~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015) ~ Launched by bouhassoun (11/06/2015 13:44:19) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : Updated version. ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by program ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.17801 MFIE: Mozilla Firefox 38.0.5 (Defaut) GCIE: Google Chrome v43.0.2357.124 ---\\ Windows product information ~ Langage: Anglais Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel ~ Windows Partial Key : H49VQ Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 8.1 Single Language, 64-bit (Build 9600) ---\\ System protection software Windows Defender W8 (Deactivate) ---\\ System optimization software CCleaner v4.14 ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 17 NPAPI Adobe Reader XI Java 7 Update 9 (64-bit) ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4043 MB (26% free) System Restore: Activé (Enable) System drive C: has 147 GB (63%) free of 233 GB ---\\ Connection to the system mode ~ Computer Name: BMW ~ User Name: bouhassoun ~ All Users Names: HomeGroupUser$, bouhassoun, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\bouhassoun\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\bouhassoun\AppData\Roaming\ ~ %Desktop% : C:\Users\bouhassoun\Desktop\ ~ %Favorites% : C:\Users\bouhassoun\Favorites\ ~ %LocalAppData% : C:\Users\bouhassoun\AppData\Local\ ~ %StartMenu% : C:\Users\bouhassoun\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 147 Go of 233 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 192 Go of 209 Go) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368] [MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920] [MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128] [MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.24/09/2014 - 07:46:16.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.24/09/2014 - 09:00:42.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.24/09/2014 - 08:13:04.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/09/2014 - 07:54:58.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.07/10/2014 - 04:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.24/09/2014 - 07:46:18.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.24/09/2014 - 07:17:10.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.24/09/2014 - 07:54:58.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in 00mn 01s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/6 ~ Mes musiques (My Musics) : 1/57 ~ Mes Favoris (My Favorites) : 1/8 ~ Mes Documents (My Documents) : 2/746 ~ Mon Bureau (My Desktop) : 1/1395 ~ Menu demarrer (Programs) : 1/48 ~ Hidden Files: Scanned in 00mn 11s ---\\ Process running [MD5.E39E90C34BF2E0F73010B6B0081AA365] - (.No owner - EGMonito Application.) -- C:\Program Files (x86)\EagleGet\EGMonitor.exe [233472] [PID.1960] [MD5.17F601C301CFCF559F496BF268533FC1] - (...) -- C:\Program Files (x86)\Crazy Shopperama\crazy_shopperama_helper_service.exe [191692] [PID.15580] [MD5.47BE447FF1AA0E0E7B9C2085CB740F90] - (.EagleGet.com - EagleGet Free Downloader.) -- C:\Program Files (x86)\EagleGet\EagleGet.exe [1849344] [PID.13176] [MD5.75BDD11C3EA1CF584C8B9A5BF7C7190C] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960] [PID.14556] [MD5.083FFA5897FE78062C93A3AF0CC82C07] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [28912768] [PID.14900] [MD5.8F45A1926BE83BBCFD212A18AA1CF304] - (...) -- C:\Users\bouhassoun\AppData\Local\Temp\Trojan.exe [44544] [PID.3800] [MD5.B13BC5BEED960EC416D20EC5BB899FCA] - (...) -- C:\Users\bouhassoun\server.exe [24064] [PID.2004] [MD5.D536CCCE2A7992688DB76941506EA970] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\SysWOW64\wscript.exe [148992] [PID.10208] [MD5.717CECF8A6F55295A2A8B9ED4C64D800] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576] [PID.15940] [MD5.BAC15D03EFC8249216D1D610F3B1E67F] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528] [PID.10324] [MD5.A449942E08F047C712EB4F64B4268F97] - (.Open Source - SG Miner Pro.) -- C:\Users\bouhassoun\AppData\Roaming\cpuminer\sgminer\sgminer.exe [2740224] [PID.2140] [MD5.672E1B3140D78F01E5563C32A72E3ED3] - (.No owner - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [62464] [PID.1592] [MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.1252] [MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.4852] [MD5.9B660F85D4B9FE235DBD45A39CC76F8A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [270960] [PID.8884] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.No owner - spark.) -- C:\Program Files (x86)\baidu\Baidu Browser\spark.exe [981304] [PID.13364] [MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.2956] [MD5.411837D66846190BDEA7077046EA9038] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe [1894064] [PID.15628] [MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.3380] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\bouhassoun\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome Extension Folder ~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\bouhassoun\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj7pvc.dev-edition-default\prefs.js C:\Users\bouhassoun\AppData\Roaming\Mozilla\Firefox\Profiles\qk9ci39f.default\prefs.js C:\Users\bouhassoun\AppData\Roaming\Mozilla\Firefox\Profiles\qk9ci39f.default\user.js M0 - MFSP: prefs.js [bouhassoun - qk9ci39f.default] google.com M2 - MFEP: prefs.js [bouhassoun - 0jwj7pvc.dev-edition-default\{2f17f610-5e97-4fed-828f-9940b7b577a4}] [] 2f17f6105e974fed828f9940b7b577a4 v1004.0.43 (..) M2 - MFEP: Extension [bouhassoun - 0jwj7pvc.dev-edition-default] Cy4LdSccs@gmail.com M2 - MFEP: Extension [bouhassoun - 0jwj7pvc.dev-edition-default] {2f17f610-5e97-4fed-828f-9940b7b577a4} M2 - MFEP: Extension [bouhassoun - 