~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Launched by bouhassoun (11/06/2015 13:44:19)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17801
MFIE: Mozilla Firefox 38.0.5 (Defaut)
GCIE: Google Chrome v43.0.2357.124

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
~ Windows Partial Key : H49VQ
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1 Single Language, 64-bit (Build 9600)

---\\ System protection software
Windows Defender W8 (Deactivate)

---\\ System optimization software
CCleaner v4.14

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 17 NPAPI
Adobe Reader XI
Java 7 Update 9 (64-bit)

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4043 MB (26% free)
System Restore: Activé (Enable)
System drive C: has 147 GB (63%) free of 233 GB

---\\ Connection to the system mode
~ Computer Name: BMW
~ User Name: bouhassoun
~ All Users Names: HomeGroupUser$, bouhassoun, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\bouhassoun\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\bouhassoun\AppData\Roaming\
~ %Desktop% : C:\Users\bouhassoun\Desktop\
~ %Favorites% : C:\Users\bouhassoun\Favorites\
~ %LocalAppData% : C:\Users\bouhassoun\AppData\Local\
~ %StartMenu% : C:\Users\bouhassoun\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 147 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 192 Go of 209 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.24/09/2014 - 07:46:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.24/09/2014 - 09:00:42.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.24/09/2014 - 08:13:04.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/09/2014 - 07:54:58.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.07/10/2014 - 04:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.24/09/2014 - 07:46:18.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.24/09/2014 - 07:17:10.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.24/09/2014 - 07:54:58.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/6
~ Mes musiques (My Musics) : 1/57
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/746
~ Mon Bureau (My Desktop) : 1/1395
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 11s



