DERNIERES ANALYSES ZHPDiag et ZHPCleaner


Detection
Adware.Multiplug (2016/08/27)
O43 – CFD: 22/03/2015 – [] D — C:\Program Files (x86)\ffree2yyou
O43 – CFD: 16/11/2015 – [0] D — C:\Program Files (x86)\fRee2Yoiu
O43 – CFD: 22/03/2015 – [] D — C:\Program Files (x86)\offeuresale
O43 – CFD: 22/03/2015 – [] D — C:\Program Files (x86)\rockketDeal
PUP.Optional.Salus (2016/07/31)
[MD5.4FFE509E0D3D32D0629A82CB7355B72D] – (…) — C:\ProgramData\xifs\xifs.exe [392704] [PID.4348]
O23 – Service: xifs (xifs) . (…) – C:\ProgramData\xifs\xifs.exe
HKLM\SOFTWARE\Wow6432Node\mtxifs
O43 – CFD: 30/07/2016 – [] D — C:\ProgramData\xifs
O43 – CFD: 30/07/2016 – [] D — C:\ProgramData\xifss
O43 – CFD: 30/07/2016 – [] D — C:\Program Files (x86)\Common Files\Matfix
O45 – LFCP:[MD5.E53A77582A2EE41351AEBB65554D8781] 30/07/2016 A — C:\WINDOWS\Prefetch\XIFS.EXE-782DAD32.pf
O69 – SBI: prefs.js [Coolman – m9uj75to.default] user_pref(« browser.newtab.url », « C:\\ProgramData\\xifss\\ff.NT »);
HKLM\SYSTEM\CurrentControlSet\Services\xifs
C:\ProgramData\xifs\xifs.exe
C:\ProgramData\xifs\Tamtough.dll
HKLM\SOFTWARE\Wow6432Node\mtxifs
C:\ProgramData\xifs
C:\ProgramData\xifss
C:\WINDOWS\Prefetch\XIFS.EXE-782DAD32.pf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\xifs_RASMANCS
PUP.Optional.CrossRider (2016/06/23)
O23 – Service: Renew Single Click (dowidoly) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp
O23 – Service: Reservation Plastic (rijufoze) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp
O23 – Service: Check Default (vopudypezbt) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp
SR – Auto [22/06/2016] [ 244224] Renew Single Click (dowidoly) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp
SR – Auto [22/06/2016] [ 138240] Reservation Plastic (rijufoze) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp
SR – Auto [22/06/2016] [ 356352] Check Default (vopudypezbt) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp
[MD5.237AAA173D673B77740BE6AE3359AE47] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp [138240] [PID.2096]
[MD5.AB798F6DF51BCCB31E1E42E5F77ACB4F] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp [244224] [PID.2260]
[MD5.5247686493366E09A2C4BF0C9A9369D9] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp [356352] [PID.4660]
O43 – CFD: 22/06/2016 – [] D — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A
HKLM\SYSTEM\CurrentControlSet\Services\dowidoly
C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp
HKLM\SYSTEM\CurrentControlSet\Services\rijufoze
C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp
HKLM\SYSTEM\CurrentControlSet\Services\vopudypezbt
C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp
C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A
PUP.Optional.CrossRider (2016/05/22)
O23 – Service: Fencoepl (Fencoepl) . (…) – C:\Users\Coolman\AppData\Roaming\Litufeofao\Litufeofo.exe
[MD5.2E606A2D65E793D9E99A559540FBD3BD] – (…) — C:\Users\Coolman\AppData\Roaming\Litufeofo\Litufeofo.exe [170496] [PID.1976]
[MD5.8DC892C370F2CA2B005C2F0DD82E6446] – (…) — C:\Users\Coolman\AppData\Roaming\Liatufeofo\Niueog.exe [143872] [PID.3768]O23 – Service: Uretb (Uretb) . (…) – C:\Users\Coolman\AppData\Roaming\Giyfako\Giyfako.exe
[MD5.901E1AF8877A676852BE5E7AC48FBE1C] – (…) — C:\Users\Coolman\AppData\Roaming\Giyfako\Giyfako.exe [170496] [PID.2876]
[MD5.38859F63C2E3C633E1AED44B1FDC9E87] – (…) — C:\Users\Coolman\AppData\Roaming\Giyfako\Furarojiro.exe [143872] [PID.3564]O23 – Service: Lotbygse (Lotbygse) . (…) – C:\Users\Florent\AppData\Roaming\Icefrujq\Icefrujq.exe
[MD5.8CE0C4D9EE458A675BEFE8F6C7113BB1] – (…) — C:\Users\Florent\AppData\Roaming\Icefrujq\Icefrujq.exe [170496] [PID.1224]
[MD5.3B029CA3D91DEABE18BDA88308DF942B] – (…) — C:\Users\Florent\AppData\Roaming\Icefrujq\Akugcabbi.exe [143872] [PID.1212]O23 – Service: Ogoelvogda (Ogoelvogda) . (…) – C:\Users\Florent\AppData\Roaming\Zasudhwo\Zasudhwo.exe
[MD5.5DB891C545BECF5CD8DD5480BA0C717E] – (…) — C:\Users\Florent\AppData\Roaming\Zasudhwo\Zasudhwo.exe [170496] [PID.2248]
[MD5.D109D655BD2DA13E8317A334619EE005] – (…) — C:\Users\Florent\AppData\Roaming\Zasudhwo\Zyitz.exe [143872] [PID.2684]
Superfluous.SnailTranslator (2016/03/24)
[MD5.8D615E9720E3A592B23904001E30317A] – (.Snail Translator – Snail Translator.) — C:\Windows\Snail Translator\Snail Translator\Snail Translator.exe [454656] [PID.5640]
O4 – HKCU\..\Run: [Snail Translator] . (.Snail Translator – Snail Translator.) — C:\Windows\Snail Translator\Snail Translator\Snail Translator.exe
O4 – HKUS\S-1-5-21-1070416351-3011956442-1168121865-1000\..\Run: [Snail Translator] . (.Snail Translator – Snail Translator.) — C:\Windows\Snail Translator\Snail Translator\Snail Translator.exe
O4 – GS\Desktop [Administrateur]: Snail Translator.lnk . (.Snail Translator – Snail Translator.) C:\Windows\Snail Translator\Snail Translator\Snail Translator.exe
O4 – GS\Desktop [Coolman]: Snail Translator.lnk . (.Snail Translator – Snail Translator.) C:\Windows\Snail Translator\Snail Translator\Snail Translator.exe
O42 – Logiciel: Snail Translator 0.8 – (.Snail Translator.) [HKLM] — Snail Translator 0.8
PUP.Optional.OneSafePCCleaner (2016/01/27)
[MD5.2C4582C6B24E0243D91B0758A96827D4] [APT] [OneSafe PC Cleaner Schedule] (…) — C:\Program Files\OneSafe PC Cleaner\OSPCSchedule.exe [1092552]
O39 – APT: OneSafe PC Cleaner Schedule – (…) — C:\Windows\System32\Tasks\OneSafe PC Cleaner Schedule [3244]
O43 – CFD: 27/01/2016 – [] D — C:\Program Files\OneSafe PC Cleaner
C:\Program Files\OneSafe PC Cleaner\OSPCSchedule.exe
C:\Windows\System32\Tasks\OneSafe PC Cleaner Schedule
C:\Program Files\OneSafe PC Cleaner
PUP.Optional.Elex (2016/01/26)
O23 – Service: Winsere (Winsere) . (…) – C:\Program Files\Winsere\Winsere\Winsere.exe
SS – Auto [25/01/2016] [ 295096] Winsere (Winsere) . (…) – C:\Program Files\Winsere\Winsere\Winsere.exe
[MD5.A41902A009E2EC84DA98D6ECE1099BBE] [APT] [WinTaske] (…) — C:\Program Files\WinTaske\WinTaske\WinTaske.exe [336568]
O39 – APT: WinTaske – (…) — C:\Windows\System32\Tasks\WinTaske [15314]
O43 – CFD: 28/01/2016 – [] D — C:\Program Files\Winsere
O43 – CFD: 28/01/2016 – [] D — C:\Program Files\WinTaske
PUP.Optional.CrossRider (2016/01/20)
O43 – CFD: 20/01/2016 – [] D — C:\Users\Coolman\AppData\Roaming\CleanBrowser
O43 – CFD: 19/01/2016 – [] D — C:\Users\Coolman\AppData\Local\CleanBrowserApp (Détecté)
O61 – LFC: 2016/01/18 19:43:42 A . (..) — C:\Users\Coolman\AppData\Roaming\CleanBrowser\BrowserHelper.exe [101888]
O61 – LFC: 2016/01/19 11:04:52 A . (..) — C:\Users\Coolman\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe [46344704]
O61 – LFC: 2016/01/19 11:04:49 A . (..) — C:\Users\Coolman\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nwjc.exe [5154304]
O61 – LFC: 2016/01/19 11:04:49 A . (.Copyright (C) 2010.) — C:\Users\Coolman\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\pdf.dll [12247040]
PUP.Optional.CrossRider [MBAM]
PUP.Optional.MusixLib (2015/11/28)
G2 – GCE: Preference [User Data\Default] [gkbhpmdajdojnnhkfgffkofkjifglkan] MusixHub Start
P2 – EXT FILE: (…) — C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\rqisimx5.default\extensions\jid1-lpoiffmusixlib@jetpack.xpi
P2 – EXT FILE: (…) — C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\rqisimx5.default\searchplugins\musixlib.xml
C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\rqisimx5.default\searchplugins\musixlib.xml
C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\rqisimx5.default\extensions\jid1-lpoiffmusixlib@jetpack.xpi
PUP.Optional.MusixLib [MBAM]
Hijacker.ChromeBrowser (2015/11/02)
G2 – GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] [https://epicunitscan.info/00service/update2/crx] Google Chrome manifest
G2 – GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] [https://epicunitscan.info/00service/update2/crx] Google Chrome manifest
G2 – GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] [https://epicunitscan.info/00service/update2/crx] Google Chrome manifest
G2 – GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] [https://epicunitscan.info/00service/update2/crx] Google Voice Search Hotword (Beta)
G2 – GCE: Preference [User Data\Default] [blbkdnmdcafmfhinpmnlhhddbepgkeaa] [https://epicunitscan.info/00service/update2/crx] __MSG_ExtensionName__
G2 – GCE: Preference [User Data\Default] [djaoeafihpfaakkpdobmhedohgnmhpbp] [https://epicunitscan.info/00service/update2/crx] __MSG_news_factory_extension_name__
G2 – GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] [https://epicunitscan.info/00service/update2/crx] Google Chrome manifest
G2 – GCE: Preference [User Data\Default] [gbchcmhmhahfdphkhkmpfmihenigjmpp] [https://epicunitscan.info/00service/update2/crx] __MSG_PRODUCT_NAME__
G2 – GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] [https://epicunitscan.info/00service/update2/crx] AdBlock
G2 – GCE: Preference [User Data\Default] [hclgbbaloijjnkpigapgmocdpoblnlec] [https://epicunitscan.info/00service/update2/crx] Google Chrome manifest
G2 – GCE: Preference [User Data\Default] [jcpeoljnjindgjjcimeeonldjplbpjph] [https://epicunitscan.info/00service/update2/crx] __MSG_application_title__
G2 – GCE: Preference [User Data\Default] [kfdckejfnkaemompfjhecfmhjgnchmjg] [https://epicunitscan.info/00service/update2/crx] Cuevana Stream
G2 – GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] [https://epicunitscan.info/00service/update2/crx] Skype Click to Call
G2 – GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] [https://epicunitscan.info/00service/update2/crx] Google Chrome manifest
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\chrome.dll [https://epicunitscan.info/00service/update2/crx]
PUP.Optional.CrossRider (2015/10/15)
O42 – Logiciel: nitionto – (.canortic.) [HKLM] — {46d699b3-6a25-4071-6078-4e96aeed2e07}
[HKCU\Software\canortic]
O43 – CFD: 15/06/2015 – 11:24:08 – [] —-D C:\Users\Coolman\AppData\Roaming\nitionto
O61 – LFC: 15/06/2015 – 12:18:17 —A- . (…) — C:\Users\Coolman\AppData\Roaming\nitionto\acpiis.dll [132608]
[MD5.F8B86F5569484445940B265E9A2F6586] [APT] [852cbb07-6da7-4bac-ba50-65c99f05008b-7] (.Sense+.) — C:\Program Files\SensePlus\852cbb07-6da7-4bac-ba50-65c99f05008b-7.exe [1111552]
O42 – Logiciel: SensePlus – (.Sense+.) [HKLM] — SensePlus
O43 – CFD: 16/06/2015 – 01:36:15 – [] —-D C:\Program Files\SensePlus
PUP.Optional.CrossRider (2015/10/12)
[MD5.23EDBF162CD86BBAEA98A4D9FD5AE7CD] – (.Great Apps – CrimeWatch Service.) — C:\ProgramData\eBxXaBl\MeppmbUJX.exe [2999208] [PID.4216]
O23 – Service: MeppmbUJX (MeppmbUJX) . (.Great Apps – CrimeWatch Service.) – C:\ProgramData\eBxXaBl\MeppmbUJX.exe
O42 – Logiciel: CrimeWatch – (.Great Apps.) [HKLM] — CrimeWatch
O43 – CFD: 2015/10/11 16:02:50 – [] D — C:\ProgramData\eBxXaBl
O43 – CFD: 2015/10/11 16:02:41 – [] D — C:\ProgramData\CrimeWatch