0jwj7pvc.dev-edition-default] eagleget_ffext@eagleget.com.xpi M2 - MFEP: Extension [bouhassoun - qk9ci39f.default] Cy4LdSccs@gmail.com M2 - MFEP: Extension [bouhassoun - qk9ci39f.default] {2f17f610-5e97-4fed-828f-9940b7b577a4} M2 - MFEP: Extension [bouhassoun - qk9ci39f.default] eagleget_ffext@eagleget.com.xpi P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml =>Hijacker.OmigaPlus P2 - FPN: [HKCU] [eagleget.com/EagleGet32] - (.EagleGet - EagleGet Free Downloader Plugin.) -- C:\Program Files (x86)\EagleGet\npEagleget.dll P2 - FPN: [HKCU] [eagleget.com/EagleGet64_x86_64] - (.EagleGet - EagleGet Free Downloader Plugin.) -- C:\Program Files (x86)\EagleGet\npEagleget64.dll ~ Firefox Browser: 40 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com =>Hijacker.OurSurfing ~ IE Browser: 17 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects (O2) O2 - BHO: bteagleget.com [64Bits] - {1E871FF8-029C-4732-8AA7-39E3D3872057} . (.EagleGet.com - IEGrab.) -- C:\Program Files (x86)\EagleGet\eagleSniffer.dll O2 - BHO: LuckyTab Class [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\MiuiTab\SupTab.dll =>PUP.LuckyTab O2 - BHO: bteagleget.com [64Bits] - {824F251E-D74A-4d56-B998-CA05CF369A13} . (.EagleGet.com - IEGrab.) -- C:\Program Files (x86)\EagleGet\eagleSniffer.dll O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Orphan key =>PUP.ShopperPro ~ BHO: 19 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{46462D59-0076-A76A-76A7-7A786E7484D7} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: Facebook.lnk . (...) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe O4 - GS\Desktop [Public]: Google.lnk . (...) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe ~ Global Startup: 2 Legitimates Filtered in 00mn 04s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe O4 - HKLM\..\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [gpuminer] . (...) -- C:\Users\bouhassoun\AppData\Roaming\cpuminer\sgminer\sgminer.cmd O4 - HKLM\..\Run: [cpuminer] . (...) -- C:\WINDOWS\system32\cpuminer-gw64.exe O4 - HKCU\..\Run: [EagleGet] . (.EagleGet.com - EagleGet Free Downloader.) -- C:\Program Files (x86)\EagleGet\Eagleget.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\bouhassoun\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [ Maintance] C:\Program Files\net1.exe (.not file.) O4 - HKCU\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader O4 - HKCU\..\Run: [Viber] C:\Users\bouhassoun\AppData\Local\Viber\Viber.exe (.not file.) O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [FLV Player] C:\Users\bouhassoun\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (.not file.) O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [جدول الاختبارات] \B C:\Users\BOUHAS~1\AppData\Local\Temp\جدول الاختبارات.vbs (.not file.) O4 - HKCU\..\Run: [MICROS~1] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\MICROS~1.JS O4 - HKCU\..\Run: [5cd8f17f4086744065eb0992a09e05a2] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\Trojan.exe O4 - HKCU\..\Run: [075efffa837e9946500999f29d9d5572] . (.No owner - WindowsFormsApplication6.) -- C:\Users\bouhassoun\AppData\Roaming\svchost.exe O4 - HKCU\..\Run: [a09ee769a860062458db521e8a43567e] . (...) -- C:\Users\bouhassoun\server.exe O4 - HKCU\..\Run: [3ef2d7ea521f18555476e90b431e142b] . (.No owner - WindowsFormsApplication6.) -- C:\ProgramData\youtube.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader O4 - HKUS\.DEFAULT\..\Run: [MaxigetMasterUpdate] . (...) -- C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe =>PUP.Maxiget O4 - HKUS\S-1-5-18\..\Run: [MaxigetMasterUpdate] . (...) -- C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe =>PUP.Maxiget O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [EagleGet] . (.EagleGet.com - EagleGet Free Downloader.) -- C:\Program Files (x86)\EagleGet\Eagleget.exe O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\bouhassoun\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [ Maintance] C:\Program Files\net1.exe (.not file.) O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [Viber] C:\Users\bouhassoun\AppData\Local\Viber\Viber.exe (.not file.) O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [FLV Player] C:\Users\bouhassoun\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (.not file.) O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [جدول الاختبارات] \B C:\Users\BOUHAS~1\AppData\Local\Temp\جدول الاختبارات.vbs (.not file.) O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [MICROS~1] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\MICROS~1.JS O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [5cd8f17f4086744065eb0992a09e05a2] . (...) -- C:\Users\bouhassoun\AppData\Local\Temp\Trojan.exe O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [075efffa837e9946500999f29d9d5572] . (.No owner - WindowsFormsApplication6.) -- C:\Users\bouhassoun\AppData\Roaming\svchost.exe O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [a09ee769a860062458db521e8a43567e] . (...) -- C:\Users\bouhassoun\server.exe O4 - HKUS\S-1-5-21-2173134999-1121657616-2993340248-1001\..\Run: [3ef2d7ea521f18555476e90b431e142b] . (.No owner - WindowsFormsApplication6.) -- C:\ProgramData\youtube.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Orphan key O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBEAA2-81FA-4824-87C1-060438A27D3E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{78F87BA8-3767-4E72-ADB7-7297DB6AA7BB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{61BBEAA2-81FA-4824-87C1-060438A27D3E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{78F87BA8-3767-4E72-ADB7-7297DB6AA7BB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SUPPOR~1\SUPPOR~2.