---\\ Process running
[MD5.E39E90C34BF2E0F73010B6B0081AA365] - (.No owner - EGMonito Application.) -- C:\Program Files (x86)\EagleGet\EGMonitor.exe [233472] [PID.1960]
[MD5.17F601C301CFCF559F496BF268533FC1] - (...) -- C:\Program Files (x86)\Crazy Shopperama\crazy_shopperama_helper_service.exe [191692] [PID.15580]
[MD5.47BE447FF1AA0E0E7B9C2085CB740F90] - (.EagleGet.com - EagleGet Free Downloader.) -- C:\Program Files (x86)\EagleGet\EagleGet.exe [1849344] [PID.13176]
[MD5.75BDD11C3EA1CF584C8B9A5BF7C7190C] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960] [PID.14556]
[MD5.083FFA5897FE78062C93A3AF0CC82C07] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [28912768] [PID.14900]
[MD5.8F45A1926BE83BBCFD212A18AA1CF304] - (...) -- C:\Users\bouhassoun\AppData\Local\Temp\Trojan.exe [44544] [PID.3800]
[MD5.B13BC5BEED960EC416D20EC5BB899FCA] - (...) -- C:\Users\bouhassoun\server.exe [24064] [PID.2004]
[MD5.D536CCCE2A7992688DB76941506EA970] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\SysWOW64\wscript.exe [148992] [PID.10208]
[MD5.717CECF8A6F55295A2A8B9ED4C64D800] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576] [PID.15940]
[MD5.BAC15D03EFC8249216D1D610F3B1E67F] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528] [PID.10324]
[MD5.A449942E08F047C712EB4F64B4268F97] - (.Open Source - SG Miner Pro.) -- C:\Users\bouhassoun\AppData\Roaming\cpuminer\sgminer\sgminer.exe [2740224] [PID.2140]
[MD5.672E1B3140D78F01E5563C32A72E3ED3] - (.No owner - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [62464] [PID.1592]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.1252]
[MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.4852]
[MD5.9B660F85D4B9FE235DBD45A39CC76F8A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [270960] [PID.8884]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.No owner - spark.) -- C:\Program Files (x86)\baidu\Baidu Browser\spark.exe [981304] [PID.13364]
[MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.2956]
[MD5.411837D66846190BDEA7077046EA9038] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe [1894064] [PID.15628]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.3380]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\bouhassoun\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\bouhassoun\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj7pvc.dev-edition-default\prefs.js
C:\Users\bouhassoun\AppData\Roaming\Mozilla\Firefox\Profiles\qk9ci39f.default\prefs.js
C:\Users\bouhassoun\AppData\Roaming\Mozilla\Firefox\Profiles\qk9ci39f.default\user.js
M0 - MFSP: prefs.js [bouhassoun - qk9ci39f.default] google.com
M2 - MFEP: prefs.js [bouhassoun - 0jwj7pvc.dev-edition-default\{2f17f610-5e97-4fed-828f-9940b7b577a4}] [] 2f17f6105e974fed828f9940b7b577a4 v1004.0.43 (..)
M2 - MFEP: Extension [bouhassoun - 0jwj7pvc.dev-edition-default] Cy4LdSccs@gmail.com
M2 - MFEP: Extension [bouhassoun - 0jwj7pvc.dev-edition-default] {2f17f610-5e97-4fed-828f-9940b7b577a4}
M2 - MFEP: Extension [bouhassoun - 0jwj7pvc.dev-edition-default] eagleget_ffext@eagleget.com.xpi
M2 - MFEP: Extension [bouhassoun - qk9ci39f.default] Cy4LdSccs@gmail.com
M2 - MFEP: Extension [bouhassoun - qk9ci39f.default] {2f17f610-5e97-4fed-828f-9940b7b577a4}
M2 - MFEP: Extension [bouhassoun - qk9ci39f.default] eagleget_ffext@eagleget.com.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml =>Hijacker.OmigaPlus
P2 - FPN: [HKCU] [eagleget.com/EagleGet32] - (.EagleGet - EagleGet Free Downloader Plugin.) -- C:\Program Files (x86)\EagleGet\npEagleget.dll
P2 - FPN: [HKCU] [eagleget.com/EagleGet64_x86_64] - (.EagleGet - EagleGet Free Downloader Plugin.) -- C:\Program Files (x86)\EagleGet\npEagleget64.dll
~ Firefox Browser: 40 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects (O2)
O2 - BHO: bteagleget.com [64Bits] - {1E871FF8-029C-4732-8AA7-39E3D3872057} . (.EagleGet.com - IEGrab.) -- C:\Program Files (x86)\EagleGet\eagleSniffer.dll
O2 - BHO: LuckyTab Class [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\MiuiTab\SupTab.dll =>PUP.LuckyTab
O2 - BHO: bteagleget.com [64Bits] - {824F251E-D74A-4d56-B998-CA05CF369A13} . (.EagleGet.com - IEGrab.) -- C:\Program Files (x86)\EagleGet\eagleSniffer.dll
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Orphan key =>PUP.ShopperPro
~ BHO: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{46462D59-0076-A76A-76A7-7A786E7484D7} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Facebook.lnk . (...) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