SR – Auto [2015/10/11 16:02:45] [ 2999208] MeppmbUJX (MeppmbUJX) . (.Great Apps.) – C:\ProgramData\eBxXaBl\MeppmbUJX.exe
PUP.Optional.SlowPCfighter (2015/23/09)
[MD5.DD5A0AFF9AB13814F9AA132E1A2154B4] – (.MYSecurityCenter Ltd. – MYtools Update Manager.) — C:\Program Files\My Security Center\Tray\MYSCTray.exe [1441448] [PID.4160]
O4 – HKLM\..\Run: [CommonToolkitTray_My Security Center] . (.MYSecurityCenter Ltd. – MYtools Update Manager.) — C:\Program Files\My Security Center\Tray\MYSCTray.exe
HKLM\SOFTWARE\My Security Center
HKCU\SOFTWARE\My Security Center
O43 – CFD: 2015/09/25 11:23:02 – [] D — C:\Program Files\My Security Center
O43 – CFD: 2015/09/25 11:23:02 – [] D — C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Security Center
O43 – CFD: 2015/09/25 11:23:02 – [] D — C:\ProgramData\My Security Center
O43 – CFD: 2015/09/23 17:00:00 – [] D — C:\Users\Coolman\AppData\Roaming\My Security Center
C:\Program Files\My Security Center\MYPCTuneUp\MYPCTuneUp.exe
Hijacker.Proxy (Variante) (2015/08/14)
SUPPRIMÉ donnée: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ]
SUPPRIMÉ donnée: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad: http=127.0.0.1:8888;https=127.0.0.1:8888]
SUPPRIMÉ donnée: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 1]
SUPPRIMÉ donnée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad: Port=8888 ]
SUPPRIMÉ donnée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad: Port=8888 ]
PUP.Optional.WaJam (Variante) (2015/08/07)
[MD5.3DD24411BF1E5272BAD42426AFC0F51B] – (…) — C:\Program Files\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe
[MD5.8EC4D9ACBFA04A555FF7F05BBD5B250F] – (. – H2LGKZ.) — C:\Program Files\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancer.exe
O23 – Service: WaInterEnhancer Service (WaInterEnhancer Service) . (…) – C:\Program Files\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe
HKLM\SOFTWARE\WaInterEnhancer
HKCU\SOFTWARE\WaInterEnhancer
O43 – CFD: 2015/07/21 03:55:50 – [] D — C:\Program Files\WaInterEnhancer
O43 – CFD: 2015/07/21 03:56:03 – [] D — C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer
PUP.Optional.MyTubeTheater (2015/07/30)
[MD5.F3E578B6CF39F1670BCD32A5EAAEDB5F] – (…) — C:\Program Files (x86)\MyTubeTheater_v50.851\MyTubeTheater_Assistant.exe [33992] [PID.6772]
O4 – HKLM\..\Wow6432Node\RunOnce: [MyTubeTheater_v50.851] . (…) — C:\Program Files (x86)\MyTubeTheater_v50.851\MyTubeTheater_Assistant.exe
O42 – Logiciel: Mytubetheater Assistant – (.CSDI.) [HKLM][64Bits] — zz.851.mtt
HKLM\SOFTWARE\Wow6432Node\MyTubeTheater
HKCU\SOFTWARE\mytubetheater
O43 – CFD: 2015/06/28 20:32:01 – [] D — C:\Program Files (x86)\MyTubeTheater
O43 – CFD: 2015/06/28 20:44:49 – [] D — C:\Program Files (x86)\MyTubeTheater_v50.851
PUP.Optional.SpaceSoundPro (2015/07/18)
O4 – HKLM\..\RunOnce: [SpaceSondPro_v84.1016] . (…) — C:\Program Files\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe
O42 – Logiciel: SpaceSoundPro – (…) [HKLM] — SpaceSoundPro
O42 – Logiciel: SpaceSoundPro Service – (.CSDI.) [HKLM] — zz.1016.ssp
HKLM\SOFTWARE\SpaceSondPro
HKLM\SOFTWARE\SpaceSoundPro
O43 – CFD: 2015/07/18 18:23:31 – [] D — C:\Program Files\SpaceSondPro
O43 – CFD: 2015/07/18 18:23:29 – [] D — C:\Program Files\SpaceSondPro_v84.1016
O43 – CFD: 2015/07/18 18:23:36 – [] D — C:\Program Files\SpaceSoundPro
O43 – CFD: 2015/07/18 18:23:33 – [] D — C:\Users\Coolman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
PUP.Optional.BrMediaPlayerl (2015/07/09)
[MD5.AFA10DE8B7A7C06F715DBC65503DA94C] – (.Lumia Technologies – TechViewHD – Advanced Media Player.) — C:\Program Files\Br Media Player\Br Media Player\Br Media Player.exe [2287616] [PID.3852]
O4 – HKCU\..\Run: [Br Media Player] . (.Lumia Technologies – TechViewHD – Advanced Media Player.) — C:\Program Files\Br Media Player\Br Media Player\Br Media Player.exe
O4 – HKUS\S-1-5-21-291932931-3587585436-791359030-1000\..\Run: [Br Media Player] . (.Lumia Technologies – TechViewHD – Advanced Media Player.) — C:\Program Files\Br Media Player\Br Media Player\Br Media Player.exe
O42 – Logiciel: Br Media Player 1.03 – (.Br Media Player.) [HKLM] — Br Media Player 1.03
HKLM\SOFTWARE\Br MediaPlayer
O43 – CFD: 2015/07/07 13:03:05 – [] D — C:\Program Files\Br Media Player
PUP.Shamanul [Adware.Sambreel] (2014/12/27)
[MD5.F112A5CBF4A56C5062D6B9B5D1345596] – (…) — C:\Program Files (x86)\shamanul\bin\shamanul.BrowserAdapter.exe [98584] [PID.16064]
O23 – Service: Update shamanul (Update shamanul) . (…) – C:\Program Files (x86)\shamanul\updateshamanul.exe
O23 – Service: Util shamanul (Util shamanul) . (…) – C:\Program Files (x86)\shamanul\bin\utilshamanul.exe
O42 – Logiciel: shamanul – (.shamanul.) [HKLM][64Bits] — shamanul
[HKCU\Software\shamanul]
[HKLM\Software\Wow6432Node\shamanul]
O43 – CFD: 12/12/2014 – 16:13:23 – [] —-D C:\Program Files (x86)\shamanul
SR – | Auto 26/08/2014 323352 | (Update shamanul) . (…) – C:\Program Files (x86)\shamanul\updateshamanul.exe
SR – | Auto 26/08/2014 323352 | (Util shamanul) . (…) – C:\Program Files (x86)\shamanul\bin\utilshamanul.exe
PUP.Optional.Abengine (2014/12/24) [MD5.63514E79ED55D52A6CCAD26C0321A042] – (.Abengine – Pas de description.) — C:\Program Files (x86)\Flwsrf\abengine.exe [1348168] [PID.1648]
O23 – Service: abengine (abengine) . (.Abengine – Pas de description.) – C:\Program Files (x86)\Flwsrf\abengine.exe
O23 – Service: Injector Service (InjectorService) . (…) – C:\Program Files (x86)\Flwsrf\ijs.exe
[MD5.400110F238F98C0366C787DEDF5E1DEF] [APT] [upfs7235] (…) — C:\Program Files (x86)\Flwsrf\upfs7235.exe [59019]
O42 – Logiciel: Flwsrf – (.Flwsrf.) [HKLM][64Bits] — Flwsrf
O43 – CFD: 21/12/2014 – 08:51:55 – [] —-D C:\Program Files (x86)\Flwsrf
O44 – LFC:[MD5.3210008CB58EBDE3BACA6E1C81E22DD0] – 20/12/2014 – 21:11:12 —A- . (.Abengine – Pas de description.) — C:\Windows\System32\abengine64.dll [370880]
O44 – LFC:[MD5.BA399DECCDA13C9571ED53D3FD70EDA5] – 21/12/2014 – 08:51:23 —A- . (…) — C:\Windows\System32\abengineOff.ini [2576]
SR – | Auto 05/12/2014 1348168 | (abengine) . (.Abengine.) – C:\Program Files (x86)\Flwsrf\abengine.exe
SS – | Auto 29/11/2014 164352 | (InjectorService) . (…) – C:\Program Files (x86)\Flwsrf\ijs.exe
PUP.Optional.Nosibay (2014/12/23) [MD5.B413414B666E501928E91F63D2A99F5E] – (.Nosibay – Selection Tools.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [1510160] [PID.2992]
O4 – HKCU\..\Run: [Selection Tools] . (.Nosibay – Selection Tools.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
O4 – HKUS\S-1-5-21-1737334524-2669293134-1811828161-1000\..\Run: [Selection Tools] . (.Nosibay – Selection Tools.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
O42 – Logiciel: Selection Tools – (.WTools.) [HKCU][64Bits] — Selection Tools
O61 – LFC: 16/12/2014 – 09:29:23 —A- . (.Microsoft Corporation.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\MFC71.dll [1060864]
O61 – LFC: 16/12/2014 – 09:29:23 —A- . (.Microsoft Corporation.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\gdiplus.dll [1645320]
O61 – LFC: 16/12/2014 – 09:29:24 —A- . (.Microsoft Corporation.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\msvcp71.dll [499712]
O61 – LFC: 16/12/2014 – 09:29:24 —A- . (.Microsoft Corporation.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\msvcr71.dll [348160]
O61 – LFC: 16/12/2014 – 09:29:25 —A- . (.Nosibay.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\Selection Tools Uninstall.exe [638344]
O61 – LFC: 16/12/2014 – 09:29:25 —A- . (.Nosibay.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe [164888]
O61 – LFC: 16/12/2014 – 09:29:25 —A- . (.Nosibay.) — C:\Users\Rambaud\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [1510160]
[HKCU\Software\WTools]
O43 – CFD: 20/12/2014 – 20:14:10 – [] —-D C:\Users\Rambaud\AppData\Roaming\WTools
PUP.Optional.SpeedCheck (2014/12/22) MD5.BB360E7947DC739BA975510CB0DC95E4] – (.Pas de propriétaire – Installation support.) — C:\Program Files (x86)\ver7SpeedCheck\i6SpeedCheckv60.exe [733184] [PID.1848]
[MD5.5FB0E0370450D75B0B79C0F3B6EFB0ED] – (.Pas de propriétaire – SpeedCheck.) — C:\Program Files (x86)\ver7SpeedCheck\SpeedCheck.exe [745984] [PID.3320]
M2 – MFEP: RegExtension {8313D68A-F3FA-0D62-A012-F312A5076179} . (…) — C:\Program Files (x86)\ver7SpeedCheck\184.xpi
O2 – BHO: SpeedCheck [64Bits] – {29D9A0FC-AB93-03E3-C63E-463F394C118A} . (…) — C:\Program Files (x86)\ver7SpeedCheck\184.dll
[MD5.BB360E7947DC739BA975510CB0DC95E4] [APT] [SpeedCheck Update] (…) — C:\Program Files (x86)\ver7SpeedCheck\i6SpeedCheckv60.exe [733184]
O39 – APT: SpeedCheck Update – (…) — C:\Windows\Tasks\SpeedCheck Update.job [416]
O39 – APT: SpeedCheck Update – (…) — C:\Windows\System32\Tasks\SpeedCheck Update [416]
[HKCU\Software\AppDataLow\Software\SpeedCheck]
O43 – CFD: 20/12/2014 – 20:00:07 – [] —-D C:\Program Files (x86)\ver7SpeedCheck
O42 – Logiciel: SpeedCheck – (.SpeedCheck-software.) [HKLM][64Bits] — 8CFBC668-1443-D8AB-482F-03645C0A93EF
PUP.DigiHelp [Adware.Sambreel] (2014/12/17) [MD5.CCB9848F8C39DF0AB5A947F0842B51F5] – (…) — C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BrowserAdapter.exe [98536] [PID.2852]
O2 – BHO: DigiHelp 1.0.0.5 [64Bits] – {5bee7be9-df29-4c14-a18e-2bdd06205e29} . (.DigiHelp – DigiHelp.) — C:\Program Files (x86)\DigiHelp\DigiHelpBHO.dll
O23 – Service: Update DigiHelp (Update DigiHelp) . (…) – C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe
O23 – Service: Util DigiHelp (Util DigiHelp) . (…) – C:\Program Files (x86)\DigiHelp\bin\utilDigiHelp.exe
[HKCU\Software\DigiHelp]
[HKLM\Software\Wow6432Node\DigiHelp]
O43 – CFD: 17/12/2014 – 16:42:41 – [] —-D C:\Program Files (x86)\DigiHelp
SR – | Auto 17/12/2014 519400 | (Update DigiHelp) . (…) – C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe
SR – | Auto 17/12/2014 519400 | (Util DigiHelp) . (…) – C:\Program Files (x86)\DigiHelp\bin\utilDigiHelp.exe
PUP.Optional.FasterLight [Adware.Sambreel] (2014/12/16) [MD5.24275E60F9EA9B4BD28CB43241E4894D] – (…) — C:\Program Files (x86)\Faster Light\bin\FasterLight.BrowserAdapter.exe [98552] [PID.5484]
[MD5.021900A25E3C0B99C6F047427DF175EA] – (…) — C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe [523512] [PID.4576]
[MD5.021900A25E3C0B99C6F047427DF175EA] – (…) — C:\Program Files (x86)\Faster Light\updateFasterLight.exe [523512] [PID.4204]
O2 – BHO: Faster Light 1.0.0.5 [64Bits] – {950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} . (.Faster Light – Faster Light.) — C:\Program Files (x86)\Faster Light\FasterLightBHO.dll
O23 – Service: Update Faster Light (Update Faster Light) . (…) – C:\Program Files (x86)\Faster Light\updateFasterLight.exe
O23 – Service: Util Faster Light (Util Faster Light) . (…) – C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe
[HKCU\Software\Faster Light]
[HKLM\Software\Wow6432Node\Faster Light]
O43 – CFD: 16/12/2014 – 19:51:41 – [] —-D C:\Program Files (x86)\Faster Light