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: egGetSvc (egGetSvc) . (.No owner - EGMonito Application.) - C:\Program Files (x86)\EagleGet\EGMonitor.exe O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR O23 - Service: Service Maxiget Update (mglupdate) (mglupdate) . (.Maxiget Ltd. - Maxiget Updater.) - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe O23 - Service: Unsigned Themes (UnsignedThemes) . (.The Within Network, LLC - Unsigned themes service executable.) - C:\Windows\unsignedthemes.exe O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED - Windows DTools.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu ~ Services: 25 Legitimates Filtered in 00mn 06s ---\\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1] (...) -- C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-codedownloader.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7] (...) -- C:\Program Files (x86)\SavePass 1.1\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1] (...) -- C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7] (...) -- C:\Program Files (x86)\Ge-Force\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-1] (...) -- C:\Program Files (x86)\Sense\Sense-codedownloader.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-11] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-11.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-2] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-2.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-4] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-4.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-5] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-5.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-5_user] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-5.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-6] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-6.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [7c66723c-01f9-441f-b98e-a8abb0251335-7] (...) -- C:\Program Files (x86)\Sense\7c66723c-01f9-441f-b98e-a8abb0251335-7.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [983a9674-e05d-44a5-9c47-65fd4eab29ab] (...) -- C:\Program Files (x86)\App Lid\983a9674-e05d-44a5-9c47-65fd4eab29ab.exe (.not file.) [0] =>PUP.CrossRider [MD5.877759FE37E2EED150C792006B342BC3] [APT] [BYAIAMUF] (.Cinema PlusV16.03.) -- C:\Users\bouhassoun\AppData\Roaming\BYAIAMUF.exe [2035200] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1] (...) -- C:\Program Files (x86)\App Lid\App Lid-codedownloader.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7] (...) -- C:\Program Files (x86)\App Lid\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [ca69503f-b980-4e07-a10e-7bd220db5214] (...) -- C:\Program Files (x86)\App Lid\ca69503f-b980-4e07-a10e-7bd220db5214.exe (.not file.) [0] =>PUP.CrossRider [MD5.17F601C301CFCF559F496BF268533FC1] [APT] [crazy_shopperama_helper_service] (...) -- C:\Program Files (x86)\Crazy Shopperama\crazy_shopperama_helper_service.exe [191692] [MD5.1C7FF4BFACDDD04E3504DCB1BA5987ED] [APT] [GNOK] (.Cinema PlusV16.03.) -- C:\Users\bouhassoun\AppData\Roaming\GNOK.exe [1380352] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [IYZWF] (...) -- C:\Users\bouhassoun\AppData\Roaming\IYZWF.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [LaunchApp] (...) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (.not file.) [0] =>PUP.MyPCBackup [MD5.8A82C81D9EE986710F9D0BDD14A4EC4F] [APT] [MaxigetUpdaterTaskMachineCore] (.Maxiget Ltd..) -- C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [132632] =>PUP.Maxiget [MD5.8A82C81D9EE986710F9D0BDD14A4EC4F] [APT] [MaxigetUpdaterTaskMachineUA] (.Maxiget Ltd..) -- C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [132632] =>PUP.Maxiget [MD5.00000000000000000000000000000000] [APT] [ReviverSoft Start Menu Run once task] (...) -- C:\SkinPack\StartMenu\StartMenuReviver.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\Users\bouhassoun\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>PUP.Mysoftpack [MD5.8F3E3033D1073E20B27B8737CE04A193] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files (x86)\baidu\Baidu Browser\SparkUpdate.exe [1370424] [MD5.00000000000000000000000000000000] [APT] [YIDYL] (...) -- C:\Users\bouhassoun\AppData\Roaming\YIDYL.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{01295413-EA6A-4E0B-A801-B19177160628}] (...) -- C:\Users\bouhassoun\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus [MD5.00000000000000000000000000000000] [APT] [{41B17AA5-6950-45BA-9A38-6388E509A684}] (...) -- C:\Users\bouhassoun\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.) [0] =>Hijacker.OurSurfing O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1.job [3448] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 [3448] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user.job [2112] O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-10_user [2112] O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2.job [2110] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 [2110] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4.job [4158] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 [4158] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.job [2446] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 [2446] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user.job [2446] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user [2446] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6.job [5518] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 [5518] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 - (...) -- C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7.job [5182] =>PUP.CrossRider O39 - APT: 4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 - (...) -- C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 [5182] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1.job [3776] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 [3776] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11.job [5512] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 [5512] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2.job [2438] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 [2438] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4.job [4486] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 [4486] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.job [2782] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 [2782] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user.job [2782] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user [2782] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6.job [6198] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 [6198] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 - (...) -- C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7.job [5854] =>PUP.CrossRider O39 - APT: 667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 - (...) -- C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 [5854] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-1 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1.job [3764] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-1 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1 [3764] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-11 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11.job [5506] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-11 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11 [5506] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-2 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2.job [2432] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-2 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2 [2432] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-4 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4.job [4824] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-4 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4 [4824] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5.job [2776] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5 [2776] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5_user - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user.job [2776] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-5_user - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user [2776] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-6 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6.job [6192] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-6 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6 [6192] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-7 - (...) -- C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7.job [5848] =>PUP.CrossRider O39 - APT: 7c66723c-01f9-441f-b98e-a8abb0251335-7 - (...) -- C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7 [5848] =>PUP.CrossRider O39 - APT: 983a9674-e05d-44a5-9c47-65fd4eab29ab - (...) -- C:\Windows\Tasks\983a9674-e05d-44a5-9c47-65fd4eab29ab.job [610] O39 - APT: 983a9674-e05d-44a5-9c47-65fd4eab29ab - (...) -- C:\Windows\System32\Tasks\983a9674-e05d-44a5-9c47-65fd4eab29ab [610] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: BYAIAMUF - (.Cinema PlusV16.03.) -- C:\Windows\Tasks\BYAIAMUF.job [1714] =>PUP.CrossRider O39 - APT: BYAIAMUF - (.Cinema PlusV16.03.) -- C:\Windows\System32\Tasks\BYAIAMUF [1714] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1.job [3092] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 [3092] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11.job [4830] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 [4830] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.job [2100] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 [2100] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4.job [4828] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 [4828] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.job [2436] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 [2436] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user.job [2436] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user [2436] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6.job [5508] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 [5508] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 - (...) -- C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7.job [5172] =>PUP.CrossRider O39 - APT: c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 - (...) -- C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 [5172] =>PUP.CrossRider O39 - APT: ca69503f-b980-4e07-a10e-7bd220db5214 - (...) -- C:\Windows\Tasks\ca69503f-b980-4e07-a10e-7bd220db5214.job [1446] O39 - APT: ca69503f-b980-4e07-a10e-7bd220db5214 - (...) -- C:\Windows\System32\Tasks\ca69503f-b980-4e07-a10e-7bd220db5214 [1446] O39 - APT: crazy_shopperama_helper_service - (...) -- C:\Windows\Tasks\crazy_shopperama_helper_service.job [556] O39 - APT: crazy_shopperama_helper_service - (...) -- C:\Windows\System32\Tasks\crazy_shopperama_helper_service [556] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2173134999-1121657616-2993340248-1001Core [934] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2173134999-1121657616-2993340248-1001UA [956] O39 - APT: GNOK - (.Cinema PlusV16.03.) -- C:\Windows\Tasks\GNOK.job [1362] =>PUP.CrossRider O39 - APT: GNOK - (.Cinema PlusV16.03.) -- C:\Windows\System32\Tasks\GNOK [1362] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084] O39 - APT: IYZWF - (...) -- C:\Windows\Tasks\IYZWF.job [1364] O39 - APT: IYZWF - (...) -- C:\Windows\System32\Tasks\IYZWF [1364] O39 - APT: MaxigetUpdaterTaskMachineCore - (.Maxiget Ltd..) -- C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job [1094] =>PUP.Maxiget O39 - APT: MaxigetUpdaterTaskMachineCore - (.Maxiget Ltd..) -- C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineCore [1094] =>PUP.Maxiget O39 - APT: MaxigetUpdaterTaskMachineUA - (.Maxiget Ltd..) -- C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job [1098] =>PUP.Maxiget O39 - APT: MaxigetUpdaterTaskMachineUA - (.Maxiget Ltd..) -- C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineUA [1098] =>PUP.Maxiget O39 - APT: YIDYL - (...) -- C:\Windows\Tasks\YIDYL.job [1364] O39 - APT: YIDYL - (...) -- C:\Windows\System32\Tasks\YIDYL [1364] ~ Scheduled Task: 154 Legitimates Filtered in 00mn 20s ---\\ Software installed (O42) O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM][64Bits] -- Spark O42 - Logiciel: PriceLess - (...) [HKLM][64Bits] -- {75F9BF4A-AF67-A478-A37B-31D73186D3F3} =>PUP.PriceLess O42 - Logiciel: Reload Icons Cache 1.00 - (.Mr Blade Design's.) [HKLM][64Bits] -- Reload Icons Cache 1.00 O42 - Logiciel: UxStyle - (.The Within Network, LLC.) [HKLM][64Bits] -- {05560347-3a9b-4644-a8ed-8b64cc947189} O42 - Logiciel: UxStyle - (.The Within Network, LLC.) [HKLM][64Bits] -- {86D24646-DAF6-4F5E-BCAD-CF7EF8E362E1} ~ Logic: 37 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\075efffa837e9946500999f29d9d5572] =>PUP.CrossRider [HKCU\Software\3ef2d7ea521f18555476e90b431e142b] =>PUP.CrossRider [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2] =>PUP.CrossRider [HKCU\Software\APN PIP] [HKCU\Software\Acesoft] [HKCU\Software\App Lid-nv] =>PUP.CrossRider [HKCU\Software\BYAIAMUF] [HKCU\Software\Baidu] [HKCU\Software\CinemaP-1.9cV16.03-nv-ie] =>PUP.CrossRider [HKCU\Software\GNOK] [HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider [HKCU\Software\HomeTab] =>PUP.CertifiedToolbar [HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions [HKCU\Software\Kromtech] [HKCU\Software\Maxiget] =>PUP.Maxiget [HKCU\Software\OB] [HKCU\Software\Reimage] =>Rogue.ReimageRepair [HKCU\Software\SavePass 1.1-nv] =>PUP.CrossRider [HKCU\Software\Sense-nv-ie] =>PUP.CrossRider [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Somoto] =>Adware.MegaSearch [HKCU\Software\a09ee769a860062458db521e8a43567e] =>PUP.CrossRider [HKCU\Software\iCarePro] [HKLM\Software\App Lid-nv] =>PUP.CrossRider [HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions [HKLM\Software\Maxiget] =>PUP.Maxiget [HKLM\Software\Reimage] =>Rogue.ReimageRepair [HKLM\Software\ShopperPro] =>PUP.ShopperPro [HKLM\Software\Wow6432Node\000f1de5-5820-4770-912e-c85b0a193a4f] =>PUP.CrossRider [HKLM\Software\Wow6432Node\240300df-8f25-4687-92b1-0e7cf7dc5366] =>PUP.CrossRider [HKLM\Software\Wow6432Node\2cc2d9f3-2fc7-4bb9-bbaf-b36aafda4a67] =>PUP.CrossRider [HKLM\Software\Wow6432Node\AIM Toolbar] [HKLM\Software\Wow6432Node\Acesoft] [HKLM\Software\Wow6432Node\App Lid-nv] =>PUP.CrossRider [HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar [HKLM\Software\Wow6432Node\Baidu] [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\EASETECH] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions [HKLM\Software\Wow6432Node\Maxiget] =>PUP.Maxiget [HKLM\Software\Wow6432Node\SiteSee] [HKLM\Software\Wow6432Node\SoftLab-Nsk] [HKLM\Software\Wow6432Node\SpeedBit] [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab [HKLM\Software\Wow6432Node\c7cd91c1-e3de-43fb-b693-7ecfc5a24e0b] =>PUP.CrossRider [HKLM\Software\Wow6432Node\ed842e7b-9d9c-45e8-bc34-25bdbd449f49] =>PUP.CrossRider [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab [HKLM\Software\privacyroot.com] ~ Key Software: 395 Legitimates Filtered in 00mn 02s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 29/01/2015 - 03:06:09 - [0] ----D C:\Program Files (x86)\0fc80cac-dd5e-4bad-b2d8-ffd3621e1fcd O43 - CFD: 10/06/2015 - 12:49:47 - [0] ----D C:\Program Files (x86)\548d09da-a900-4dea-8d50-a922339051bb O43 - CFD: 29/01/2015 - 03:13:36 - [0] ----D C:\Program Files (x86)\6219bd7d-e055-4b09-ac72-68e113765ec1 O43 - CFD: 05/05/2015 - 13:30:30 - [] ----D C:\Program Files (x86)\baidu O43 - CFD: 12/07/2014 - 10:15:40 - [] ----D C:\Program Files (x86)\Browser Tab Search by Ask =>PUP.BrowserTabSearch O43 - CFD: 06/06/2015 - 22:48:19 - [] ----D C:\Program Files (x86)\Crazy Shopperama O43 - CFD: 28/05/2015 - 13:23:55 - [] ----D C:\Program Files (x86)\Driver Downloader O43 - CFD: 23/04/2015 - 23:44:39 - [0] ----D C:\Program Files (x86)\e563ef30-9b41-45a8-8744-61b616e0daff O43 - CFD: 07/12/2014 - 22:59:07 - [] ----D C:\Program Files (x86)\Maxiget =>PUP.Maxiget O43 - CFD: 06/06/2015 - 22:42:32 - [] ----D C:\Program Files (x86)\MiuiTab O43 - CFD: 02/02/2015 - 21:07:32 - [] ----D C:\Program Files (x86)\PriceLess =>PUP.PriceLess O43 - CFD: 08/07/2014 - 09:49:03 - [0] ----D C:\Program Files (x86)\SiteLookup =>PUP.SiteLookup O43 - CFD: 08/06/2015 - 01:01:35 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader O43 - CFD: 07/12/2014 - 23:04:28 - [] ----D C:\ProgramData\8b72e4bdc19f4e49 O43 - CFD: 08/07/2014 - 14:54:29 - [] ----D C:\ProgramData\APN O43 - CFD: 05/05/2015 - 13:30:03 - [] ----D C:\ProgramData\Baidu O43 - CFD: 26/01/2015 - 17:08:24 - [] ----D C:\ProgramData\boost_interprocess O43 - CFD: 03/06/2015 - 22:11:24 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 O43 - CFD: 23/12/2014 - 21:57:09 - [] ----D C:\ProgramData\mwaf O43 - CFD: 10/12/2014 - 17:56:23 - [] ----D C:\ProgramData\PriceLess =>PUP.PriceLess O43 - CFD: 08/06/2015 - 01:06:59 - [] ----D C:\ProgramData\ShopperPro =>PUP.ShopperPro O43 - CFD: 28/11/2014 - 23:01:36 - [] ----D C:\ProgramData\StartMenuReviver.exe O43 - CFD: 06/06/2015 - 22:42:35 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu O43 - CFD: 26/05/2015 - 03:07:54 - [0] ----D C:\ProgramData\{A0EA423B-829D-4A7C-ACB8-778E4EDFCD79} O43 - CFD: 22/08/2014 - 19:51:57 