O4 - GS\Desktop [Public]: Google.lnk . (...) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
~ Global Startup: 2 Legitimates Filtered in 00mn 04s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [gpuminer] . (...) -- C:\Users\bouhassoun\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
O4 - HKLM\..\Run: [cpuminer] . (...) -- C:\WINDOWS\system32\cpuminer-gw64.exe
O4 - HKCU\..\Run: [EagleGet] . (.EagleGet.com - EagleGet Free Downloader.) -- C:\Program Files (x86)\EagleGet\Eagleget.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\bouhassoun\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ Maintance] C:\Program Files\net1.exe (.not file.)
O4 - HKCU\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKCU\..\Run: [Viber] C:\Users\bouhassoun\AppData\Local\Viber\Viber.exe (.not file.)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [FLV Player] C:\Users\bouhassoun\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [جدول الاختبارات] \B C:\Users\BOUHAS~1\AppData\Local\Temp\جدول الاختبارات.vbs (.not file.)
O4 - HKCU\..\Run: [MICROS~1] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\MICROS~1.JS
O4 - HKCU\..\Run: [5cd8f17f4086744065eb0992a09e05a2] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\Trojan.exe
O4 - HKCU\..\Run: [075efffa837e9946500999f29d9d5572] . (.No owner - WindowsFormsApplication6.) -- C:\Users\bouhassoun\AppData\Roaming\svchost.exe
O4 - HKCU\..\Run: [a09ee769a860062458db521e8a43567e] . (...) -- C:\Users\bouhassoun\server.exe
O4 - HKCU\..\Run: [3ef2d7ea521f18555476e90b431e142b] . (.No owner - WindowsFormsApplication6.) -- C:\ProgramData\youtube.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKUS\.DEFAULT\..\Run: [MaxigetMasterUpdate] . (...) -- C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe =>PUP.Maxiget
O4 - HKUS\S-1-5-18\..\Run: [MaxigetMasterUpdate] . (...) -- C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe =>PUP.Maxiget
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [EagleGet] . (.EagleGet.com - EagleGet Free Downloader.) -- C:\Program Files (x86)\EagleGet\Eagleget.exe
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\bouhassoun\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [ Maintance] C:\Program Files\net1.exe (.not file.)
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [Viber] C:\Users\bouhassoun\AppData\Local\Viber\Viber.exe (.not file.)
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [FLV Player] C:\Users\bouhassoun\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (.not file.)
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [جدول الاختبارات] \B C:\Users\BOUHAS~1\AppData\Local\Temp\جدول الاختبارات.vbs (.not file.)
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [MICROS~1] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\MICROS~1.JS
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [5cd8f17f4086744065eb0992a09e05a2] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\Trojan.exe
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [075efffa837e9946500999f29d9d5572] . (.No owner - WindowsFormsApplication6.) -- C:\Users\bouhassoun\AppData\Roaming\svchost.exe
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [a09ee769a860062458db521e8a43567e] . (...) -- C:\Users\bouhassoun\server.exe
O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [3ef2d7ea521f18555476e90b431e142b] . (.No owner - WindowsFormsApplication6.) -- C:\ProgramData\youtube.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Orphan key
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBEAA2-81FA-4824-87C1-060438A27D3E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{78F87BA8-3767-4E72-ADB7-7297DB6AA7BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{61BBEAA2-81FA-4824-87C1-060438A27D3E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{78F87BA8-3767-4E72-ADB7-7297DB6AA7BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SUPPOR~1\SUPPOR~2.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: egGetSvc (egGetSvc) . (.No owner - EGMonito Application.) - C:\Program Files (x86)\EagleGet\EGMonitor.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Service Maxiget Update (mglupdate) (mglupdate) . (.Maxiget Ltd. - Maxiget Updater.) - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
O23 - Service: Unsigned Themes (UnsignedThemes) . (.The Within Network, LLC - Unsigned themes service executable.) - C:\Windows\unsignedthemes.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED - Windows DTools.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 25 Legitimates Filtered in 00mn 06s