SR – | Auto 16/12/2014 523512 | (Update Faster Light) . (…) – C:\Program Files (x86)\Faster Light\updateFasterLight.exe
SR – | Auto 16/12/2014 523512 | (Util Faster Light) . (…) – C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe
PUP.Optional.Cantataweb (2014/12/14) M2 – MFEP: Extension [Cac – r3mcphhh.default] {d3ce358a-e98f-4b6c-95cc-6e2435c35c87}
O2 – BHO: Cantataweb 1.0.0.5 – {aab803bd-f01b-423a-a89a-60af476e9f12} . (.Cantataweb – Cantataweb.) — C:\Program Files\Cantataweb\Cantatawebbho.dll
O23 – Service: Update Cantataweb (Update Cantataweb) . (…) – C:\Program Files\Cantataweb\updateCantataweb.exe
O23 – Service: Util Cantataweb (Util Cantataweb) . (…) – C:\Program Files\Cantataweb\bin\utilCantataweb.exe
SS – | Auto 14/12/2014 524016 | (Util Cantataweb) . (…) – C:\Program Files\Cantataweb\bin\utilCantataweb.exe
SR – | Auto 14/12/2014 524016 | (Update Cantataweb) . (…) – C:\Program Files\Cantataweb\updateCantataweb.exe
PUP.Optional.CrossRider [Adware] (2014/12/06) [MD5.B0D1BB296805EFB605DDC73E32B3DF3A] – (…) — C:\Program Files (x86)\gmsd_fr_9\gmsd_fr_9.exe [3978408] [PID.3592]
[MD5.A0A889486D1932BC96A6EE4EB693B8A2] – (…) — C:\Users\Marie\AppData\Local\mbot_be_16\upmbot_be_16.exe [3305976] [PID.1032]
[MD5.2FDAE421C16F1899B43029288305B87D] – (…) — C:\Program Files (x86)\mbot_be_16\mbot_be_16.exe [3971528] [PID.1032]
[MD5.ED5F5E7C8180DB009EC872723F576E85] – (…) — C:\Program Files (x86)\mbot_be_71\mbot_be_71.exe [3974144] [PID.5084]
O4 – HKLM\..\Wow6432Node\Run: [gmsd_fr_9] . (…) — C:\Program Files (x86)\gmsd_fr_9\gmsd_fr_9.exe
O4 – HKLM\..\Wow6432Node\Run: [mbot_be_16] . (…) — C:\Program Files (x86)\mbot_be_16\mbot_be_16.exe
O4 – HKLM\..\Wow6432Node\Run: [mbot_be_71] . (…) — C:\Program Files (x86)\mbot_be_71\mbot_be_71.exe
O4 – HKLM\..\Wow6432Node\RunOnce: [upmbot_be_16.exe] . (…) — C:\Users\Marie\AppData\Local\mbot_be_16\upmbot_be_16.exe
O43 – CFD: 14/10/2014 – 19:44:23 – [] —-D C:\Program Files (x86)\mbot_be_16
O43 – CFD: 29/11/2014 – 11:48:17 – [] —-D C:\Program Files (x86)\mbot_be_71
O61 – LFC: 01/12/2014 – 16:27:41 —A- . (…) — C:\Users\Thierry\AppData\Local\gmsd_fr_9\upgmsd_fr_9.exe [3307688]
PUP.Optional.eDeals (2014/12/06) O42 – Logiciel: eDealPop version 1.0 – (.eDealPop.) [HKLM] — eDealPop_is1
O42 – Logiciel: eDeals version 1.0 – (.eDeals.) [HKLM] — eDeals_is1
O42 – Logiciel: eDealsPop version 1.0 – (.eDealsPop.) [HKLM][64Bits] — eDealsPop_is1
PUP.Optional.DonutQuotes (2014/12/04) O23 – Service: DonutQuotes (donutleadsServiceCore) . (.Pas de propriétaire – DonutLeadsService.) – C:\Program Files (x86)\donutleads\DonutLeadsService.exe
[MD5.5136A953A7D9D76E2C1C41AA7660163A] [APT] [DonutQuotes] (…) — C:\Program Files (x86)\donutleads\ScheduledTask.exe [6656]
O42 – Logiciel: DonutQuotes – (.DonutLeads.) [HKLM][64Bits] — donutleads
O43 – CFD: 03/12/2014 – 22:50:47 – [] —-D C:\Program Files (x86)\donutleads
O43 – CFD: 03/12/2014 – 23:17:34 – [] —-D C:\ProgramData\donutleads
SR – | Auto 12/11/2014 381440 | (donutleadsServiceCore) . (…) – C:\Program Files (x86)\donutleads\DonutLeadsService.exe
PUP.Optional.HoldPage (2014/12/02) (Sambreel) O2 – BHO: Hold Page 1.0.0.4 [64Bits] – {6c14185e-4de6-4a79-985b-19f23fd1e638} . (.Hold Page – Hold Page.) — C:\Program Files (x86)\Hold Page\HoldPagebho.dll
O23 – Service: Update Hold Page (Update Hold Page) . (…) – C:\Program Files (x86)\Hold Page\updateHoldPage.exe
O23 – Service: Util Hold Page (Util Hold Page) . (…) – C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe
O42 – Logiciel: Hold Page – (.Hold Page.) [HKLM][64Bits] — Hold Page
[HKCU\Software\Hold Page]
[HKLM\Software\Wow6432Node\Hold Page]
O43 – CFD: 30/11/2014 – 17:04:47 – [] —-D C:\Program Files (x86)\Hold Page
SR – | Auto 30/11/2014 525552 | (Update Hold Page) . (…) – C:\Program Files (x86)\Hold Page\updateHoldPage.exe
SR – | Auto 30/11/2014 525552 | (Util Hold Page) . (…) – C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe
PUP.Optional.ClickCaption (2014/11/30) O2 – BHO: ClickCaption [64Bits] – {A18EA34C-6D33-4298-8A54-7F16499904C0} . (.ClickCaption – Click Caption Client BHO x86.) — C:\Program Files (x86)\ClickCaption_1.10.0.2\IE\ClickCaptionClientIE.dll
O23 – Service: Click Caption 1.10.0.2 Client Service (ccsvc_1.10.0.2) . (.ClickCaption – Click Caption Client Service.) – C:\Program Files (x86)\ClickCaption_1.10.0.2\Service\ccsvc.exe
O41 – Driver: (ccnfd_1_10_0_2) . (.ClickCaption – Click Caption Driver x64.) – C:\Windows\System32\drivers\ccnfd_1_10_0_2.sys
O42 – Logiciel: Click Caption 1.10.0.2 – (.ClickCaption.) [HKLM][64Bits] — ClickCaption_1.10.0.2
O43 – CFD: 21/11/2014 – 18:27:27 – [] —-D C:\Program Files (x86)\ClickCaption_1.10.0.2
O58 – SDL:30/10/2014 – 22:39:28 —A- . (.ClickCaption – Click Caption Driver x64.) — C:\Windows\System32\Drivers\ccnfd_1_10_0_2.sys [58232]
SR – | Auto 30/10/2014 277584 | (ccsvc_1.10.0.2) . (.ClickCaption.) – C:\Program Files (x86)\ClickCaption_1.10.0.2\Service\ccsvc.exe
PUP.Optional.MyHoome (2014/11/22) M0 – MFSP: prefs.js [coolman – fi8t1hu8.default] http://www.myhoome.com
R0 – HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com
R1 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
R1 – HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
PUP.Optional.SaleCaravan (2014/11/21) O23 – Service: TrustMix (ecccc895) . (…) – c:\Program Files (x86)\SaleCaravan\WeCareCoupons.dll
O42 – Logiciel: SaversDepot – (.Software Publisher.) [HKLM][64Bits] — {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ecccc895}
O43 – CFD: 20/11/2014 – 22:30:42 – [] —-D C:\Program Files (x86)\SaleCaravan
SR – | Auto 20/11/2014 4029440 | (ecccc895) . (…) – c:\Program Files (x86)\SaleCaravan\WeCareCoupons.dll
PUP.Optional.ZombieInvasion (2014/11/20) [MD5.2049DD6693A9F4771AD4243AF458E54B] – (.Time Lapse Solutions – ZombieInvasion Service.) — C:\ProgramData\eTlXLYQcDX\pVsCMda.exe [2726776] [PID.2336]
O23 – Service: pVsCMda (pVsCMda) . (.Time Lapse Solutions – ZombieInvasion Service.) – C:\ProgramData\eTlXLYQcDX\pVsCMda.exe
O42 – Logiciel: Zombie Invasion – (.Time Lapse Solutions.) [HKLM][64Bits] — ZombieInvasion
SR – | Auto 17/11/2014 2726776 | (pVsCMda) . (.Time Lapse Solutions.) – C:\ProgramData\eTlXLYQcDX\pVsCMda.exe
PUP.Optional.Vosteran (2014/11/18) R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://vosteran.com
O42 – Logiciel: WSE_Vosteran – (.WSE_Vosteran.) [HKLM] — WSE_Vosteran
O43 – CFD: 16/11/2014 – 17:16:18 – [] —-D C:\Program Files\WSE_Vosteran
O68 – StartMenuInternet: [HKLM\..\Shell\open\Command] (…) — C:\Documents and Settings\Pierre-Yves\Local Settings\Application Data\Vosteran\Application\vosteran.exe
O68 – StartMenuInternet: <>[HKLM\..\Shell\open\Command] (…) — C:\Documents and Settings\Pierre-Yves\Local Settings\Application Data\Vosteran\Application\vosteran.exe
PUP.Optional.CrossRider [Adware] (2014/11/18) G2 – GCE: Preference [User Data\Default] [ofaemmlijemfcopjandkcndefpnacabg] HQual2y-v2.5V01.11 v.1.26.76, (Désactivé)
G2 – EXT: C:\Users\carolephiphi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg [HQual2y-v2.5V01.11]
[HKLM\Software\HQual2y-v2.5V01.11-nv]
[HKLM\Software\Wow6432Node\HQual2y-v2.5V01.11-nv]
PUP.Optional.WordProser (2014/11/10) [MD5.B25922683BFF1E1AA8164DC99E25F6E3] – (.Word Proser – Word Proser Client Service.) — C:\Program Files (x86)\WordProser_1.10.0.2\Service\wpsvc.exe [277584] [PID.2972]
O2 – BHO: WordProser [64Bits] – {3EBB5099-9732-48AE-B032-58B702D86EEC} . (.Word Proser – Word Proser Client BHO x86.) — C:\Program Files (x86)\WordProser_1.10.0.2\IE\WordProserClientIE.dll
O23 – Service: Word Proser 1.10.0.2 Client Service (wpsvc_1.10.0.2) . (.Word Proser – Word Proser Client Service.) – C:\Program Files (x86)\WordProser_1.10.0.2\Service\wpsvc.exe
O41 – Driver: (wpnfd_1_10_0_2) . (.Word Proser – Word Proser Driver x64.) – C:\Windows\System32\drivers\wpnfd_1_10_0_2.sys
O42 – Logiciel: Word Proser 1.10.0.2 – (.Word Proser.) [HKLM][64Bits] — WordProser_1.10.0.2
O43 – CFD: 08/11/2014 – 13:19:03 – [] —-D C:\Program Files (x86)\WordProser_1.10.0.2
O44 – LFC:[MD5.869359ADC102DFCB23727A5570AF130A] – 04/11/2014 – 19:55:36 —A- . (.Word Proser – Word Proser Driver x64.) — C:\Windows\System32\Drivers\wpnfd_1_10_0_2.sys [58240]
O64 – Services: CurCS – 04/11/2014 – C:\Windows\System32\drivers\wpnfd_1_10_0_2.sys (wpnfd_1_10_0_2) .(.Word Proser – Word Proser Driver x64.) – LEGACY_WPNFD_1_10_0_2
PUP.Optional.Maxiget (2014/11/08) [HKCU\Software\Maxiget]
[HKLM\Software\Wow6432Node\Maxiget]
O43 – CFD: 28/10/2014 – 23:20:12 – [] —-D C:\Program Files (x86)\Maxiget
O43 – CFD: 28/10/2014 – 22:14:37 – [] —-D C:\Users\Coolman\AppData\Local\MaxiGet Download Manager
PUP.Optional.BoBrowser (2014/11/07) O4 – HKCU\..\Run: [BoBrowser] . (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe
O4 – HKUS\S-1-5-21-1769541153-1675505367-3705700697-1001\..\Run: [BoBrowser] . (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe
[HKCU\Software\BoBrowser]
O43 – CFD: 04/11/2014 – 11:08:18 – [] —-D C:\Users\Coolman\AppData\Local\BoBrowser
[MD5.05AD6DFEC9D08F7B95A2B35C47A02F5B] – (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe [7348224] [PID.396]
O68 – StartMenuInternet: [HKLM\..\Shell\open\Command] (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe
PUP.Optional.FastPlayer (2014/11/03) O42 – Logiciel: FastPlayer – (…) [HKLM][64Bits] — FastPlayer
O43 – CFD: 02/11/2014 – 13:02:39 – [] —-D C:\Program Files (x86)\FastPlayer
O43 – CFD: 31/10/2014 – 19:56:20 – [] —-D C:\Users\Coolman\AppData\Local\fastplayer
SS – | Auto 30/09/2014 11776 | (FastPlayerUpdaterService) . (…) – C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
PUP.Optional.Pirrit (2014/11/01) SS – | Auto 10/07/2014 0 | (ArchiveCommandProcess.exe) . (…) – C:\Users\Coolman\AppData\Local\ArchiveCommandProcess\ArchiveCommandProcess.exe
SS – | Auto 10/07/2014 0 | (CompilerDebugInterpreter.exe) . (…) – C:\Users\Coolman\AppData\Local\CompilerDebugInterpreter\CompilerDebugInterpreter.exe
SS – | Auto 10/07/2014 0 | (CronFAT32Wizard.exe) . (…) – C:\Users\Coolman\AppData\Local\CronFAT32Wizard\CronFAT32Wizard.exe
SS – | Auto 10/07/2014 0 | (MemorySambaWord.exe) . (…) – C:\Users\Coolman\AppData\Local\MemorySambaWord\MemorySambaWord.exe
SR – | Auto 03/09/2014 60965 | (AppJREScript) . (…) – C:\Windows\SysWOW64\AppJREScript\AppJREScript.exe
SR – | Auto 13/10/2014 68096 | (CommandJRETooltip) . (…) – C:\Windows\SysWOW64\CommandJRETooltip\CommandJRETooltip.exe
SR – | Auto 13/10/2014 158720 | (DLCOSQuick.exe) . (…) – C:\Users\Coolman\AppData\Local\DLCOSQuick\DLCOSQuick.exe
PUP.Optional.InstaShare (2014/10/31) C:\ProgramData\eTObPhN\dat\AdaqujIwh.exe
C:\ProgramData\eTObPhN\dat\QYkcNspEa.exe
C:\ProgramData\\dat\.exe
C:\ProgramData\InstaShare\uninstall.exe
PUP.Optional.StormWatch (2014/10/30) [MD5.4A733A67A57AABC854435C8537A62A8A] – (.Weather Protector LLC – StormWatch.) — C:\Users\Coolman\AppData\Local\StormWatch\StormWatch.exe [160936] [PID.584]
