleSound^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SwvUpdtr =>PUP.Nosibay^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Import FF:0 =>PUP.Dealio^
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\extensions\TTSD90021300@PYDKGV101145942.com =>PUP.CrossRider^
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\yuftifbi.default\extensions\{6ddefd54-f051-ae7f-f6af-093329c8a678} =>PUP.ZoomIt^
C:\Program Files (x86)\Browser Good =>PUP.BrowserGood^
C:\Program Files (x86)\Cinema Plus Pro 3.2cV30.03 =>PUP.CrossRider^
C:\Program Files (x86)\CinemaPlus-3.2cV05.04 =>PUP.CrossRider^
C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowse^
C:\Program Files (x86)\Ge-Force =>PUP.CrossRider^
C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro^
C:\Program Files (x86)\Smileys We Love Toolbar for IE =>Adware.SmileyBar^
C:\Program Files (x86)\System NotifierV10.03 =>PUP.SystemNotifier^
C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE =>Adware.SmileyBar^
C:\Users\paulo\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\paulo\AppData\Roaming\smileyswelove =>Adware.SmileyBar^
C:\Users\paulo\AppData\Local\BrowserHelper =>PUP.BrowserHelper^
C:\Users\paulo\AppData\Local\Crossbrowse =>PUP.CrossBrowse^
C:\Users\paulo\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Users\paulo\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\paulo\Downloads\PC Performer =>Rogue.PCPerformer
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\System NotifierV10.03\a250569a-98c2-4048-95cc-84eb2edcd0f9-10.exe =>PUP.SystemNotifier^
C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe =>PUP.CrossRider^
C:\Program Files (x86)\new game\new_game_notification_service.exe =>PUP.CrossRider^
C:\Program Files (x86)\YTDownloader\BrowserHelper.exe =>PUP.YTDownloader^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-1-7.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-10.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-4.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-5.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\646aa85d-05a6-494d-8cae-d006da7dc00c-7.exe =>PUP.CrossRider^
C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe =>PUP.CrossRider^
C:\Program Files (x86)\new game\new_game_updating_service.exe =>PUP.CrossRider^
C:\Users\paulo\AppData\Roaming\QJNFZ.exe =>PUP.SystemNotifier^
C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe =>PUP.Goobzo^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-4 =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5 =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-5_user =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-6 =>PUP.CrossRider^
C:\Windows\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\646aa85d-05a6-494d-8cae-d006da7dc00c-7 =>PUP.CrossRider^
C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user.job =>PUP.SystemNotifier^
C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user =>PUP.SystemNotifier^
C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5 =>PUP.CrossRider^
C:\Windows\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user =>PUP.CrossRider^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\Crossbrowse.job =>PUP.CrossBrowse^
C:\Windows\System32\Tasks\Crossbrowse =>PUP.CrossBrowse^
C:\Windows\Tasks\DLL-Files FixerASKUSER.job =>PUP.DllFilesFixer^
C:\Windows\System32\Tasks\DLL-Files FixerASKUSER =>PUP.DllFilesFixer^
C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY =>PUP.DllFilesFixer^
C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates =>PUP.DllFilesFixer^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
C:\Windows\Tasks\mr_fun_notification_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\mr_fun_notification_service =>PUP.CrossRider^
C:\Windows\Tasks\mr_fun_updating_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\mr_fun_updating_service =>PUP.CrossRider^
C:\Windows\Tasks\new_game_notification_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\new_game_notification_service =>PUP.CrossRider^
C:\Windows\Tasks\new_game_updating_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\new_game_updating_service =>PUP.CrossRider^
C:\Windows\Tasks\QJNFZ.job =>PUP.SystemNotifier^
C:\Windows\System32\Tasks\QJNFZ =>PUP.SystemNotifier^
[HKCU\Software\Browser Good] =>PUP.BrowserGood^
[HKCU\Software\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Cinema Plus Pro 3.2cV30.03] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV05.04] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider^
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser^
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Ge-Force-nv] =>PUP.CrossRider^
[HKCU\Software\Ge-Force] =>PUP.CrossRider^
[HKCU\Software\GigaClicks] =>PUP.GigaClicks^
[HKCU\Software\MediapVers2.3-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^
[HKCU\Software\System NotifierV10.03] =>PUP.SystemNotifier^
[HKCU\Software\SystemNotifierV10.03] =>PUP.SystemNotifier^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\AdGazelle] =>PUP.AdGazelle^
[HKLM\Software\Wow6432Node\Browser Good] =>PUP.BrowserGood^
[HKLM\Software\Wow6432Node\Cinema Plus Pro 3.2cV30.03-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV05.04-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV14.04-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Ge-Force-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\GigaClicks] =>PUP.GigaClicks^
[HKLM\Software\Wow6432Node\MediapVers2.3-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\a0c77a9d-2066-4224-9794-673d6588a001] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\e03c07b6-ce34-4366-abf2-5484768b8d6d] =>PUP.CrossRider^
[HKCR\CLSID\{0DDD0901-01F1-3F7E-BAAA-0A56984C0A51}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar^
[HKCR\CLSID\{227a0297-ebb0-421f-b153-93d6b33b9272}] (youtubeadblocker) =>PUP.Multiplug^
[HKCR\CLSID\{3D954F15-72BA-3C5E-8B2B-BF0D65A1B98B}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar^
[HKCR\CLSID\{7FD45008-86E6-3366-B2F2-00120191DE57}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar^
[HKCR\CLSID\{A830CF64-0BF6-3C3D-9AC2-713DCE11059B}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar^
[HKCR\CLSID\{AE815BAF-3E4E-3159-9B64-3E3B641B6629}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar^
[HKCR\CLSID\{BFB18DD2-51C1-34EC-BE7F-58B9D83B2B33}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar^
[HKCR\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}] (SmileysWeLove) =>Adware.SmileyBar^
[HKCR\CLSID\{D029C6E7-2145-323B-8340-0AEC5315042F}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar^
[HKCR\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}] (SmileysWeLoveToolbar) =>Adware.SmileyBar^
[HKCR\CLSID\{f25b28d4-8f79-4d0c-a90b-2100652f13f8}] (youtubeadblocker) =>PUP.Multiplug^
~ Additionnel Scan: 211818 Items scanned in 00mn 38s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://www.nicolascoolman.fr/blog/ =>PUP.SystemNotifier
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.ZoomIt
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserGood
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://www.nicolascoolman.fr/blog/ =>PUP.DllFilesFixer
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://www.nicolascoolman.fr/blog/ =>PUP.BubbleSound
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowse
http://nicolascoolman.fr/pup-dealio =>PUP.Dealio
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.QuickRef
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/pup-gigaclicks =>PUP.GigaClicks
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>PUP.AdGazelle
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserHelper
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://www.nicolascoolman.fr/blog/ =>Adware.StormAlert
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia
http://www.nicolascoolman.fr/blog/ =>Rogue.PCPerformer
~ MSI: 35 link(s) detected in 00mn 00s
~ 3191 Legitimates filtered by white list
End of the scan (939 lines in 03mn 45s)(0.10)