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1] (...) -- C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1] (...) -- C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-1] (...) -- C:\Program Files (x86)\Sense\Sense-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-11] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-2] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-4] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-5] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-5_user] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-6] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-6.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-7] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [983a9674-e05d-44a5-9c47-65fd4eab29ab] (...) -- C:\Program Files (x86)\App Lid\983a9674-e05d-44a5-9c47-65fd4eab29ab.exe (.not file.) [0] =>PUP.CrossRider
[MD5.877759FE37E2EED150C792006B342BC3] [APT] [BYAIAMUF] (.Cinema PlusV16.03.) -- C:\Users\bouhassoun\AppData\Roaming\BYAIAMUF.exe [2035200] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1] (...) -- C:\Program Files (x86)\App Lid\App Lid-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [ca69503f-b980-4e07-a10e-7bd220db5214] (...) -- C:\Program Files (x86)\App Lid\ca69503f-b980-4e07-a10e-7bd220db5214.exe (.not file.) [0] =>PUP.CrossRider
[MD5.17F601C301CFCF559F496BF268533FC1] [APT] [crazy_shopperama_helper_service] (...) -- C:\Program Files (x86)\Crazy Shopperama\crazy_shopperama_helper_service.exe [191692]
[MD5.1C7FF4BFACDDD04E3504DCB1BA5987ED] [APT] [GNOK] (.Cinema PlusV16.03.) -- C:\Users\bouhassoun\AppData\Roaming\GNOK.exe [1380352] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [IYZWF] (...) -- C:\Users\bouhassoun\AppData\Roaming\IYZWF.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [LaunchApp] (...) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.8A82C81D9EE986710F9D0BDD14A4EC4F] [APT] [MaxigetUpdaterTaskMachineCore] (.Maxiget Ltd..) -- C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [132632] =>PUP.Maxiget
[MD5.8A82C81D9EE986710F9D0BDD14A4EC4F] [APT] [MaxigetUpdaterTaskMachineUA] (.Maxiget Ltd..) -- C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [132632] =>PUP.Maxiget
[MD5.00000000000000000000000000000000] [APT] [ReviverSoft Start Menu Run once task] (...) -- C:\SkinPack\StartMenu\StartMenuReviver.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\Users\bouhassoun\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>PUP.Mysoftpack
[MD5.8F3E3033D1073E20B27B8737CE04A193] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files (x86)\baidu\Baidu Browser\SparkUpdate.exe [1370424]
[MD5.00000000000000000000000000000000] [APT] [YIDYL] (...) -- C:\Users\bouhassoun\AppData\Roaming\YIDYL.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{01295413-EA6A-4E0B-A801-B19177160628}] (...) -- C:\Users\bouhassoun\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus
[MD5.00000000000000000000000000000000] [APT] [{41B17AA5-6950-45BA-9A38-6388E509A684}] (...) -- C:\Users\bouhassoun\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.) [0] =>Hijacker.OurSurfing
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1.job [3448] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 [3448] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user.job [2112]
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user [2112]
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2.job [2110] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 [2110] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4.job [4158] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 [4158] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.job [2446] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 [2446] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user.job [2446] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user [2446] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6.job [5518] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 [5518] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7.job [5182] =>PUP.CrossRider
O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 [5182] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1.job [3776] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 [3776] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11.job [5512] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 [5512] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2.job [2438] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 [2438] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4.job [4486] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 [4486] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.job [2782] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 [2782] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user.job [2782] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user [2782] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6.job [6198] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 [6198] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7.job [5854] =>PUP.CrossRider
O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 [5854] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-1 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1.job [3764] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-1 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1 [3764] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-11 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11.job [5506] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-11 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11 [5506] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-2 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2.job [2432] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-2 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2 [2432] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-4 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4.job [4824] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-4 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4 [4824] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5.job [2776] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5 [2776] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5_user - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user.job [2776] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5_user - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user [2776] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-6 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6.job [6192] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-6 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6 [6192] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-7 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7.job [5848] =>PUP.CrossRider
O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-7 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7 [5848] =>PUP.CrossRider
O39 - APT: 983a9674-e05d-44a5-9c47-65fd4eab29ab - (...) -- C:\Windows\Tasks\983a9674-e05d-44a5-9c47-65fd4eab29ab.job [610]
O39 - APT: 983a9674-e05d-44a5-9c47-65fd4eab29ab - (...) -- C:\Windows\System32\Tasks\983a9674-e05d-44a5-9c47-65fd4eab29ab [610]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: BYAIAMUF - (.Cinema PlusV16.03.) -- C:\Windows\Tasks\BYAIAMUF.job [1714] =>PUP.CrossRider
O39 - APT: BYAIAMUF - (.Cinema PlusV16.03.) -- C:\Windows\System32\Tasks\BYAIAMUF [1714] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1.job [3092] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 [3092] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11.job [4830] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 [4830] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.job [2100] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 [2100] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4.job [4828] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 [4828] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.job [2436] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 [2436] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user.job [2436] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user [2436] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6.job [5508] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 [5508] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7.job [5172] =>PUP.CrossRider
O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 [5172] =>PUP.CrossRider
O39 - APT: ca69503f-b980-4e07-a10e-7bd220db5214 - (...) -- C:\Windows\Tasks\ca69503f-b980-4e07-a10e-7bd220db5214.job [1446]
O39 - APT: ca69503f-b980-4e07-a10e-7bd220db5214 - (...) -- C:\Windows\System32\Tasks\ca69503f-b980-4e07-a10e-7bd220db5214 [1446]
O39 - APT: crazy_shopperama_helper_service - (...) -- C:\Windows\Tasks\crazy_shopperama_helper_service.job [556]
O39 - APT: crazy_shopperama_helper_service - (...) -- C:\Windows\System32\Tasks\crazy_shopperama_helper_service [556]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2173134999-1121657616-2993340248-1001Core [934]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2173134999-1121657616-2993340248-1001UA [956]
O39 - APT: GNOK - (.Cinema PlusV16.03.) -- C:\Windows\Tasks\GNOK.job [1362] =>PUP.CrossRider
O39 - APT: GNOK - (.Cinema PlusV16.03.) -- C:\Windows\System32\Tasks\GNOK [1362] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: IYZWF - (...) -- C:\Windows\Tasks\IYZWF.job [1364]
O39 - APT: IYZWF - (...) -- C:\Windows\System32\Tasks\IYZWF [1364]
O39 - APT: MaxigetUpdaterTaskMachineCore - (.Maxiget Ltd..) -- C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job [1094] =>PUP.Maxiget
O39 - APT: MaxigetUpdaterTaskMachineCore - (.Maxiget Ltd..) -- C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineCore [1094] =>PUP.Maxiget
O39 - APT: MaxigetUpdaterTaskMachineUA - (.Maxiget Ltd..) -- C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job [1098] =>PUP.Maxiget
O39 - APT: MaxigetUpdaterTaskMachineUA - (.Maxiget Ltd..) -- C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineUA [1098] =>PUP.Maxiget
O39 - APT: YIDYL - (...) -- C:\Windows\Tasks\YIDYL.job [1364]
O39 - APT: YIDYL - (...) -- C:\Windows\System32\Tasks\YIDYL [1364]
~ Scheduled Task: 154 Legitimates Filtered in 00mn 20s