[MD5.7A552A82A5EC6D2B53A7930EE9764CA8] – (…) — C:\Users\Coolman\AppData\Local\StormWatch\StormWatchApp.exe [1147416] [PID.1672]
O43 – CFD: 30/10/2014 – 11:25:07 – [] —-D C:\Users\Coolman\AppData\Local\Weather_Protector_LLC
O43 – CFD: 30/10/2014 – 16:49:39 – [] —-D C:\Users\Coolman\AppData\Local\StormWatch
PUP.Optional.SuperOptimizer (2014/10/30) O4 – HKCU\..\Run: [Super Optimizer] . (.SUPER PC TOOLS LIMITED – Super Optimizer Launcher.) — C:\Program Files\Super Optimizer\SupOptLauncher.exe
O4 – HKUS\S-1-5-21-940898033-3828045855-482568264-1000\..\Run: [Super Optimizer] . (.SUPER PC TOOLS LIMITED – Super Optimizer Launcher.) — C:\Program Files\Super Optimizer\SupOptLauncher.exe
O42 – Logiciel: Super Optimizer v3.2 – (.Super PC Tools ltd.) [HKLM] — Super Optimizer_is1
[HKCU\Software\Super Optimizer]
O43 – CFD: 30/10/2014 – 11:23:21 – [] —-D C:\Program Files\Super Optimizer
O43 – CFD: 30/10/2014 – 11:30:11 – [] —-D C:\Users\Coolman\AppData\Roaming\Super Optimizer
PUP.PirritSuggestor (2014/10/11) [MD5.DB5F50612D3A928200927B9FE72F6E5E] – (…) — C:\Users\Serge\AppData\Local\MacroOSSprite\DebuggerRootUtility.exe [366592] [PID.3556]
O23 – Service: DirectXODBCStart.exe (DirectXODBCStart.exe) . (…) – C:\Users\Serge\AppData\Local\DirectXODBCStart\DirectXODBCStart.exe
O23 – Service: MacroOSSprite.exe (MacroOSSprite.exe) . (…) – C:\Users\Serge\AppData\Local\MacroOSSprite\MacroOSSprite.exe
PUP.CrossRider [Adware] (2014/10/11) G2 – GCE: Preference [User Data\Default] [hoidflomjnnnbiemmkjdjkkialmhbago] Browsers+_App+s+ v.1.26.9, (Activé)
[HKLM\Software\Browsers+_App+s+-nv]
[HKLM\Software\Browsers+_App+s+]
PUP.TotalSystemCare (2014/10/04) [MD5.E4367780DD300FE184BDD49395615D64] [APT] [TotalSystemCare.Scanning] (…) — C:\Program Files\TotalSystemCare\TotalSystemCare.exe [2233144]
O42 – Logiciel: TotalSystemCare – (.Safebytes Software Inc..) [HKLM] — TotalSystemCare
O43 – CFD: 04/10/2014 – 14:34:13 – [] —-D C:\Program Files\TotalSystemCare
O43 – CFD: 04/10/2014 – 14:33:26 – [] —-D C:\Users\Coolman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalSystemCare
Adware.Proxomoto (2014/10/02) [MD5.1E5A198F9BA92557BA929AF14320AED5] – (.Pas de propriétaire – NewVersionUploader.) — C:\Windows\Microsoft\UpdatingService\NewVersionDownloader.exe [13312] [PID.2692]
O23 – Service: UpdatingService (UpdatingService) . (.Pas de propriétaire – NewVersionUploader.) – C:\Windows\Microsoft\UpdatingService\NewVersionDownloader.exe
SR – | Auto 25/08/2014 13312 | (UpdatingService) . (…) – C:\Windows\Microsoft\UpdatingService\NewVersionDownloader.exe
PUP.CrossRider [Adware] (2014/10/01) [MD5.CAB6599BCD1CB3DA76EAF314801E7215] – (.app – Browser+ Apps+ exe.) — C:\program files\browser+ apps+\browser+ apps+-bg.exe [623008] [PID.2484]
[MD5.EAED25A0081CA53CBE2F5D58FC0E0BE1] [APT] [daaf8f1e-02cf-42a6-ab97-212f4f33e209] (.app.) — C:\Program Files\Browser+ Apps+\daaf8f1e-02cf-42a6-ab97-212f4f33e209.exe [370080]
O42 – Logiciel: Browser+ Apps+ – (.app.) [HKLM] — Browser+ Apps+
[HKCU\Software\AppDataLow\Software\Browser+ Apps+]
[HKLM\Software\Browser+ Apps+-nv]
PUP.Multiplug (2014/09/29) O2 – BHO: YouTubeRAdsRemmouv [64Bits] – {266EE608-7639-8F11-4608-E4A189AE2CAD} Clé orpheline
O42 – Logiciel: YouTubeRAdsRemmouv – (.YoTuBerAdsRemov.) [HKLM][64Bits] — {650C05DC-4DB3-64C6-F062-902F50E14BB6}
O43 – CFD: 29/03/2014 – 23:22:33 – [] —-D C:\ProgramData\YouTubeRAdsRemmouv
Adware.SkillBrains (2014/09/29) [img]https://www.nicolascoolman.com/fr/pictures/logos/Logo-adware.jpg[/img]
[size=150]Adware.SkillBrains (2014/09/29)[/size]
%PROGRAMFILES%\SkillBrains
HKCU\Software\SkillBrains
HKLM\SOFTWARE\SkillBrains
HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Adware.EZSoftwareUpdater [Rootkit] (2014/09/27) [MD5.3F6966D04701C8DC020DFA2ED35B75F6] – (…) — C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe [220672] [PID.2464]
O42 – Logiciel: EZ Software Updater version 1.2.0.4 – (…) [HKLM][64Bits] — EZ Software Updater_is1
[HKLM\Software\Wow6432Node\EZ Software Updater]
O43 – CFD: 21/09/2014 – 23:00:37 – [] —-D C:\Program Files (x86)\EZ Software Updater
O45 – LFCP:[MD5.E29CA12791BCABCFED6EB852147C7A5B] – 21/09/2014 – 22:00:46 —A- – C:\Windows\Prefetch\EZ SOFTWARE UPDATER.EXE-E4DD3394.pf
O23 – Service: EZ Software Updater (EZ Software Updater) . (…) – C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
PUP.TalLtd [Adware] (2014/09/26) [MD5.3FF7F750FD13A73B92CCD1EBD8CCA097] – (…) — C:\Program Files (x86)\Salus\Salus.exe [981840] [PID.3988]
[MD5.60158655B4268AE96E4133050B761DE6] – (…) — C:\Program Files (x86)\Salus\CrashMon.exe [404992] [PID.4004]
O4 – HKLM\..\Wow6432Node\Run: [Salus] . (…) — C:\Program Files (x86)\Salus\Salus.exe
O4 – HKLM\..\Wow6432Node\Run: [Salus CrashMon] . (…) — C:\Program Files (x86)\Salus\CrashMon.exe
O41 – Driver: (Salus) . (.Windows Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) – C:\Windows\System32\drivers\Salus.sys
O43 – CFD: 26/09/2014 – 06:37:54 – [] —-D C:\Program Files (x86)\Salus
O44 – LFC:[MD5.B9416391F8F54CFD79ABF62A5A8F93D8] – 24/09/2014 – 15:50:46 —A- . (.Windows Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) — C:\Windows\System32\Drivers\salus.sys [47440]
O64 – Services: CurCS – 24/09/2014 – C:\Windows\System32\drivers\Salus.sys (Salus) .(.Windows Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) – LEGACY_SALUS
PUP.Multiplug (2014/09/25) O42 – Logiciel: BeetuterPRiceChec – (.BEEtteeRProicceCuhec.) [HKLM][64Bits] — {4E5FE462-1A84-47B4-3411-C72434AAD86C}
O43 – CFD: 23/09/2014 – 16:47:07 – [] —-D C:\ProgramData\BeetuterPRiceChec
C:\ProgramData\BeetuterPRiceChec
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4E5FE462-1A84-47B4-3411-C72434AAD86C}]
PUP.SnipSmart [Sambreel] (2014/09/24) O2 – BHO: SnipSmart [64Bits] – {fdc52258-a905-4607-ad88-2f692356525f} . (.SnipSmart – SnipSmart.) — C:\Program Files (x86)\SnipSmart\SnipSmartBHO.dll
O23 – Service: Util SnipSmart (Util SnipSmart) . (.SnipSmart – SnipSmart.) – C:\Program Files (x86)\SnipSmart\bin\utilSnipSmart.exe
O42 – Logiciel: SnipSmart – (.SnipSmart.) [HKLM] — SnipSmart
[HKCU\Software\SnipSmart]
[HKLM\Software\Wow6432Node\SnipSmart]
PUP.CrossRider [Adware] (2014/09/23) 61F330E3F24D8FBDD3A7A02F7F52FEBF] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-1] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-codedownloader.exe [1110936]
O2 – BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 – {11111111-1111-1111-1111-110611321185} . (.HDPlus-01TotalV21.09 – TotalPlus01-3.1V21.09 BHO.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-bho.dll
[MD5.66EFD4D54C14927D74DD590E6CD29A5B] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-11] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\55d88d94-6b9b-4c81-bb2c-9653d27581f8-11.exe [1965464]
O42 – Logiciel: TotalPlus01-3.1V21.09 – (.HDPlus-01TotalV21.09.) [HKLM] — TotalPlus01-3.1V21.09
[HKCU\Software\AppDataLow\Software\TotalPlus01-3.1V21.09]
O43 – CFD: 21/09/2014 – 17:06:31 – [] —-D C:\Program Files\TotalPlus01-3.1V21.09
PUP.Multiplug (2014/09/23) M2 – MFEP: prefs.js [Coolman – 657f5q9x.default\AhChKYbP@I.net] [] GouSave v2.0 (..)
C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\657f5q9x.default\extensions\AhChKYbP@I.net
O43 – CFD: 19/09/2014 – 14:11:39 – [] —-D C:\ProgramData\PsddCheeckeR
Adware.AddLyrics (2014/09/21) [MD5.00000000000000000000000000000000] [APT] [FoxyLyrics Update] (…) — C:\Program Files (x86)\FoxyLyrics\FoxyLycsUP.exe
O39 – APT: FoxyLyrics Update – (…) — C:\Windows\Tasks\FoxyLyrics Update.job [372]
O39 – APT: FoxyLyrics Update – (…) — C:\Windows\System32\Tasks\FoxyLyrics Update [372]
[HKCU\Software\AppDataLow\Software\FoxyLyrics]
PUP.KlipPal [Sambreel] (2014/09/20) [MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\Klip Pal\updateKlipPal.exe [66336] [PID.3192]
[MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe [66336] [PID.5532]
O2 – BHO: Klip Pal [64Bits] – {e371c496-8579-4c9a-a396-2a35639beb3b} . (.Klip Pal – Klip Pal.) — C:\Program Files (x86)\Klip Pal\KlipPalBHO.dll
O42 – Logiciel: Klip Pal – (.Klip Pal.) [HKLM] — Klip Pal
O43 – CFD: 17/09/2014 – 16:01:03 – [] —-D C:\Program Files\Klip Pal
PUP.Multiplug (2014/09/20) M2 – MFEP: prefs.js [Coolman – 657f5q9x.default-1372148979422\VAw7n@h.edu] [] GoSSaVe v2.0 (..)
M2 – MFEP: prefs.js [Coolman – 657f5q9x.default-1372148979422\xBvd@oU2rv.edu] [] YouituBeAdBlocke v1.0 (..)
O43 – CFD: 15/09/2014 – 13:44:37 – [0] —-D C:\Program Files (x86)\GoSaavee
O43 – CFD: 15/09/2014 – 13:57:49 – [0] —-D C:\Program Files (x86)\YouituBeAdBlocke
PUP.TermTutor [Adware] (2014/09/19) [MD5.C86CEB3838E7B5FA0EBF54B6A1E68C9B] – (.Term Tutor – Term Tutor Client Service.) — C:\Program Files (x86)\TermTutor\Service\ttsvc.exe [276048] [PID.1596]
O2 – BHO: TermTutor [64Bits] – {6CB99040-7828-4C37-AC01-F15758F43E4D} . (.Term Tutor – Term Tutor Client BHO x86.) — C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll
O23 – Service: Term Tutor Client Service (ttsvc) . (.Term Tutor – Term Tutor Client Service.) – C:\Program Files (x86)\TermTutor\Service\ttsvc.exe
O41 – Driver: (ttnfd) . (.Term Tutor – Term Tutor Driver x64.) – C:\Windows\System32\drivers\ttnfd.sys
O42 – Logiciel: Term Tutor – (.Term Tutor.) [HKLM][64Bits] — TermTutor
PUP.Adanak [Sambreel] (2014/09/18) [MD5.4830E427DB6A1264E10A5C4D12AC6424] – (…) — C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe [98584] [PID.4076]
[MD5.A1B536E35AE0AD80A1793201FAA97BA9] – (…) — C:\Program Files (x86)\Adanak\bin\Adanak.BRT.Helper.exe [161048] [PID.284]
[MD5.F746CCDBB24B175809201DA2DE818B07] – (…) — C:\Program Files (x86)\Adanak\updateAdanak.exe [324888] [PID.4948]
[MD5.F746CCDBB24B175809201DA2DE818B07] – (…) — C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [324888] [PID.4220]
PUP.Lasaoren [Hijacker] (2014/09/18) [MD5.D8AFF6EED91F8597C86CA952761FE171] – (…) — C:\Program Files (x86)\WSE_Lasaoren\BRS\brs.exe [1074688] [PID.172396]
O4 – HKCU\..\Run: [BRS] . (…) — C:\Program Files (x86)\WSE_Lasaoren\BRS\brs.exe
O4 – HKUS\S-1-5-21-1905745630-3298968027-4180984981-1000\..\Run: [BRS] . (…) — C:\Program Files (x86)\WSE_Lasaoren\BRS\brs.exe
[MD5.D92042C33581C92CC9390D2A3B8A6FE2] [APT] [WSE_Lasaoren] (…) — C:\Users\Coolman\AppData\Roaming\WSE_LA~1\UPDATE~1\UPDATE~1.exe [478208]
O39 – APT: WSE_Lasaoren – (…) — C:\Windows\Tasks\WSE_Lasaoren.job [308]
O39 – APT: WSE_Lasaoren – (…) — C:\Windows\System32\Tasks\WSE_Lasaoren [308]
O42 – Logiciel: WSE_Lasaoren – (.WSE_Lasaoren.) [HKLM][64Bits] — WSE_Lasaoren
[HKCU\Software\Lasaoren]
[HKCU\Software\wse_lasaoren]
O43 – CFD: 17/09/2014 – 19:11:02 – [] —-D C:\Program Files (x86)\WSE_Lasaoren
O43 – CFD: 17/09/2014 – 19:18:41 – [] —-D C:\Users\Coolman\AppData\Roaming\Lasaoren
O43 – CFD: 17/09/2014 – 19:11:12 – [] —-D C:\Users\Coolman\AppData\Roaming\WSE_Lasaoren