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 28/05/2015 - 13:24:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser O43 - CFD: 24/09/2014 - 11:21:37 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager O43 - CFD: 24/09/2014 - 08:17:17 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 05/05/2015 - 13:31:45 - [] ----D C:\Users\bouhassoun\AppData\Roaming\Baidu O43 - CFD: 06/06/2015 - 22:42:56 - [] ----D C:\Users\bouhassoun\AppData\Roaming\cpuminer O43 - CFD: 15/08/2014 - 14:27:14 - [] ----D C:\Users\bouhassoun\AppData\Roaming\DownloadNinja O43 - CFD: 28/05/2015 - 13:22:51 - [] ----D C:\Users\bouhassoun\AppData\Roaming\Driver Downloader O43 - CFD: 24/12/2014 - 03:52:36 - [] ----D C:\Users\bouhassoun\AppData\Roaming\SpotOnTheMouse O43 - CFD: 08/12/2014 - 21:44:11 - [0] ----D C:\Users\bouhassoun\AppData\Roaming\WebTest O43 - CFD: 07/06/2015 - 15:05:15 - [] ----D C:\Users\bouhassoun\AppData\Local\BrowserHelper =>PUP.BrowserHelper O43 - CFD: 19/12/2014 - 12:32:01 - [] -SH-D C:\Users\bouhassoun\AppData\Local\EmieBrowserModeList O43 - CFD: 02/06/2015 - 17:37:38 - [] ----D C:\Users\bouhassoun\AppData\Local\GWX O43 - CFD: 28/11/2014 - 23:09:19 - [] ----D C:\Users\bouhassoun\AppData\Local\immersive-explorer.com O43 - CFD: 07/06/2015 - 15:00:49 - [] ----D C:\Users\bouhassoun\AppData\Local\Installer O43 - CFD: 07/12/2014 - 22:59:06 - [] ----D C:\Users\bouhassoun\AppData\Local\Maxiget =>PUP.Maxiget O43 - CFD: 05/05/2015 - 13:25:24 - [] ----D C:\Users\bouhassoun\AppData\Local\MiniService O43 - CFD: 21/01/2015 - 01:54:45 - [0] ----D C:\Users\bouhassoun\AppData\Local\PackageStaging ~ Program Folder: 268 Legitimates Filtered in 00mn 03s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.4AFA237D34C441046EF886BEFD824B90] - 05/06/2015 - 14:16:32 ---A- . (...) -- C:\Windows\System32\cpuminer-conf.json [226] O44 - LFC:[MD5.6B7E4A83636374FA4C29B0A16E61B482] - 05/06/2015 - 14:19:52 ---A- . (...) -- C:\Windows\System32\cpuminer-gw64.exe [1386272] O44 - LFC:[MD5.624273303CBFFFBD03266E7C62A27E2C] - 08/06/2015 - 00:07:45 ---A- . (...) -- C:\Windows\SynInst.log [663] ~ Files: 43 Legitimates Filtered in 00mn 12s ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{67cf41a4-e37e-11e4-bec2-a41731deecae}\AutoRun\command. (...) -- F:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:08/04/2015 - 09:05:02 ---A- . (.eagleGet - eagleGet Network Filter.) -- C:\Windows\System32\Drivers\eagleGet.sys [77112] O58 - SDL:27/03/2015 - 01:10:52 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [192984] O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600] O58 - SDL:26/02/2015 - 23:38:28 ---A- . (...) -- C:\Windows\System32\Drivers\semav6thermal64ro.sys [13792] O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:23/09/2013 - 04:19:04 ---A- . (.The Within Network, LLC - UxStyle Kernel Driver.) -- C:\Windows\System32\Drivers\uxstyle.sys [31440] O58 - SDL:15/04/2012 - 22:32:14 ---A- . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\Drivers\wcmvcam64.sys [1071032] ~ Drivers: 61 Legitimates Filtered in 00mn 08s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com =>Hijacker.OurSurfing ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [bouhassoun - qk9ci39f.default] user_pref("extensions.crossrider.bic", "14a2695d0509e081a7873bdfdf96026d"); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.oursurfing.com =>Hijacker.OurSurfing O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.oursurfing.com =>Hijacker.OurSurfing O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (oursurfing) - http://www.oursurfing.com =>Hijacker.OurSurfing O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} - (Ask.com) - http://www.oursurfing.com =>Hijacker.OurSurfing O69 - SBI: SearchScopes [HKCU] {ADA5BCD4-5822-4FC2-AAD5-CC2B5A86051D} - (Search App powered by Search Better Search) - http://www.oursurfing.com =>Hijacker.OurSurfing O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.oursurfing.com =>Hijacker.OurSurfing O69 - SBI: SearchScopes [HKCU] {F0D9E8A2-50B1-4806-9B1A-37CB318A9D59} - (Bing) - http://www.oursurfing.com =>Hijacker.OurSurfing ~ Keys: Scanned in 00mn 02s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.A5A4AEF90693DA616022B795F3D96509] [SPRF][09/06/2015] (.No owner - WindowsFormsApplication6.) -- C:\ProgramData\youtube.exe [68096] [MD5.877759FE37E2EED150C792006B342BC3] [SPRF][06/06/2015] (.Cinema PlusV16.03 - CinemaP-1.9cV16.03 exe.) -- C:\Users\bouhassoun\AppData\Roaming\BYAIAMUF.exe [2035200] =>PUP.CrossRider [MD5.1C7FF4BFACDDD04E3504DCB1BA5987ED] [SPRF][06/06/2015] (.Cinema PlusV16.03 - CinemaP-1.9cV16.03 exe.) -- C:\Users\bouhassoun\AppData\Roaming\GNOK.exe [1380352] =>PUP.CrossRider [MD5.C06E791FFC703EC64224A7CE64AB7D89] [SPRF][05/06/2015] (.No owner - WindowsFormsApplication6.) -- C:\Users\bouhassoun\AppData\Roaming\svchost.exe [126464] ~ Files: 4 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (REK) (O91) [HKCU\Software\075efffa837e9946500999f29d9d5572]:[kl]="ox 00:26 ni 15/06/05 firefox ‫ولد سليمان‬ - Mozilla Firefox o 15/06/05 firefox Facebook - Mozilla Firefox 801ch dha [HKCU\Software\3ef2d7ea521f18555476e90b431e142b]:5702673368512820f82155c9e1d5e18a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\3ef2d7ea521f18555476e90b431e142b]:US="@" [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:3652f46ef1d77386dc985c42db2a43f8="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:5702673368512820f82155c9e1d5e18a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:682dfec8c66a0de6f1475ca73c462a69="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:US="@" [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:a4a32fe0594d239b57a01bf6b404e44f="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\a09ee769a860062458db521e8a43567e]:[kl]="ؤ 15/06/06 firefox Recherche Google [Back]ce 15/06/06 firefox Algérie Poste Consultation CCP - Mozilla Firefox [Back] ~ Export Key Software: Scanned in 00mn 00s ---\\ Search CLSID Registry Key (O101) [HKCR\CLSID\{11111111-1111-1111-1111-110611971195}] (Ge-Force) =>PUP.CrossRider [HKCR\CLSID\{11111111-1111-1111-1111-110611981129}] (SavePass 1.1) =>PUP.CrossRider ~ BCK: 5643 Legitimates Filtered in 00mn 19s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 20/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 20/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 18/02/2015 132632 | (mglupdate) . (.Maxiget Ltd..) - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget SS - | Demand 18/02/2015 132632 | (mglupdatem) . (.Maxiget Ltd..) - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget SS - | Demand 28/09/2013 625240 | (NetworkSupport) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe SS - | Demand 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 15/10/2012 123616 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe SS - | Demand 15/10/2012 461024 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe SS - | Demand 15/10/2012 78560 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe SS - | Demand 03/04/2015 1370424 | (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe SS - | Demand 01/12/2011 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe SS - | Demand 19/11/2013 377768 | (USER_ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe SS - | Demand 19/07/2012 476328 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe SS - | Demand 28/09/2012 964608 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 17/09/2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 21/07/2014 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 05/11/2012 231040 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe SR - | Auto 27/11/2013 3105144 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe SR - | Auto 29/04/2015 233472 | (egGetSvc) . (...) - C:\Program Files (x86)\EagleGet\EGMonitor.exe SR - | Auto 19/11/2013 377768 | (ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe SR - | Auto 29/09/2012 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe SR - | Auto 03/06/2015 125056 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 29/09/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 29/09/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 29/09/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 15/10/2014 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 27/07/2012 474208 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe SR - | Auto 19/11/2013 266168 | (SampleCollector) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe SR - | Auto 07/05/2015 86840 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe SR - | Auto 29/09/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 23/09/2013 13824 | (UnsignedThemes) . (.The Within Network, LLC.) - C:\Windows\unsignedthemes.exe SR - | Auto 15/09/2012 67536 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe SR - | Demand 03/12/2014 61552 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe SR - | Demand 28/02/2014 1642544 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update\vuagent.exe SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 06/06/2015 695976 | (WindowsMangerProtect) . (.DTools LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 05/11/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: Scanned in 00mn 24s ---\\ Scan Additionnel (O88) Database Version : 13008 - (31/05/2015) Clés trouvées (Keys found) : 50 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 11 Fichiers trouvés (Files found) : 101 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] =>PUP.LuckyTab^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^ [HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^ [HKLM\SYSTEM\CurrentControlSet\Services\mglupdate) (mglupdate] =>PUP.Maxiget^ [HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}] =>PUP.PriceLess^ [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKCU\Software\APN PIP] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>PUP.Conduit [HKCU\Software\Somoto] =>Adware.MegaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask [HKCU\Software\Reimage] =>Rogue.ReimageRepair [HKLM\Software\Reimage] =>Rogue.ReimageRepair [HKCU\Software\HomeTab] =>PUP.CertifiedToolbar [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622572243}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622972295}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622982229}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220722022299}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622572243}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622972295}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622982229}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220722022299}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611981129}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110711021199}] =>PUP.CrossRider [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^ C:\Program Files (x86)\Browser Tab Search by Ask =>PUP.BrowserTabSearch^ C:\Program Files (x86)\Maxiget =>PUP.Maxiget^ C:\Program Files (x86)\PriceLess =>PUP.PriceLess^ C:\Program Files (x86)\SiteLookup =>PUP.SiteLookup^ C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^ C:\ProgramData\PriceLess =>PUP.PriceLess^ C:\ProgramData\ShopperPro =>PUP.ShopperPro^ C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^ C:\Users\bouhassoun\AppData\Local\BrowserHelper =>PUP.BrowserHelper^ C:\Users\bouhassoun\AppData\Local\Maxiget =>PUP.Maxiget^ C:\Users\bouhassoun\AppData\Local\Installer =>Adware.InstallPedia [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^ O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Orphan