---\\ Software installed (O42)
O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM][64Bits] -- Spark
O42 - Logiciel: PriceLess - (...) [HKLM][64Bits] -- {75F9BF4A-AF67-A478-A37B-31D73186D3F3} =>PUP.PriceLess
O42 - Logiciel: Reload Icons Cache 1.00 - (.Mr Blade Design's.) [HKLM][64Bits] -- Reload Icons Cache 1.00
O42 - Logiciel: UxStyle - (.The Within Network, LLC.) [HKLM][64Bits] -- {05560347-3a9b-4644-a8ed-8b64cc947189}
O42 - Logiciel: UxStyle - (.The Within Network, LLC.) [HKLM][64Bits] -- {86D24646-DAF6-4F5E-BCAD-CF7EF8E362E1}
~ Logic: 37 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\075efffa837e9946500999f29d9d5572] =>PUP.CrossRider
[HKCU\Software\3ef2d7ea521f18555476e90b431e142b] =>PUP.CrossRider
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2] =>PUP.CrossRider
[HKCU\Software\APN PIP]
[HKCU\Software\Acesoft]
[HKCU\Software\App Lid-nv] =>PUP.CrossRider
[HKCU\Software\BYAIAMUF]
[HKCU\Software\Baidu]
[HKCU\Software\CinemaP-1.9cV16.03-nv-ie] =>PUP.CrossRider
[HKCU\Software\GNOK]
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Kromtech]
[HKCU\Software\Maxiget] =>PUP.Maxiget
[HKCU\Software\OB]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\SavePass 1.1-nv] =>PUP.CrossRider
[HKCU\Software\Sense-nv-ie] =>PUP.CrossRider
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\a09ee769a860062458db521e8a43567e] =>PUP.CrossRider
[HKCU\Software\iCarePro]
[HKLM\Software\App Lid-nv] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Maxiget] =>PUP.Maxiget
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\000f1de5-5820-4770-912e-c85b0a193a4f] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\240300df-8f25-4687-92b1-0e7cf7dc5366] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\2cc2d9f3-2fc7-4bb9-bbaf-b36aafda4a67] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\Acesoft]
[HKLM\Software\Wow6432Node\App Lid-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\EASETECH]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\Maxiget] =>PUP.Maxiget
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\SoftLab-Nsk]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\c7cd91c1-e3de-43fb-b693-7ecfc5a24e0b] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\ed842e7b-9d9c-45e8-bc34-25bdbd449f49] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\privacyroot.com]
~ Key Software: 395 Legitimates Filtered in 00mn 02s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 29/01/2015 - 03:06:09 - [0] ----D C:\Program Files (x86)\0fc80cac-dd5e-4bad-b2d8-ffd3621e1fcd
O43 - CFD: 10/06/2015 - 12:49:47 - [0] ----D C:\Program Files (x86)\548d09da-a900-4dea-8d50-a922339051bb
O43 - CFD: 29/01/2015 - 03:13:36 - [0] ----D C:\Program Files (x86)\6219bd7d-e055-4b09-ac72-68e113765ec1
O43 - CFD: 05/05/2015 - 13:30:30 - [] ----D C:\Program Files (x86)\baidu
O43 - CFD: 12/07/2014 - 10:15:40 - [] ----D C:\Program Files (x86)\Browser Tab Search by Ask =>PUP.BrowserTabSearch
O43 - CFD: 06/06/2015 - 22:48:19 - [] ----D C:\Program Files (x86)\Crazy Shopperama
O43 - CFD: 28/05/2015 - 13:23:55 - [] ----D C:\Program Files (x86)\Driver Downloader
O43 - CFD: 23/04/2015 - 23:44:39 - [0] ----D C:\Program Files (x86)\e563ef30-9b41-45a8-8744-61b616e0daff
O43 - CFD: 07/12/2014 - 22:59:07 - [] ----D C:\Program Files (x86)\Maxiget =>PUP.Maxiget
O43 - CFD: 06/06/2015 - 22:42:32 - [] ----D C:\Program Files (x86)\MiuiTab
O43 - CFD: 02/02/2015 - 21:07:32 - [] ----D C:\Program Files (x86)\PriceLess =>PUP.PriceLess
O43 - CFD: 08/07/2014 - 09:49:03 - [0] ----D C:\Program Files (x86)\SiteLookup =>PUP.SiteLookup
O43 - CFD: 08/06/2015 - 01:01:35 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader
O43 - CFD: 07/12/2014 - 23:04:28 - [] ----D C:\ProgramData\8b72e4bdc19f4e49
O43 - CFD: 08/07/2014 - 14:54:29 - [] ----D C:\ProgramData\APN
O43 - CFD: 05/05/2015 - 13:30:03 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 26/01/2015 - 17:08:24 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 03/06/2015 - 22:11:24 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 23/12/2014 - 21:57:09 - [] ----D C:\ProgramData\mwaf
O43 - CFD: 10/12/2014 - 17:56:23 - [] ----D C:\ProgramData\PriceLess =>PUP.PriceLess
O43 - CFD: 08/06/2015 - 01:06:59 - [] ----D C:\ProgramData\ShopperPro =>PUP.ShopperPro
O43 - CFD: 28/11/2014 - 23:01:36 - [] ----D C:\ProgramData\StartMenuReviver.exe
O43 - CFD: 06/06/2015 - 22:42:35 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 26/05/2015 - 03:07:54 - [0] ----D C:\ProgramData\{A0EA423B-829D-4A7C-ACB8-778E4EDFCD79}
O43 - CFD: 22/08/2014 - 19:51:57 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 28/05/2015 - 13:24:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser
O43 - CFD: 24/09/2014 - 11:21:37 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
O43 - CFD: 24/09/2014 - 08:17:17 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 05/05/2015 - 13:31:45 - [] ----D C:\Users\bouhassoun\AppData\Roaming\Baidu
O43 - CFD: 06/06/2015 - 22:42:56 - [] ----D C:\Users\bouhassoun\AppData\Roaming\cpuminer
O43 - CFD: 15/08/2014 - 14:27:14 - [] ----D C:\Users\bouhassoun\AppData\Roaming\DownloadNinja
O43 - CFD: 28/05/2015 - 13:22:51 - [] ----D C:\Users\bouhassoun\AppData\Roaming\Driver Downloader
O43 - CFD: 24/12/2014 - 03:52:36 - [] ----D C:\Users\bouhassoun\AppData\Roaming\SpotOnTheMouse
O43 - CFD: 08/12/2014 - 21:44:11 - [0] ----D C:\Users\bouhassoun\AppData\Roaming\WebTest
O43 - CFD: 07/06/2015 - 15:05:15 - [] ----D C:\Users\bouhassoun\AppData\Local\BrowserHelper =>PUP.BrowserHelper
O43 - CFD: 19/12/2014 - 12:32:01 - [] -SH-D C:\Users\bouhassoun\AppData\Local\EmieBrowserModeList
O43 - CFD: 02/06/2015 - 17:37:38 - [] ----D C:\Users\bouhassoun\AppData\Local\GWX
O43 - CFD: 28/11/2014 - 23:09:19 - [] ----D C:\Users\bouhassoun\AppData\Local\immersive-explorer.com
O43 - CFD: 07/06/2015 - 15:00:49 - [] ----D C:\Users\bouhassoun\AppData\Local\Installer
O43 - CFD: 07/12/2014 - 22:59:06 - [] ----D C:\Users\bouhassoun\AppData\Local\Maxiget =>PUP.Maxiget
O43 - CFD: 05/05/2015 - 13:25:24 - [] ----D C:\Users\bouhassoun\AppData\Local\MiniService
O43 - CFD: 21/01/2015 - 01:54:45 - [0] ----D C:\Users\bouhassoun\AppData\Local\PackageStaging
~ Program Folder: 268 Legitimates Filtered in 00mn 03s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.4AFA237D34C441046EF886BEFD824B90] - 05/06/2015 - 14:16:32 ---A- . (...) -- C:\Windows\System32\cpuminer-conf.json [226]
O44 - LFC:[MD5.6B7E4A83636374FA4C29B0A16E61B482] - 05/06/2015 - 14:19:52 ---A- . (...) -- C:\Windows\System32\cpuminer-gw64.exe [1386272]
O44 - LFC:[MD5.624273303CBFFFBD03266E7C62A27E2C] - 08/06/2015 - 00:07:45 ---A- . (...) -- C:\Windows\SynInst.log [663]
~ Files: 43 Legitimates Filtered in 00mn 12s