O69 – SBI: SearchScopes [HKCU] {A25AC313-DD19-4238-ACA2-401D6BEE4321} – (Lasaoren) – http://Lasaoren.com
PUP.GigaClicks (2014/09/17) [MD5.F7A34DA90E3670EE92650BF618AFF930] – (.The Chromium Authors – Chromium.) — C:\Users\Coolman\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe [697344] [PID.5956]
[MD5.0A6B18F7C85529FD211B651A582E5285] – (…) — C:\Users\Coolman\AppData\Local\GCC\Controller.exe [475648] [PID.2996]
[HKCU\Software\GigaClicks]
[HKCU\Software\Idle-#-Crawler]
O42 – Logiciel: Idle-#-Crawler – (.Internet Resources Analyzing Foundation.) [HKLM][64Bits] — Idle-#-Crawler
O42 – Logiciel: GigaClicks Crawler – (.GigaClicks Inc..) [HKLM] — GigaClicks Crawler
Adware.InstallCore (2014/09/16) O42 – Logiciel: Image Resizer Packages – (…) [HKCU] — Image Resizer Packages
O42 – Logiciel: Ultimate Codecs Packages – (…) [HKCU] — Ultimate Codecs Packages
PUP.CrossRider [Adware] (2014/09/16) [MD5.75EF5C0ABD3306D094B23C03BBECBDEC] – (.Corporate Inc – winservice86 exe.) — C:\Program Files (x86)\winservice86\721bec50-90c3-42e5-9ee9-a7a3f064a495.exe [370544] [PID.1924]
[MD5.098DF1FA755B78AF83E56BCC5F6D46DE] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-1] (.Corporate Inc.) — C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe [1105264]
[MD5.6D33A1C32C04B8E6BDFE307E7893BA3B] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-11] (.Corporate Inc.) — C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-11.exe [1969008]
[HKCU\Software\AppDataLow\Software\winservice86]
[HKLM\Software\Wow6432Node\winservice86-nv]
[HKLM\Software\Wow6432Node\winservice86]
O43 – CFD: 16/09/2014 – 19:47:05 – [] —-D C:\Program Files (x86)\winservice86
PUP.TubeDimmer (2014/09/14) O2 – BHO: Search Deals [64Bits] – {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} . (.CloudCanvas, Inc. DBA Injekt – Pas de description.) — C:\ProgramData\SearchDeals2\IE\common.dll
O42 – Logiciel: Search Deals – (.CloudCanvas, Inc. DBA Injekt.) [HKLM][64Bits] — SearchDeals2
O43 – CFD: 06/05/2014 – 16:58:12 – [] —-D C:\ProgramData\SearchDeals2
PUP.SquirrelWeb [Sambreel] (2014/09/14) O2 – BHO: SquirrelWeb [64Bits] – {dd86af49-1ef1-4532-89f7-41eda1dbbe6d} . (.SquirrelWeb – SquirrelWeb.) — C:\Program Files (x86)\SquirrelWeb\SquirrelWebBHO.dll
O23 – Service: Util SquirrelWeb (Util SquirrelWeb) . (.SquirrelWeb – SquirrelWeb.) – C:\Program Files (x86)\SquirrelWeb\bin\utilSquirrelWeb.exe
O43 – CFD: 15/09/2013 – 08:14:22 – [2,260] —-D C:\Program Files\SquirrelWeb
PUP.TowerTilt [Adware] (2014/09/13) O42 – Logiciel: TowerTilt – (.TowerTilt.) [HKLM][64Bits] — TowerTilt
[HKCU\Software\Towerilt]
[HKLM\Software\Wow6432Node\TowerTilt]
O43 – CFD: 29/06/2014 – 14:32:56 – [] —-D C:\Program Files (x86)\TowerTilt
PUP.ChampionDeals [Adware] (2014/09/12) O42 – Logiciel: ChampionDeals – (.ChampionDeals.) [HKLM][64Bits] — {37476589-E48E-439E-A706-56189E2ED4C4}_is1
O43 – CFD: 06/09/2014 – 21:07:02 – [] —-D C:\ProgramData\ChampionDeals
PUP.Yawtix [Adware] (2014/09/12) O43 – CFD: 24/08/2014 – 18:41:49 – [0] —-D C:\Program Files (x86)\Yawtix
O43 – CFD: 06/09/2014 – 21:07:05 – [] —-D C:\ProgramData\Yawtix
PUP.LookThisUp [Adware] (2014/09/12) O43 – CFD: 12/09/2014 – 10:55:58 – [] —-D C:\Users\Coolman\AppData\Roaming\LookThisUp
O43 – CFD: 06/09/2014 – 21:07:08 – [] —-D C:\ProgramData\LookThisUp
PUP.PicRec [Adware] (2014/09/11) O23 – Service: PicRec Update (picrecupd) . (.PicRec – Enables you to find the best service profes.) – C:\Program Files\Common Files\PicRec\PicRecHelper\picrecs.exe
O42 – Logiciel: PicRec – (.PicRec.) [HKLM][64Bits] — PicRecHelper
[HKLM\Software\Wow6432Node\PicRec]
O43 – CFD: 19/08/2014 – 18:55:56 – [] —-D C:\ProgramData\PicRec
PUP.ClaroSearch [Hijacker] (2014/09/10) G2 – GCE: Preference [User Data\Default] [dcillohgikpecbmgioknapdpcjofaafl] Calro-Search Toolbar v.1.0 (Désactivé)
O42 – Logiciel: ClaroInstaller – (.Claro.) [HKLM][64Bits] — {069B290F-5398-4629-A009-85B4BCB4B1B9}
O43 – CFD: 07/09/2012 – 05:56:08 – [] —-D C:\Users\Coolman\AppData\Roaming\Claro
PUP.PsDToPng (2014/09/09) G2 – GCE: Preference [User Data\Default] [mcocfjjlkfpghaiobjljlkmmdinefipm] PsDToPng v.5.2 (Activé)
G2 – EXT: C:\Users\marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcocfjjlkfpghaiobjljlkmmdinefipm [PsDToPng]
O42 – Logiciel: PsDToPng – (.PsdToPng.) [HKLM][64Bits] — {B68681D0-1A63-CE52-50A1-99E07C95321D}
O43 – CFD: 09/09/2014 – 21:25:56 – [] —-D C:\ProgramData\PsDToPng
PUP.TicTaCoupon [Multiplug] (2014/09/08) O2 – BHO: TicTTaCuoupon [64Bits] – {A6374119-7C28-0D54-ECB1-8CDE7E94A1FB} . (…) — C:\ProgramData\TicTTaCuoupon\Q7XipQ.dll
O42 – Logiciel: TicTTaCuoupon – (.TicTACeouponn.) [HKLM][64Bits] — {E370F69F-ED3F-925F-31FC-14D1329A713B}
O43 – CFD: 05/09/2014 – 22:14:58 – [] —-D C:\ProgramData\TicTTaCuoupon
Adware.Multiplug (2014/09/08) O2 – BHO: FlashCoupon [64Bits] – {ADEE93C0-CEBA-2FFE-BD61-4E29095AA8BD} . (…) — C:\ProgramData\FlashCoupon\SazkW_FL8T.dll
O42 – Logiciel: FlashCoupon – (.FlashCooupiouN.) [HKLM][64Bits] — {8B114619-78B7-1CFF-55EF-74266954F883}
O43 – CFD: 07/09/2014 – 14:33:20 – [] —-D C:\ProgramData\FlashCoupon
O43 – CFD: 06/02/2014 – 20:04:42 – [] —-D C:\ProgramData\ImageToPnng
PUP.WeatherBlink (2014/09/05) P2 – FPN: [HKLM] [@WeatherBlink.com/Plugin] – (.Mindspark – Mindspark Toolbar Platform Plugin Stub for 32-bit Windows.) — C:\Program Files\WeatherBlink\bar\1.bin\NPgcStub.dll
O2 – BHO: Search Assistant BHO – {9b9dcae3-be34-424c-8d73-75e305a9e091} . (.Mindspark – Mindspark Search Assistant.) — C:\Program Files\WeatherBlink\bar\1.bin\gcSrcAs.dll
O2 – BHO: Toolbar BHO – {dc9051c2-8f55-479a-97a4-747980d9047f} . (.Mindspark – Mindspark Toolbar Platform.) — C:\Program Files\WeatherBlink\bar\1.bin\gcbar.dll
O3 – Toolbar: WeatherBlink – [HKLM]{f20de5e0-2a6e-4c54-985f-1cf59551ce39} . (.Mindspark – Mindspark Toolbar Platform.) — C:\Program Files\WeatherBlink\bar\1.bin\gcbar.dll
O4 – HKLM\..\Run: [WeatherBlink Search Scope Monitor] . (.Mindspark – Mindspark Toolbar Platform SearchScope Moni.) — C:\Program Files\WeatherBlink\bar\1.bin\gcSrchMn.exe
O4 – HKLM\..\Run: [WeatherBlink Browser Plugin Loader] . (.VER_COMPANY_NAME – VER_DESCRIPTION.) — C:\Program Files\WeatherBlink\bar\1.bin\gcbrmon.exe
O23 – Service: WeatherBlinkService (WeatherBlinkService) . (.COMPANYVERS_NAME – PRODUCTVERS_TITLE.) – C:\Program Files\WeatherBlink\bar\1.bin\gcbarsvc.exe
O42 – Logiciel: WeatherBlink Internet Explorer Toolbar – (.Mindspark Interactive Network.) [HKLM] — WeatherBlinkbar Uninstall Internet Explorer
[HKCU\Software\AppDataLow\Software\WeatherBlink]
Adware.ShoppingReport (2014/09/02) R3 – URLSearchHook: SiteFinder [64Bits] – {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} . (.Site Finder – Site Finder Toolbar.) (1.0.0.0) — C:\Program Files (x86)\SiteFinder\SiteFinder.dll
O42 – Logiciel: SiteFinder – (.SiteFinder.) [HKLM][64Bits] — SiteFinder
O43 – CFD: 25/05/2014 – 20:38:34 – [] —-D C:\Program Files (x86)\SiteFinder
PUP.SmartMediaConverter [Adware] (2014/09/02) HKLM\Software\Wow6432Node\SmartMediaConverter]
O43 – CFD: 16/04/2014 – 19:44:53 – [] —-D C:\Program Files (x86)\SmartMediaConverter
O43 – CFD: 16/04/2014 – 19:44:53 – [] —-D C:\Users\Emeline\AppData\Roaming\SmartMediaConverter
PUP.InternetSpeedChecker [CrossRider] (2014/09/02) [MD5.07DEA68583F0C3598C2D2787796446F8] – (.Speedchecker – Internet Speed Checker exe.) — C:\Program Files (x86)\Internet Speed Checker\d051e752-9238-4408-800e-212dcc0c5e54-6.exe [667496] [PID.1776]
O39 – APT: d051e752-9238-4408-800e-212dcc0c5e54-11 – (.Speedchecker.) — C:\Windows\System32\Tasks\d051e752-9238-4408-800e-212dcc0c5e54-11 [4502]
O39 – APT: d051e752-9238-4408-800e-212dcc0c5e54-5_user – (.Speedchecker.) — C:\Windows\Tasks\d051e752-9238-4408-800e-212dcc0c5e54-5_user.job [1720]
[HKCU\Software\AppDataLow\Software\Internet Speed Checker]
[HKLM\Software\Internet Speed Checker-nv]
Adware.EZYouTubeVideoD (2014/08/31) O23 – Service: Security Updates Service (Security Updates Service) . (.Windows Update Service.) – C:\Program Files\Security Updates Service\winupdsvc.exe
O42 – Logiciel: EZ YouTube Video Downloader – (.XtensionPlus.) [HKLM] — EZ YouTube Video Downloader
[HKLM\Software\SecurityUpdatesService]
[MD5.84AD619D7175953D473ED12D90862DF4] [SPRF][03/08/2014] (…) — C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe [2212978]
[MD5.E6DA59066F99F5FE0A0E6C69141E1A7E] [SPRF][30/08/2014] (…) — C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe [2214299]
SR – | Auto 19/08/2014 861696 | (Security Updates Service) . (…) – C:\Program Files\Security Updates Service\winupdsvc.exe
PUP.GenericAddon [Adware] (2014/08/31) [HKCU\Software\AppDataLow\Software\GenericAddon]
C:\Program Files\GenericAddon
C:\Program Files\GenericAddon\genadur.exe
C:\Program Files\GenericAddon\xpi.db
C:\Program Files\GenericAddon\SQLite3.dll
PUP.RockTurner (2014/08/30) [MD5.00000000000000000000000000000000] [APT] [RocketTab] (…) — C:\Program Files (x86)\RocketTab\Client.exe
[MD5.00000000000000000000000000000000] [APT] [RocketTab Update Task] (…) — C:\Program Files (x86)\RocketTab\uninstall.exe
[HKLM\Software\Wow6432Node\RocketTab]
[HKCU\Software\RocketTabInstalled]
PUP.DealsFactor [Adware](2014/08/29) O42 – Logiciel: DealsFactor – (.DealsFactor.) [HKLM][64Bits] — {37476589-E48E-439E-A706-56189E2ED4C4}_is1
O43 – CFD: 10/08/2014 – 23:05:48 – [] —-D C:\ProgramData\DealsFactor
Trojan.AOK (2014/08/29) [MD5.2F26F74E6334F26F0FFC21161C7B4004] – (…) — C:\Program Files (x86)\MediaVideoPlayer\service.exe [1017683] [PID.2044]
O4 – HKLM\..\Wow6432Node\Run: [Sysctl] . (…) — C:\Program Files (x86)\MediaVideoPlayer\sysctl.exe
O23 – Service: (Sysupdate) . (…) – C:\Program Files (x86)\MediaVideoPlayer\service.exe
O43 – CFD: 28/08/2014 – 01:23:02 – [] —-D C:\Program Files (x86)\MediaVideoPlayer
SR – | Auto 11/08/2014 1017683 | (Sysupdate) . (…) – C:\Program Files (x86)\MediaVideoPlayer\service.exe
Trojan.SProtector (2014/08/29) O23 – Service: Browser System Enahncer (671c50b0) . (…) – c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll
O43 – CFD: 25/08/2014 – 11:13:38 – [] —-D C:\ProgramData\Browser System Enahncer
[MD5.EEAC1234B44CDE6F489E1D9A9307AC17] – (…) — C:\Users\Coolman\AppData\Local\DesktopDriverPython\DesktopDriverPython.exe [98341] [PID.1884]
[MD5.0A92C4DF9B9D43767C90DE01C62AA912] – (…) — C:\Users\Coolman\AppData\Local\DesktopDriverPython\ControlMotionRegister.exe [227877] [PID.5156]
O23 – Service: DesktopDriverPython.exe (DesktopDriverPython.exe) . (…) – C:\Users\Coolman\AppData\Local\DesktopDriverPython\DesktopDriverPython.exe
SR – | Auto 20/07/2014 98341 | (DesktopDriverPython.exe) . (…) – C:\Users\Coolman\AppData\Local\DesktopDriverPython\DesktopDriverPython.exe
Adware.MyWebSearch (2014/08/29) M2 – MFEP: prefs.js [Toshiba – 7lpw3azy.default\aaffxtbr@EliteUnzip_aa.com] [] Elite Unzip v6.20.3.33535 (..)