key =>PUP.ShopperPro^ C:\Users\bouhassoun\AppData\Roaming\BYAIAMUF.exe =>PUP.CrossRider^ C:\Users\bouhassoun\AppData\Roaming\GNOK.exe =>PUP.CrossRider^ C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe =>PUP.Maxiget^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-1 =>PUP.CrossRider^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-2 =>PUP.CrossRider^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-4 =>PUP.CrossRider^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5 =>PUP.CrossRider^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-5_user =>PUP.CrossRider^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-6 =>PUP.CrossRider^ C:\Windows\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\4d55d8a2-ee7c-4985-abe6-0e72e5a26214-7 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-1 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-11 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-2 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-4 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-5_user =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-6 =>PUP.CrossRider^ C:\Windows\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\667adfd8-b1c7-4231-b7bc-a08fda60e9b4-7 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-1 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-11 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-2 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-4 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-5_user =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-6 =>PUP.CrossRider^ C:\Windows\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\7c66723c-01f9-441f-b98e-a8abb0251335-7 =>PUP.CrossRider^ C:\Windows\Tasks\BYAIAMUF.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\BYAIAMUF =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-1 =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-11 =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2 =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-4 =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5 =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-5_user =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-6 =>PUP.CrossRider^ C:\Windows\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-7 =>PUP.CrossRider^ C:\Windows\Tasks\GNOK.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\GNOK =>PUP.CrossRider^ C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job =>PUP.Maxiget^ C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineCore =>PUP.Maxiget^ C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job =>PUP.Maxiget^ C:\Windows\System32\Tasks\MaxigetUpdaterTaskMachineUA =>PUP.Maxiget^ [HKCU\Software\075efffa837e9946500999f29d9d5572] =>PUP.CrossRider^ [HKCU\Software\3ef2d7ea521f18555476e90b431e142b] =>PUP.CrossRider^ [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2] =>PUP.CrossRider^ [HKCU\Software\App Lid-nv] =>PUP.CrossRider^ [HKCU\Software\CinemaP-1.9cV16.03-nv-ie] =>PUP.CrossRider^ [HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider^ [HKCU\Software\Maxiget] =>PUP.Maxiget^ [HKCU\Software\SavePass 1.1-nv] =>PUP.CrossRider^ [HKCU\Software\Sense-nv-ie] =>PUP.CrossRider^ [HKCU\Software\a09ee769a860062458db521e8a43567e] =>PUP.CrossRider^ [HKLM\Software\App Lid-nv] =>PUP.CrossRider^ [HKLM\Software\Maxiget] =>PUP.Maxiget^ [HKLM\Software\ShopperPro] =>PUP.ShopperPro^ [HKLM\Software\Wow6432Node\000f1de5-5820-4770-912e-c85b0a193a4f] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\240300df-8f25-4687-92b1-0e7cf7dc5366] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\2cc2d9f3-2fc7-4bb9-bbaf-b36aafda4a67] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\App Lid-nv] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\Maxiget] =>PUP.Maxiget^ [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^ [HKLM\Software\Wow6432Node\c7cd91c1-e3de-43fb-b693-7ecfc5a24e0b] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\ed842e7b-9d9c-45e8-bc34-25bdbd449f49] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^ [HKCR\CLSID\{11111111-1111-1111-1111-110611971195}] (Ge-Force) =>PUP.CrossRider^ [HKCR\CLSID\{11111111-1111-1111-1111-110611981129}] (SavePass 1.1) =>PUP.CrossRider^ C:\Windows\Reimage.ini =>Rogue.ReimageRepair ~ Additionnel Scan: 294393 Items scanned in 00mn 56s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51) ~ AMI: 5 Legitimates Filtered in 00mn 00s ---\\ Summary of the detections found on your workstation http://www.nicolascoolman.fr/blog/ =>Hijacker.Application http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus http://www.nicolascoolman.fr/blog/ =>Hijacker.OurSurfing http://www.nicolascoolman.fr/blog/ =>PUP.LuckyTab http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader http://www.nicolascoolman.fr/blog/ =>PUP.Maxiget http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup http://www.nicolascoolman.fr/blog/ =>PUP.Mysoftpack http://www.nicolascoolman.fr/blog/ =>PUP.PriceLess http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions http://nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster http://nicolascoolman.fr/pup-suptab =>PUP.SupTab http://nicolascoolman.fr/pup-browsertabsearch =>PUP.BrowserTabSearch http://www.nicolascoolman.fr/blog/ =>PUP.SiteLookup http://www.nicolascoolman.fr/blog/ =>PUP.BrowserHelper http://nicolascoolman.fr/adware-recordnrip =>Adware.RecordNRip http://nicolascoolman.fr/pup-v9software =>PUP.V9Software http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask http://www.nicolascoolman.fr/blog/ =>PUP.Conduit http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia ~ MSI: 29 link(s) detected in 00mn 00s ~ 1062 Legitimates filtered by white list End of the scan (960 lines in 03mn 08s)(0.9)