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{67cf41a4-e37e-11e4-bec2-a41731deecae}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:08/04/2015 - 09:05:02 ---A- . (.eagleGet - eagleGet Network Filter.) -- C:\Windows\System32\Drivers\eagleGet.sys [77112]
O58 - SDL:27/03/2015 - 01:10:52 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [192984]
O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:26/02/2015 - 23:38:28 ---A- . (...) -- C:\Windows\System32\Drivers\semav6thermal64ro.sys [13792]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:23/09/2013 - 04:19:04 ---A- . (.The Within Network, LLC - UxStyle Kernel Driver.) -- C:\Windows\System32\Drivers\uxstyle.sys [31440]
O58 - SDL:15/04/2012 - 22:32:14 ---A- . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\Drivers\wcmvcam64.sys [1071032]
~ Drivers: 61 Legitimates Filtered in 00mn 08s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com =>Hijacker.OurSurfing
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [bouhassoun - qk9ci39f.default] user_pref("extensions.crossrider.bic", "14a2695d0509e081a7873bdfdf96026d"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (oursurfing) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} - (Ask.com) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {ADA5BCD4-5822-4FC2-AAD5-CC2B5A86051D} - (Search App powered by Search Better Search) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {F0D9E8A2-50B1-4806-9B1A-37CB318A9D59} - (Bing) - http://www.oursurfing.com =>Hijacker.OurSurfing
~ Keys: Scanned in 00mn 02s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A5A4AEF90693DA616022B795F3D96509] [SPRF][09/06/2015] (.No owner - WindowsFormsApplication6.) -- C:\ProgramData\youtube.exe [68096]
[MD5.877759FE37E2EED150C792006B342BC3] [SPRF][06/06/2015] (.Cinema PlusV16.03 - CinemaP-1.9cV16.03 exe.) -- C:\Users\bouhassoun\AppData\Roaming\BYAIAMUF.exe [2035200] =>PUP.CrossRider
[MD5.1C7FF4BFACDDD04E3504DCB1BA5987ED] [SPRF][06/06/2015] (.Cinema PlusV16.03 - CinemaP-1.9cV16.03 exe.) -- C:\Users\bouhassoun\AppData\Roaming\GNOK.exe [1380352] =>PUP.CrossRider
[MD5.C06E791FFC703EC64224A7CE64AB7D89] [SPRF][05/06/2015] (.No owner - WindowsFormsApplication6.) -- C:\Users\bouhassoun\AppData\Roaming\svchost.exe [126464]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Random Export Key (REK) (O91)
[HKCU\Software\075efffa837e9946500999f29d9d5572]:[kl]="ox 00:26