G2 – GCE: Preference [User Data\Default] [gopocncendemolgifaollkommlfpagmg] Elite Unzip v.11.38.4.38360, (Désactivé)
G2 – EXT: C:\Users\thony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gopocncendemolgifaollkommlfpagmg [Elite Unzip]
O4 – HKLM\..\Wow6432Node\Run: [Elite Unzip EPM Support] . (.Mindspark Interactive Network, Inc. – Toolbar Software.) — C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aamedint.exe
O23 – Service: Elite UnzipService (EliteUnzip_aaService) . (.COMPANYVERS_NAME – PRODUCTVERS_TITLE.) – C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabarsvc.exe
PUP.BProtector [Adware] (2014/08/27) O23 – Service: WinSpeed (f1f78e38) . (…) – C:\ProgramData\WinSpeed\WinSpeedSvc.dll PUP.BProtector
O43 – CFD: 25.08.2014 – 10:48:01 – [] —-D C:\ProgramData\WinSpeed
SR – | Auto 25.08.2014 186192 | C:\ProgramData\WinSpeed\WinSpeedSvc.dll (f1f78e38) . (…) – C:\ProgramData\WinSpeed\WinSpeedSvc.dll
PUP.AppToU [Multiplug] (2014/08/27) O2 – BHO: ApptuoU [64Bits] – {E0416254-EBC1-CB7C-17BD-3748BB5F6A82} . (…) — C:\ProgramData\ApptuoU\0_KAF.dll
O42 – Logiciel: ApptuoU – (.ApptOU.) [HKLM][64Bits] — {01B91C29-337A-1FFD-7CFC-473451D2F861}
O43 – CFD: 22/08/2014 – 15:04:44 – [] —-D C:\ProgramData\ApptuoU
PUP.BrowserApps [Spyware] (2014/08/27) G2 – GCE: Preference [User Data\Default] [mggafhpkgkfebnjfbiefbbbicikgchlf] Browser_AppS 1.1 v.15514.2069.7823, (Activé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggafhpkgkfebnjfbiefbbbicikgchlf [Browser_AppS 1.1]
[HKCU\Software\AppDataLow\Software\Browser_AppS 1.1]
[HKLM\Software\Wow6432Node\Browser_AppS 1.1]
PUP.TVWizard [Adware] (2014/08/26) O23 – Service: OqnquDBUFP (OqnquDBUFP) . (.Small Island Development – TVWizard Service.) – C:\ProgramData\aCWxcJqgh\OqnquDBUFP.exe
O42 – Logiciel: TV Wizard – (.Small Island Development.) [HKLM][64Bits] — TVWizard
O43 – CFD: 22/08/2014 – 15:20:01 – [] —-D C:\ProgramData\TVWizard
O43 – CFD: 26/08/2014 – 08:28:17 – [] —-D C:\Users\Coolman\AppData\Local\TVWizard
SS – | Auto 22/08/2014 2319728 | (OqnquDBUFP) . (.Small Island Development.) – C:\ProgramData\aCWxcJqgh\OqnquDBUFP.exe
Adware.InstallCore (2014/08/26) O39 – APT: – (..) — C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job [456]
O39 – APT: – (..) — C:\WINDOWS\Tasks\ProgramUpdateCheck.job [400]
O39 – APT: – (..) — C:\WINDOWS\Tasks\Final Media Player Update Checker.job [392]
O42 – Logiciel: File Type Assistant – (…) [HKLM] — Trusted Software Assistant_is1
O42 – Logiciel: Final Media Player 2014 – (.Bitberry Software.) [HKLM] — FinalMediaPlayer_is1
[HKCU\Software\Bitberry Software]
[HKCU\Software\Bitberry]
[HKCU\Software\FileTypeAssistant]
O43 – CFD: 07/05/2014 – 09:28:40 – [] —-D C:\Documents and Settings\Coolman\Application Data\1O1L1I1PtF1F1C1N
PUP.CrossRider [Adware] (2014/08/25) G2 – GCE: Preference [User Data\Default] [dndpbhehbclolnjdfholblgioegcadih] BobyLyrics-15 v.1.25.15, (Activé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dndpbhehbclolnjdfholblgioegcadih [BobyLyrics-15]
O2 – BHO: CrossriderApp0043914 [64Bits] – {11111111-1111-1111-1111-110411391114} . (.LKB boby soft – BobyLyrics-15 BHO.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-bho.dll
[MD5.FD4B699623E3BFCD0F23B1DCC290A208] [APT] [BobyLyrics-15-chromeinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-chromeinstaller.exe [471040]
[MD5.147579A8789B144AAAC67258297963A1] [APT] [BobyLyrics-15-codedownloader] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-codedownloader.exe [494592]
O39 – APT: BobyLyrics-15-chromeinstaller – (.LKB boby soft.) — C:\Windows\Tasks\BobyLyrics-15-chromeinstaller.job [1962]
O39 – APT: BobyLyrics-15-chromeinstaller – (.LKB boby soft.) — C:\Windows\System32\Tasks\BobyLyrics-15-chromeinstaller [1962]
O42 – Logiciel: BobyLyrics-15 – (.LKB boby soft.) [HKLM][64Bits] — BobyLyrics-15
PUP.FindoPolis [Sambreel] (2014/08/24) O2 – BHO: FindoPolis [64Bits] – {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} . (.FindoPolis – FindoPolis.) — C:\Program Files (x86)\FindoPolis\FindoPolisBHO.dll
O23 – Service: Update FindoPolis (Update FindoPolis) . (.FindoPolis – FindoPolis.) – C:\Program Files (x86)\FindoPolis\updateFindoPolis.exe
O23 – Service: Util FindoPolis (Util FindoPolis) . (.FindoPolis – FindoPolis.) – C:\Program Files (x86)\FindoPolis\bin\utilFindoPolis.exe
O42 – Logiciel: FindoPolis – (.FindoPolis.) [HKLM] — FindoPolis
[HKLM\Software\Wow6432Node\FindoPolis]
PUP.PodoWeb [Sambreel] (2014/08/23) [MD5.DF09CE907803492420A7C3B8AFEFB083] – (…) — C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe [323352] [PID.11516]
[MD5.DF09CE907803492420A7C3B8AFEFB083] – (…) — C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe [323352] [PID.5788]
O2 – BHO: PodoWeb [64Bits] – {dfa18288-f10d-46f3-a28e-a197c78c5a13} . (.PodoWeb – PodoWeb.) — C:\Program Files (x86)\PodoWeb\PodoWebBHO.dll
O23 – Service: Update PodoWeb (Update PodoWeb) . (…) – C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe
O23 – Service: Util PodoWeb (Util PodoWeb) . (…) – C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe
O42 – Logiciel: PodoWeb – (.PodoWeb.) [HKLM][64Bits] — PodoWeb
PUP.BProtector [Adware] (2014/08/23) [MD5.D4D1CC69E363813C14F289694756AA1E] [SPRF][03/06/2014] (…) — C:\Program Files (x86)\Assistant.dll [4296192]
[MD5.14FC568BCAF731BC998041A56AF09FF9] [SPRF][03/06/2014] (…) — C:\Program Files (x86)\Assistant_x64.dll [4210176]
Hijacker.SearchIsBestMy (2014/08/22) R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastsearchings.info
R0 – HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastsearchings.info
PUP.Adblocker (2014/08/22) O2 – BHO: Adblocker [64Bits] – {F5D94C02-7755-ECF4-7C83-67323A12FE14} . (…) — C:\Program Files (x86)\Adblocker\ICARI8taqr.dll
O42 – Logiciel: Adblocker – (.Adblocker.) [HKLM][64Bits] — {4820778D-AB0D-6D18-C316-52A6A0E1D507}
O43 – CFD: 08.07.2014 – 13:57:18 – [] —-D C:\Program Files (x86)\Adblocker
O43 – CFD: 08.07.2014 – 13:57:21 – [] —-D C:\ProgramData\Adblocker
PUP.SmarterPower [Adware] (2014/08/22) [MD5.A5EEFE825B02FB4EFE1EB55E56B3BE73] – (…) — C:\Program Files\SmarterPower\updateSmarterPower.exe [323320] [PID.3248]
O2 – BHO: SmarterPower – {bd7c9b62-a7d9-4405-be51-7fd633f08791} . (.SmarterPower – SmarterPower.) — C:\Program Files\SmarterPower\SmarterPowerbho.dll
O23 – Service: Update SmarterPower (Update SmarterPower) . (…) – C:\Program Files\SmarterPower\updateSmarterPower.exe
O42 – Logiciel: SmarterPower – (.SmarterPower.) [HKLM] — SmarterPower
[HKCU\Software\SmarterPower]
O64 – Services: CurCS – 21/08/2014 – C:\Program Files\SmarterPower\updateSmarterPower.exe (Update SmarterPower) .(…) – LEGACY_UPDATE_SMARTERPOWER
PUP.CouponChampion (2014/08/20) [HKLM\Software\Wow6432Node\Coupon Champion]
O43 – CFD: 13/08/2014 – 19:22:33 – [] —-D C:\Program Files (x86)\Coupon Champion
O43 – CFD: 11/07/2014 – 19:25:16 – [] —-D C:\Users\Coolman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Champion
PUP.SafeWeb [Multiplug] (2014/08/19) O39 – APT: – (..) — C:\Windows\Tasks\PC_Booster-S-828263068.job [480]
O42 – Logiciel: PC_Booster – (.PremiumSoft.) [HKLM] — S-828263068
[HKLM\Software\PC_Booster]
O43 – CFD: 08/08/2014 – 13:12:29 – [] —-D C:\Program Files\PC_Booster
PUP.Meteoroids [Spyware] (2014/08/19) O23 – Service: dTAtscnxq (dTAtscnxq) . (.Acute Angle Solutions – Meteoroids Service.) – C:\ProgramData\ACBmLoxwCPE\dTAtscnxq.exe
O42 – Logiciel: Meteoroids – (.Acute Angle Solutions.) [HKLM][64Bits] — Meteoroids
O43 – CFD: 18/08/2014 – 15:49:18 – [] —-D C:\ProgramData\ACBmLoxwCPE
SR – | Auto 18/08/2014 2318720 | (dTAtscnxq) . (.Acute Angle Solutions.) – C:\ProgramData\ACBmLoxwCPE\dTAtscnxq.exe
PUP.Multiplug (2014/08/19) O42 – Logiciel: deallster – (.dealster.) [HKLM][64Bits] — {5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
O43 – CFD: 31/07/2014 – 12:57:17 – [] —-D C:\ProgramData\deallster
O42 – Logiciel: ExtraSHoppoeer – (.ExToRaShoopppeerr.) [HKLM][64Bits] — {7BCAC0EB-3993-2416-0531-848C39DF8B65}
O43 – CFD: 31/07/2014 – 12:57:20 – [] —-D C:\ProgramData\ExtraSHoppoeer
PUP.Deal4Me [Multiplug] (2014/08/19) O42 – Logiciel: deal4me – (.deaal4me.) [HKLM][64Bits] — {09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}
O43 – CFD: 16/05/2014 – 19:44:06 – [] —-D C:\ProgramData\deal4me
O43 – CFD: 16/08/2014 – 20:53:32 – [] —-D C:\ProgramData\deAll4me
PUP.DownloadItKeep [Multiplug] (2014/08/19) O42 – Logiciel: downLoadiitkeep – (.doownloAditkeeP.) [HKLM][64Bits] — {1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
O43 – CFD: 09/08/2014 – 13:12:20 – [] —-D C:\ProgramData\downLoadiitkeep
O43 – CFD: 16/08/2014 – 20:53:48 – [] —-D C:\ProgramData\manolboeddcaampcoijpiibeajdhnkfp
PUP.DocToTxtConvert [Multiplug] (2014/08/19) G2 – GCE: Preference [User Data\Default] [manolboeddcaampcoijpiibeajdhnkfp] DoicToTXTTCeonVVeeRt v.3.2 (Activé)
O42 – Logiciel: DoicToTXTTCeonVVeeRt – (.DoccToTXTConvoert.) [HKLM][64Bits] — {7A9162C6-CEE2-E501-23B7-E4706037263C}
PUP.ZooToolbar [Hijacker] (2014/08/19) [MD5.26C235F7E5D754B275774D6F5ABA72B0] – (.Pas de propriétaire – AsyncSystemSockets.) — C:\Program Files (x86)\ZooToolbar\WBrowserHandler.exe [34376] [PID.2896]
[MD5.4AC294B4493B89B22F24FE190D398CC7] – (…) — C:\Program Files (x86)\ZooToolbar\WSearchKeeper.exe [91208] [PID.2904]
G0 – GCSP: Preference [User Data\Default][HomePage] http://isearch.zoo.com
[HKCU\Software\ZooToolbar]
O43 – CFD: 06/08/2014 – 14:15:35 – [] —-D C:\Program Files (x86)\ZooToolbar
PUP.ConsumerInput [Spyware] (2014/08/18) [MD5.EC4025F6B4B73E6A4D8BEA6C5FEC6101] – (…) — C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe [1082240] [PID.816]
O23 – Service: Service ConsumerInput Update (consumerinput_update) (consumerinput_update) . (.ConsumerInput – ConsumerInput Update.) – C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
[MD5.25700512A47CE50499DE7593B888EE52] [APT] [ConsumerInputUpdateTaskMachineCore] (.ConsumerInput.) — C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe [106296]
[MD5.25700512A47CE50499DE7593B888EE52] [APT] [ConsumerInputUpdateTaskMachineUA] (.ConsumerInput.) — C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe [106296]
PUP.GlobalUpdate [Hijacker] (2014/08/18) O23 – Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate – globalUpdate Update.) – C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
[HKCU\Software\globalUpdate]
[HKLM\Software\Wow6432Node\GlobalUpdate]
O43 – CFD: 05/06/2014 – 08:41:21 – [] —-D C:\Program Files (x86)\globalUpdate
O43 – CFD: 05/06/2014 – 08:41:20 – [] —-D C:\Users\Coolman\AppData\Local\globalUpdate
O61 – LFC: 05/06/2014 – 11:12:34 —A- . (.globalUpdate.) — C:\Users\Coolman\AppData\Local\Temp\comh.274914\GoogleCrashHandler.exe [72872]
O61 – LFC: 05/06/2014 – 11:12:34 —A- . (.globalUpdate.) — C:\Users\Coolman\AppData\Local\Temp\comh.274914\GoogleUpdate.exe [68608]
PUP.CrossRider [Adware] (2014/08/18) O42 – Logiciel: CinamHDPureV9.5 – (.CinamHDPure.) [HKLM][64Bits] — CinamHDPureV9.5
[HKLM\Software\Wow6432Node\CinamHDPureV9.5-nv]
O43 – CFD: 18/08/2014 – 01:36:34 – [] —-D C:\Program Files (x86)\CinamHDPureV9.5
Crapware.WinClear (2014/08/17) O42 – Logiciel: WinClear v2.5 – (…) [HKLM] — WinClear_is1
O43 – CFD: 2009-09-26 – 04:09:05 – [] —-D C:\Program Files\WinClear
PUP.Astromenda [Hijacker] (2014/08/17) G0 – GCSP: Preference [User Data\Default][HomePage] http://astromenda.com
G2 – GCE: Preference [User Data\Default] [pfkfdlcdbajamklbneflfbcmfgddmpae] Astromenda New Tab v.0.3.6, (Désactivé)
R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.com
O4 – HKCU\..\RunOnce: [WSE_Astromenda] wscript \E:vbscript \B C:\Users\Coolman\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat
[MD5.08B32F1BD56854DCECDFBD7A5AC180A0] [APT] [WSE_Astromenda] (…) — C:\Users\Coolman\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.exe [478208]
O39 – APT: WSE_Astromenda – (…) — C:\Windows\Tasks\WSE_Astromenda.job [292] =>PUP.Astromenda
O39 – APT: WSE_Astromenda – (…) — C:\Windows\System32\Tasks\WSE_Astromenda [292] =>PUP.Astromenda
O42 – Logiciel: WSE_Astromenda – (.Astromenda.) [HKLM] — Astromenda
[HKCU\Software\WSE_Astromenda]
O43 – CFD: 16/08/2014 – 00:38:34 – [] —-D C:\Users\nolan\AppData\Roaming\WSE_Astromenda
O61 – LFC: 15/08/2014 – 19:15:01 —A- . (…) — C:\Users\Coolman\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [478208]
O69 – SBI: SearchScopes [HKCU] {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} [DefaultScope] – (Astromenda) – http://astromenda.com
PUP.JDiBackup [Spyware] (2014/08/17) O42 – Logiciel: MyPC Backup – (.JDi Backup Ltd.) [HKLM][64Bits] — MyPC Backup
O45 – LFCP:[MD5.7DB468A1E29236B3934F5A33A69F19BC] – 2014-07-08 – 16:20:11 —A- – C:\Windows\Prefetch\SIGNUP WIZARD.EXE-9554BD21.pf
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS
PUP.ClearThink [Adware] (2014/08/15) O2 – BHO: ClearThink [64Bits] – {7e6d4e3e-fc66-4036-9799-ce5c625c4c56} . (.ClearThink – ClearThink.) — C:\Program Files (x86)\ClearThink\ClearThinkbho.dll
O23 – Service: Update ClearThink (Update ClearThink) . (.ClearThink – ClearThink.) – C:\Program Files (x86)\ClearThink\updateClearThink.exe
O23 – Service: Util ClearThink (Util ClearThink) . (.ClearThink – ClearThink.) – C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe
[HKLM\Software\Wow6432Node\ClearThink]
O42 – Logiciel: ClearThink – (.ClearThink.) [HKLM][64Bits] — ClearThink
PUP.SaveNewAppz [Multiplug] (2014/08/15) M2 – MFEP: prefs.js [Coolman – ivo9vmmy.default\yxquhbn@yulfpi-ooeo.org] [] SaveNewuaAppzz v5.5 (..)
O43 – CFD: 09-08-14 – 22:57:49 – [] —-D C:\ProgramData\SAveNewaoAppiz
PUP.JoniCoupon [Multiplug] (2014/08/15) G2 – GCE: Preference [User Data\Default] [nhnidlkhhjebigglnmkofckoakonmahc] JooniCoUpon v.7.0 (Désactivé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhnidlkhhjebigglnmkofckoakonmahc [JooniCoUpon]
M2 – MFEP: prefs.js [Coolman – ivo9vmmy.default\zx4oa@zfyeoo.org] [] JooniCoUpon v7.0 (..)
O43 – CFD: 09-08-14 – 22:57:49 – [] —-D C:\ProgramData\JonICaouupOn
PUP.AllDaySavings [Spyware] (2014/08/14) [HKLM\Software\AllDaySavings ]
[HKLM\Software\AllDaySavings]
[HKLM\Software\Wow6432Node\AllDaySavings]
O23 – Service: AllDaySavingsService64 (AllDaySavingsService64) . (…) – C:\Program Files (x86)\A959F8AE-9EDE-4570-9F11-3C08F89A43A3\skwdldhvtp64.exe
SR – | Auto 17/07/2014 172544 | (AllDaySavingsService64) . (…) – C:\Program Files (x86)\A959F8AE-9EDE-4570-9F11-3C08F89A43A3\skwdldhvtp64.exe
PUP.Multiplug (2014/08/13) O2 – BHO: RaigohT dEaL44mme [64Bits] – {18913756-C697-5DCF-03D3-EE6DEB64CEC4} . (…) — C:\ProgramData\dEaL44mme\Myy.x64.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18913756-C697-5DCF-03D3-EE6DEB64CEC4}]
[HKLM\Software\Classes\CLSID\{18913756-C697-5DCF-03D3-EE6DEB64CEC4}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18913756-C697-5DCF-03D3-EE6DEB64CEC4}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18913756-C697-5DCF-03D3-EE6DEB64CEC4}]
O43 – CFD: 10/08/2014 – 08:13:00 – [] —-D C:\ProgramData\dEaL44mme
PUP.Multiplug (2014/08/12) O2 – BHO: RaigohT CConveriter [64Bits] – {32AAE6F0-70E8-EAC6-685F-698A2064E9CB} . (…) — C:\ProgramData\RaigohT CConveriter\UsoxDj.x64.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32AAE6F0-70E8-EAC6-685F-698A2064E9CB}]
[HKLM\Software\Classes\CLSID\{32AAE6F0-70E8-EAC6-685F-698A2064E9CB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32AAE6F0-70E8-EAC6-685F-698A2064E9CB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32AAE6F0-70E8-EAC6-685F-698A2064E9CB}]
C:\ProgramData\RaigohT CConveriter\UsoxDj.x64.dll
Adware.FreeSoftToday (2014/08/12) O4 – HKLM\..\Wow6432Node\Run: [fst_ch_2] . (…) — C:\Program Files (x86)\fst_ch_2\fst_ch_2.exe
O4 – HKLM\..\Wow6432Node\RunOnce: [upfst_ch_2.exe] . (…) — C:\Users\Coolman\AppData\Local\fst_ch_2\upfst_ch_2.exe
O43 – CFD: 02.08.2014 – 15:30:48 – [] —-D C:\Program Files (x86)\fst_ch_2
O43 – CFD: 12.08.2014 – 12:45:56 – [] —-D C:\Users\Coolman\AppData\Local\fst_ch_2
O61 – LFC: 12.08.2014 – 13:04:38 —A- . (.FST.) — C:\Users\Coolman\AppData\Local\fst_ch_2\Download\majfst_gentlemg.exe [2739624]
Trojan.Vonteera (2014/08/12) O42 – Logiciel: ARhome – (.NoVooIT.) [HKLM][64Bits] — ARhome
O42 – Logiciel: ArHome – (.NoVooIT.) [HKCU][64Bits] — ARhome
[HKCU\Software\NoVooIT]
[HKLM\Software\Wow6432Node\NoVooITSet]
O43 – CFD: 18/12/2013 – 09:34:45 – [] —-D C:\Program Files (x86)\NoVooIT
O43 – CFD: 18/12/2013 – 09:34:44 – [] —-D C:\Program Files (x86)\NoVooITAddon
O43 – CFD: 10/01/2014 – 00:20:27 – [] —-D C:\Users\Coolman\AppData\Roaming\NoVooIT
O43 – CFD: 10/01/2014 – 00:20:27 – [] —-D C:\Users\Coolman\AppData\Roaming\NoVooITAddon
PUP.Nosibay (2014/08/11) O4 – HKCU\..\Run: [WindApp] . (.Nosibay – WindApp installer.) — C:\Users\Coolman\AppData\Roaming\Store\WindApp\WindApp Update.exe
O4 – HKUS\S-1-5-21-4235602390-3450967959-3003525134-1001\..\Run: [WindApp] . (.Nosibay – WindApp installer.) — C:\Users\Coolman\AppData\Roaming\Store\WindApp\WindApp Update.exe
O42 – Logiciel: WindApp (remove only) – (.Store.) [HKCU] — WindApp
O43 – CFD: 05/08/2014 – 11:05:52 – [] —-D C:\Users\Coolman\AppData\Roaming\Store
PUP.CrossRider [Adware] (2014/08/11) G2 – GCE: Preference [User Data\Default] [onlnnachibjmjahfpoemhledlpakoicg] Remove Bloat! v.0.1 (Activé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlnnachibjmjahfpoemhledlpakoicg [Remove Bloat!]
PUP.Re-Markable [Adware] (2014/08/10) O2 – BHO: Re-Markable – {5AA43D69-9439-D428-63A7-2E45CBA25C59} . (…) — C:\Program Files (x86)\ver8Re-Markable\176.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA43D69-9439-D428-63A7-2E45CBA25C59}]
[HKLM\Software\Classes\CLSID\{5AA43D69-9439-D428-63A7-2E45CBA25C59}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA43D69-9439-D428-63A7-2E45CBA25C59}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA43D69-9439-D428-63A7-2E45CBA25C59}]
C:\Program Files (x86)\ver8Re-Markable
PUP.CrossRider [Adware] (2014/08/09) G2 – GCE: Preference [User Data\Default] [hcbpgfdicpejhfdgnpnggefimkncelki] Auto Clip v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [kpiglpdbbmcnncekagalndhicllimchm] Reddit this! v.0.1 (Activé)
Trojan.PMax (2014/08/09) O4 – HKCU\..\Run: [MediaInfo] . (…) — C:\Users\Coolman\AppData\Local\MediaInfo\Formats\mif.exe
O4 – HKUS\S-1-5-21-452497154-839987765-2407718914-1001\..\Run: [MediaInfo] . (…) — C:\Users\Coolman\AppData\Local\MediaInfo\Formats\mif.exe
PUP.IsStart [Hijacker] (2014/08/09) G0 – GCSP: Preference [User Data\Default][HomePage] http://www.istartsurf.com
R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com
R0 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com
R1 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com
R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com
R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com
R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com
O4 – GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:\Program Files\Google\Chrome\Application\chrome.exe http://www.istartsurf.com
O4 – GS\QuickLaunch [hp]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com
O4 – GS\Program [hp]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com
O4 – GS\SystemTools [hp]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com
—\\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM\..\Shell\open\Command] (…) — C:\Program Files\Google\Chrome\Application\chrome.exe » http://www.istartsurf.com
O68 – StartMenuInternet: [HKLM\..\Shell\open\Command] (…) — C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com
O69 – SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] – (istartsurf) – http://www.istartsurf.com
PUP.AllDaySavings [Spyware] (2014/08/08) O42 – Logiciel: allday savings – (.allday savings.) [HKLM][64Bits] — F39EE28F-D410-4882-9303-A2D760308B70
[HKLM\Software\allday savings]
Adware.DownTango (2014/08/07) O42 – Logiciel: OBRONA BlockAds – (.OBRONA BlockAds / Red Sky LLC.) [HKCU][64Bits] — ObronaBlockAds
O43 – CFD: 07/08/2014 – 02:10:35 – [] —-D C:\Users\Coolman\AppData\Local\Obrona Block Ads
O61 – LFC: 07/08/2014 – 18:24:20 —A- . (…) — C:\Users\Coolman\AppData\Local\Obrona Block Ads\Uninstaller.exe [163783]
PUP.BlockAndSurf [Spyware] (2014/08/07) [MD5.FF5454F1EAB3BEE8AF7EEA79BA31EE88] – (…) — C:\Program Files (x86)\di2BlockAndSurf\di3BlockAndSurff.exe [98304] [PID.1804]
O2 – BHO: BlockAndSurf [64Bits] – {E10D0846-2FE5-FB94-C972-7D137FF4F0E9} . (…) — C:\Program Files (x86)\di2BlockAndSurf\175.dll
[MD5.FF5454F1EAB3BEE8AF7EEA79BA31EE88] [APT] [BlockAndSurf_wd] (…) — C:\Program Files (x86)\di2BlockAndSurf\di3BlockAndSurff.exe [98304]
O39 – APT: BlockAndSurf_wd – (…) — C:\Windows\Tasks\BlockAndSurf_wd.job [406]
PUP.SystemK [Adware] (2014/08/06) O23 – Service: SmdmF Service (SmdmFService) . (…) – C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
[HKCU\Software\SmdmF]
[HKLM\Software\Wow6432Node\SmdmF]
O43 – CFD: 07/08/2014 – 04:57:46 – [] —-D C:\ProgramData\smdmf
SS – | Auto 10/07/1658 0 | (SmdmFService) . (…) – C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
PUP.ClicknMark [CrossRider] (2014/08/06) [HKCU\Software\AppDataLow\Software\click-n-mark]
[HKLM\Software\click-n-mark-5]
O43 – CFD: 04/08/2014 – 23:31:05 – [] —-D C:\Program Files (x86)\ver6click-n-mark
O43 – CFD: 05/01/2014 – 09:18:10 – [5,229] —-D C:\Program Files\click-n-mark-5
[MD5.9CB8D3E2C36DD7AC52422D698A8F96C3] [APT] [click-n-mark-5-codedownloader] (.Remarkable.) — C:\Program Files\click-n-mark-5\click-n-mark-5-codedownloader.exe [518656]
[MD5.9A2F08C04B3C2AABBF7F00439ED7F062] [APT] [click-n-mark-5-enabler] (.Remarkable.) — C:\Program Files\click-n-mark-5\click-n-mark-5-enabler.exe [332288]
[MD5.03AC0A3A1C64FFFAF86878FCE59B0B88] [APT] [click-n-mark-5-firefoxinstaller] (.Remarkable.) — C:\Program Files\click-n-mark-5\click-n-mark-5-firefoxinstaller.exe [764416]
[MD5.D193D7A423DF34E15A63D5AC4A0051BB] [APT] [click-n-mark-5-updater] (.Remarkable.) — C:\Program Files\click-n-mark-5\click-n-mark-5-updater.exe [344064]
PUP.Multiplug (2014/08/06) O42 – Logiciel: sURFkEePIt – (.surfkeepIt.) [HKLM][64Bits] — {594FD08C-0622-F9B8-CB02-7C1355D33CB8}
O42 – Logiciel: PNGGconvert – (.PNGconvert.) [HKLM][64Bits] — {EC260287-CB08-226A-2B80-09C53F61CFA1}
PUP.LinkiDoo [Adware] (2014/08/06) O64 – Services: CurCS – 02/06/2014 – C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw) .(.StdLib – StdLib.) – LEGACY_{0782648B-1717-4FEF-AC58-8CB3CE03ADB3}GW
O64 – Services: CurCS – 05/06/2014 – C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w.sys ({0782648b-1717-4fef-ac58-8cb3ce03adb3}w) .(.StdLib – StdLib.) – LEGACY_{0782648B-1717-4FEF-AC58-8CB3CE03ADB3}W
O64 – Services: CurCS – 30/06/2014 – C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}w.sys ({bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}w) .(.StdLib – StdLib.) – LEGACY_{BBB14E79-8BCA-4ABD-B124-4D30F9A4E2AD}W
O58 – SDL:02/06/2014 – 15:03:28 —A- . (.StdLib – StdLib.) — C:\Windows\System32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw.sys [52928]
O58 – SDL:05/06/2014 – 14:23:56 —A- . (.StdLib – StdLib.) — C:\Windows\System32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w.sys [52928]
O58 – SDL:30/06/2014 – 10:21:02 —A- . (.StdLib – StdLib.) — C:\Windows\System32\Drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}w.sys [52928]
PUP.Astromenda [Hijacker] (2014/08/04) O39 – APT: Astromenda – (…) — C:\Windows\Tasks\Astromenda.job
O42 – Logiciel: Astromenda – (.Astromenda.) [HKLM][64Bits] — Astromenda
O43 – CFD: 31/07/2014 – 22:09:43 – [] —-D C:\Program Files (x86)\Astromenda
O43 – CFD: 31/07/2014 – 22:09:53 – [] —-D C:\Users\Coolman\AppData\Roaming\Astromenda
Trojan.Tracur (2014/08/04) [MD5.79F054D5CDD884E745282873ACC88BF9] – (.Pas de propriétaire – Windows Media Center Diagnostic Application.) — C:\Windows\TEMP\mrtCC14.tmp\stdrt.exe [372736] [PID.1840]
O23 – Service: Adobe Licensing Console (Adobe Licensing Console) . (.Pas de propriétaire – Windows Media Center Diagnostic Application.) – C:\Windows\SysWOW64\adbcnsl.exe
[HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console]
PUP.Explorary [Hijacker] (2014/08/03) M2 – MFEP: prefs.js [Coolman – 1lrybu8p.default\toolbar@explorary.com] [] Toolbar Explorary v1.04.5 (..)