ni

15/06/05 firefox ‫ولد سليمان‬ - Mozilla Firefox

o

15/06/05 firefox Facebook - Mozilla Firefox

801ch dha
[HKCU\Software\3ef2d7ea521f18555476e90b431e142b]:5702673368512820f82155c9e1d5e18a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
[HKCU\Software\3ef2d7ea521f18555476e90b431e142b]:US="@"
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:3652f46ef1d77386dc985c42db2a43f8="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:5702673368512820f82155c9e1d5e18a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:682dfec8c66a0de6f1475ca73c462a69="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:US="@"
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:a4a32fe0594d239b57a01bf6b404e44f="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
[HKCU\Software\a09ee769a860062458db521e8a43567e]:[kl]="ؤ

15/06/06 firefox Recherche Google

[Back]ce

15/06/06 firefox Algérie Poste Consultation CCP - Mozilla Firefox

[Back]
~ Export Key Software: Scanned in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110611971195}] (Ge-Force) =>PUP.CrossRider
[HKCR\CLSID\{11111111-1111-1111-1111-110611981129}] (SavePass 1.1) =>PUP.CrossRider
~ BCK: 5643 Legitimates Filtered in 00mn 19s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 20/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 18/02/2015 132632 | (mglupdate) . (.Maxiget Ltd..) - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget
SS - | Demand 18/02/2015 132632 | (mglupdatem) . (.Maxiget Ltd..) - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget
SS - | Demand 28/09/2013 625240 | (NetworkSupport) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
SS - | Demand 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 15/10/2012 123616 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
SS - | Demand 15/10/2012 461024 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
SS - | Demand 15/10/2012 78560 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
SS - | Demand 03/04/2015 1370424 | (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe
SS - | Demand 01/12/2011 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
SS - | Demand 19/11/2013 377768 | (USER_ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
SS - | Demand 19/07/2012 476328 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SS - | Demand 28/09/2012 964608 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 17/09/2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/07/2014 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/11/2012 231040 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 27/11/2013 3105144 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
SR - | Auto 29/04/2015 233472 | (egGetSvc) . (...) - C:\Program Files (x86)\EagleGet\EGMonitor.exe
SR - | Auto 19/11/2013 377768 | (ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
SR - | Auto 29/09/2012 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 03/06/2015 125056 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 29/09/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 29/09/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 29/09/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 15/10/2014 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 27/07/2012 474208 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 19/11/2013 266168 | (SampleCollector) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
SR - | Auto 07/05/2015 86840 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
SR - | Auto 29/09/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 23/09/2013 13824 | (UnsignedThemes) . (.The Within Network, LLC.) - C:\Windows\unsignedthemes.exe
SR - | Auto 15/09/2012 67536 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Demand 03/12/2014 61552 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe
SR - | Demand 28/02/2014 1642544 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update\vuagent.exe
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 06/06/2015 695976 | (WindowsMangerProtect) . (.DTools LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/11/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 24s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 50
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 101

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] =>PUP.LuckyTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\mglupdate) (mglupdate] =>PUP.Maxiget^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}] =>PUP.PriceLess^
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622572243}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622972295}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622982229}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220722022299}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622572243}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622972295}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622982229}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220722022299}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
C:\Program Files (x86)\Browser Tab Search by Ask =>PUP.BrowserTabSearch^
C:\Program Files (x86)\Maxiget =>PUP.Maxiget^
C:\Program Files (x86)\PriceLess =>PUP.PriceLess^
C:\Program Files (x86)\SiteLookup =>PUP.SiteLookup^
C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^
C:\ProgramData\PriceLess =>PUP.PriceLess^
C:\ProgramData\ShopperPro =>PUP.ShopperPro^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\bouhassoun\AppData\Local\BrowserHelper =>PUP.BrowserHelper^
C:\Users\bouhassoun\AppData\Local\Maxiget =>PUP.Maxiget^
C:\Users\bouhassoun\AppData\Local\Installer =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Orphan key =>PUP.ShopperPro^
C:\Users\bouhassoun\AppData\Roaming\BYAIAMUF.exe =>PUP.CrossRider^
C:\Users\bouhassoun\AppData\Roaming\GNOK.exe =>PUP.CrossRider^
C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 =>PUP.CrossRider^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 =>PUP.CrossRider^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 =>PUP.CrossRider^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 =>PUP.CrossRider^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user =>PUP.CrossRider^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 =>PUP.CrossRider^
C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 =>PUP.CrossRider^
C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6 =>PUP.CrossRider^
C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7 =>PUP.CrossRider^
C:\Windows\Tasks\BYAIAMUF.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\BYAIAMUF =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 =>PUP.CrossRider^
C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 =>PUP.CrossRider^
C:\Windows\Tasks\GNOK.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\GNOK =>PUP.CrossRider^
C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job =>PUP.Maxiget^
C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineCore =>PUP.Maxiget^
C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job =>PUP.Maxiget^
C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineUA =>PUP.Maxiget^
[HKCU\Software\075efffa837e9946500999f29d9d5572] =>PUP.CrossRider^
[HKCU\Software\3ef2d7ea521f18555476e90b431e142b] =>PUP.CrossRider^
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2] =>PUP.CrossRider^
[HKCU\Software\App Lid-nv] =>PUP.CrossRider^
[HKCU\Software\CinemaP-1.9cV16.03-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Maxiget] =>PUP.Maxiget^
[HKCU\Software\SavePass 1.1-nv] =>PUP.CrossRider^
[HKCU\Software\Sense-nv-ie] =>PUP.CrossRider^
[HKCU\Software\a09ee769a860062458db521e8a43567e] =>PUP.CrossRider^
[HKLM\Software\App Lid-nv] =>PUP.CrossRider^
[HKLM\Software\Maxiget] =>PUP.Maxiget^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\000f1de5-5820-4770-912e-c85b0a193a4f] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\240300df-8f25-4687-92b1-0e7cf7dc5366] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\2cc2d9f3-2fc7-4bb9-bbaf-b36aafda4a67] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\App Lid-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Maxiget] =>PUP.Maxiget^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\c7cd91c1-e3de-43fb-b693-7ecfc5a24e0b] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\ed842e7b-9d9c-45e8-bc34-25bdbd449f49] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKCR\CLSID\{11111111-1111-1111-1111-110611971195}] (Ge-Force) =>PUP.CrossRider^
[HKCR\CLSID\{11111111-1111-1111-1111-110611981129}] (SavePass 1.1) =>PUP.CrossRider^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 294393 Items scanned in 00mn 56s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://www.nicolascoolman.fr/blog/ =>Hijacker.OurSurfing
http://www.nicolascoolman.fr/blog/ =>PUP.LuckyTab
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.Maxiget
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.Mysoftpack
http://www.nicolascoolman.fr/blog/ =>PUP.PriceLess
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-browsertabsearch =>PUP.BrowserTabSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SiteLookup
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserHelper
http://nicolascoolman.fr/adware-recordnrip =>Adware.RecordNRip
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia
~ MSI: 29 link(s) detected in 00mn 00s



~ 1062 Legitimates filtered by white list
End of the scan (960 lines in 03mn 08s)(0.9)