[HKCU\Software\explorary]
O43 – CFD: 01/07/2014 – 22:40:55 – [] —-D C:\Program Files (x86)\Explorary
O69 – SBI: SearchScopes [HKCU] {5ca81b0d-4875-47f8-b9cb-1d97d8a775e7} [DefaultScope] – (explorary) – http://www.explorary.com
Trojan.Tracur (2014/08/03) [MD5.79F054D5CDD884E745282873ACC88BF9] – (.Pas de propriétaire – Windows Media Center Diagnostic Application.) — C:\Windows\TEMP\mrtCC33.tmp\stdrt.exe [372736] [PID.1836]
O23 – Service: Adobe Licensing Console (Adobe Licensing Console) . (.Pas de propriétaire – Windows Media Center Diagnostic Application.) – C:\Windows\SysWOW64\adbcnsl.exe
[HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console]
SS – | Auto 29/03/2012 689492 | (Adobe Licensing Console) . (…) – C:\Windows\SysWOW64\adbcnsl.exe
PUP.Re-Markable (2014/08/01) [MD5.F2F5D5431C5A9E48E960C6C3F55A916D] [APT] [Re-Markable Update] (…) — C:\Program Files (x86)\ver2Re-Markable\a8Re-MarkableE29.exe [423424]
[MD5.00000000000000000000000000000000] [APT] [Re-Markable_wd] (…) — C:\Program Files (x86)\ver2Re-Markable\w7Re-MarkableW.exe
O39 – APT: Re-Markable Update – (…) — C:\Windows\Tasks\Re-Markable Update.job [440]
O39 – APT: Re-Markable Update – (…) — C:\Windows\System32\Tasks\Re-Markable Update [440]
O39 – APT: Re-Markable_wd – (…) — C:\Windows\Tasks\Re-Markable_wd.job [420]
O39 – APT: Re-Markable_wd – (…) — C:\Windows\System32\Tasks\Re-Markable_wd [420]
O42 – Logiciel: Re-Markable – (.Re-Markable-software.) [HKLM][64Bits] — D05AA111-01EF-D118-97E0-FD24F7197C45
PUP.CrossRider [Adware] (2014/08/01) [MD5.D182D7A7338BB37A58428BF064FC81AF] [APT] [1b0d611d-e6ee-44cd-a133-db1bace85a54-1] (.browser.) — C:\Program Files (x86)\Browsers App\Browsers App-codedownloader.exe [560488]
[MD5.E13C062FC20B71B15BCA121B4ED863C2] [APT] [1b0d611d-e6ee-44cd-a133-db1bace85a54-11] (.browser.) — C:\Program Files (x86)\Browsers App\1b0d611d-e6ee-44cd-a133-db1bace85a54-11.exe [1935720]
[MD5.26AEE43088F86A1E0C8A0BA9AF6CC3B0] [APT] [1b0d611d-e6ee-44cd-a133-db1bace85a54-2] (.browser.) — C:\Program Files (x86)\Browsers App\1b0d611d-e6ee-44cd-a133-db1bace85a54-2.exe [389480]
O39 – APT: 1b0d611d-e6ee-44cd-a133-db1bace85a54-11 – (.browser.) — C:\Windows\Tasks\1b0d611d-e6ee-44cd-a133-db1bace85a54-11.job [3816]
O39 – APT: 1b0d611d-e6ee-44cd-a133-db1bace85a54-11 – (.browser.) — C:\Windows\System32\Tasks\1b0d611d-e6ee-44cd-a133-db1bace85a54-11 [3816]
[HKCU\Software\AppDataLow\Software\Browsers App]
O42 – Logiciel: Browsers App – (.browser.) [HKLM][64Bits] — Browsers App
Hijacker.MyhomeViview (2014/07/30) G0 – GCSP: Preference [User Data\Default] http://myhome.vi-view.com
R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com
R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com
M0 – MFSP: prefs.js [Coolman – n5vs13la.default] http://myhome.vi-view.com
PUP.Amonetize (Adware) (2014/07/29) [MD5.465B385BFD8ED8176FBB9B10AEC6EC8F] – (…) — C:\WINDOWS\system32\nethtsrv.exe [179200] [PID.2140]
[MD5.C43AE4D767FA6A65FC6799DA104DDD8A] – (…) — C:\WINDOWS\system32\netupdsrv.exe [159744] [PID.2284]
O23 – Service: Network HTTP Support Service (NetHttpService) . (…) – C:\WINDOWS\system32\nethtsrv.exe
O23 – Service: Network Support Service Updater (ServiceUpdater) . (…) – C:\WINDOWS\system32\netupdsrv.exe
O43 – CFD: 29/07/2014 – 12:34:29 – [] —-D C:\Documents and Settings\taki\Application Data\Popper
O64 – Services: CurCS – 09/07/2014 – C:\WINDOWS\system32\drivers\nethfdrv.sys (nethfdrv) .(.Pas de propriétaire – nethfdrv.sys.) – LEGACY_NETHFDRV
O64 – Services: CurCS – 09/07/2014 – C:\WINDOWS\system32\nethtsrv.exe (NetHttpService) .(…) – LEGACY_NETHTTPSERVICE
O64 – Services: CurCS – 09/07/2014 – C:\WINDOWS\system32\netupdsrv.exe (ServiceUpdater) .(…) – LEGACY_SERVICEUPDATER
Trojan.Vonteera (2014/07/29) R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R0 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
O2 – BHO: FoxPro – {598AC71E-BE58-3981-B78A-5C138F423AD6} . (…) — C:\Documents and Settings\Coolman\Application Data\VolIE\FoxPro_32.dll
[HKCU\Software\Popper]
O43 – CFD: 27/12/2013 – 22:00:15 – [0] —-D C:\Documents and Settings\taki\Application Data\NoVooITAddon
O69 – SBI: SearchScopes [HKCU] 4868D4CAC5974BA59C526420FF340541 – (VenteeRo) – http://www.arabyonline.com
PUP.Multiplug (2014/07/29) G2 – GCE: Preference [User Data\Default] [dfaigikbpfndpeoioabmkippnhhjlgnf] YYTAddRemovaL v.1.5 (Activé)
O43 – CFD: 03/03/2014 – 02:27:58 – [0] —-D C:\Program Files (x86)\YYTAddRemovaL
O43 – CFD: 13/02/2014 – 08:13:44 – [] —-D C:\ProgramData\dfaigikbpfndpeoioabmkippnhhjlgnf
PUP.SupTab [Spyware] (2014/07/28) [MD5.4A8B45597C8C9C30A7039FE5EA84BBA7] – (…) — C:\Program Files (x86)\SupTab\HpUI.exe [732040] [PID.2816]
[MD5.D46415CD75DDA09F0A17D2FDA2235CB0] – (…) — C:\Program Files (x86)\SupTab\Loader32.exe [64000] [PID.2992]
PUP.CrossRider [Adware] (2014/07/27) [MD5.C9ED173A1419BCC42A42C31C688308A2] – (…) — C:\Program Files\mbot_fr_15\mbot_fr_15.exe [3975648] [PID.4092]
[MD5.C28E29A910BD573D964516A6B02D7446] – (…) — C:\Users|Coolman\AppData\Local\mbot_fr_15\upmbot_fr_15.exe [3322336] [PID.2864]
O4 – HKLM\..\Run: [mbot_fr_15] . (…) — C:\Program Files\mbot_fr_15\mbot_fr_15.exe
O4 – HKLM\..\RunOnce: [upmbot_fr_15.exe] . (…) — C:\Users|Coolman\AppData\Local\mbot_fr_15\upmbot_fr_15.exe
O42 – Logiciel: MyBestOffersToday 001.15 – (.MYBESTOFFERSTODAY.) [HKLM] — mbot_fr_15_is1
[HKLM\Software\MYBESTOFFERSTODAY]
O43 – CFD: 26/07/2014 – 16:41:08 – [] —-D C:\Program Files\mbot_fr_15
PUP.Multiplug (2014/07/27) O2 – BHO: SSavueMass – {B1A2AE41-65EF-A39E-CCB1-84EFAE307857} . (…) — C:\Program Files\SSavueMass\bRR.dll
O42 – Logiciel: SSavueMass – (.SaveMass.) [HKLM] — {F7FFE175-E3D6-2E86-0226-1D3AE4905E40}
O43 – CFD: 26/07/2014 – 17:58:06 – [] —-D C:\Program Files\SSavueMass
O43 – CFD: 26/07/2014 – 17:58:07 – [] —-D C:\ProgramData\SSavueMass
PUP.CrossRider [Adware] (2014/07/27) G2 – GCE: Preference [User Data\Default] [kgdaeidiojbdgmnjnpmklilaodjlkbjp] Browseri_Appe 1.2 v.1.26.33, (Activé)
O2 – BHO: CrossriderApp0060346 – {11111111-1111-1111-1111-110611031146} . (…) — C:\Program Files\Browseri_Appe 1.2\Browseri_Appe 1.2-bho.dll
[HKLM\Software\Google\Chrome\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp
C:\program files\browseri_appe 1.2\browseri_appe 1.2-bg.exe
PUP.CrossRider [Adware] (2014/07/27) [MD5.A3F7E7E059190C266F9828C3FFE75816] [APT] [2f49fcb8-bc5a-439f-86ef-78145273bbfb-5] (.smart-saverplus.) — C:\Program Files\SmartSaver1+ 12\2f49fcb8-bc5a-439f-86ef-78145273bbfb-5.exe [491880]
[MD5.A3F7E7E059190C266F9828C3FFE75816] [APT] [2f49fcb8-bc5a-439f-86ef-78145273bbfb-5_user] (.smart-saverplus.) — C:\Program Files\SmartSaver1+ 12\2f49fcb8-bc5a-439f-86ef-78145273bbfb-5.exe [491880]
O39 – APT: 2f49fcb8-bc5a-439f-86ef-78145273bbfb-11 – (.smart-saverplus.) — C:\Windows\Tasks\2f49fcb8-bc5a-439f-86ef-78145273bbfb-11.job [3790]
O39 – APT: 2f49fcb8-bc5a-439f-86ef-78145273bbfb-5_user – (.smart-saverplus.) — C:\Windows\System32\Tasks\2f49fcb8-bc5a-439f-86ef-78145273bbfb-5_user [1446]
O42 – Logiciel: SmartSaver1+ 12 – (.smart-saverplus.) [HKLM] — SmartSaver1+ 12
[HKCU\Software\AppDataLow\Software\SmartSaver1+ 12]
O43 – CFD: 26/07/2014 – 16:42:46 – [] —-D C:\Program Files\SmartSaver1+ 12
PUP.CrossRider [Adware] (2014/07/26) O4 – HKCU\..\Run: [WindApp] . (.Nosibay – WindApp installer.) — C:\Users|Coolman\AppData\Roaming\Store\WindApp\WindApp Update.exe
O4 – HKUS\S-1-5-21-1137401237-2199336907-3109346764-1000\..\Run: [WindApp] . (.Nosibay – WindApp installer.) — C:\Users|Coolman\AppData\Roaming\Store\WindApp\WindApp Update.exe
[MD5.956E90BB7C7D1DE6802E0C20E6DCB811] [APT] [WindApp Update] (.Nosibay.) — C:\Users|Coolman\AppData\Roaming\Store\WindApp\WindApp Update.exe [160552]
O42 – Logiciel: WindApp (remove only) – (.Store.) [HKCU] — WindApp
[HKCU\Software\Store]
O43 – CFD: 26/07/2014 – 16:42:39 – [] —-D C:\Users|Coolman\AppData\Roaming\Store
O61 – LFC: 24/07/2014 – 16:49:49 —A- . (.Nosibay.) — C:\Users|Coolman\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe [598576]
O61 – LFC: 24/07/2014 – 16:49:49 —A- . (.Nosibay.) — C:\Users|Coolman\AppData\Roaming\Store\WindApp\WindApp Update.exe [160552]
PUP.CrossRider [Adware] (2014/07/26) [MD5.7E20B594C938AB70D9DC4E5E6B365F38] – (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760] [PID.1424]
O4 – HKCU\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
O42 – Logiciel: Fabulous discounts – (…) [HKCU] — fabulous_07261115
[HKCU\Software\fabulous]
O43 – CFD: 26/07/2014 – 13:15:32 – [] —-D C:\Users\Coolman\AppData\Local\fabulous_07261115
PUP.DealKeeper [Sambreel] (2014/07/26) O2 – BHO: Deal Keeper [64Bits] – {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} . (.Deal Keeper – Deal Keeper.) — C:\Program Files (x86)\Deal Keeper\DealKeeperbho.dll
O23 – Service: Update Deal Keeper (Update Deal Keeper) . (.Deal Keeper – Deal Keeper.) – C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
O23 – Service: Util Deal Keeper (Util Deal Keeper) . (.Deal Keeper – Deal Keeper.) – C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
O42 – Logiciel: Deal Keeper – (.Deal Keeper.) [HKLM][64Bits] — Deal Keeper
[HKCU\Software\Deal Keeper]
PUP.CinemaHDplus [CrossRider] (2014/07/25) [MD5.D8ADBF8037FD1252C8F2DD5011CE2DFD] – (.ChannelHD – CinemaHDplus-V1.8 exe.) — C:\program files (x86)\cinemahdplus-v1.8\cinemahdplus-v1.8-bg.exe [602984] [PID.852]
[MD5.9CADF1F98100439D3A91F258F83AA4D1] – (.ChannelHD – CinemaHDplus-V1.8 exe.) — C:\Program Files (x86)\CinemaHDplus-V1.8\d25d7e49-83ea-400f-bca7-0c0e9c8e58d6-10.exe [368488] [PID.2220]
[MD5.68024869CE464D9C7038C7634972A14F] [APT] [d25d7e49-83ea-400f-bca7-0c0e9c8e58d6-1] (.ChannelHD.) — C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-codedownloader.exe [560488]
[MD5.9CADF1F98100439D3A91F258F83AA4D1] [APT] [d25d7e49-83ea-400f-bca7-0c0e9c8e58d6-10] (.ChannelHD.) — C:\Program Files (x86)\CinemaHDplus-V1.8\d25d7e49-83ea-400f-bca7-0c0e9c8e58d6-10.exe [368488]
O39 – APT: d25d7e49-83ea-400f-bca7-0c0e9c8e58d6-5_user – (.ChannelHD.) — C:\Windows\Tasks\d25d7e49-83ea-400f-bca7-0c0e9c8e58d6-5_user.job [1482]
[HKCU\Software\AppDataLow\Software\CinemaHDplus-V1.8]
PUP.SaveOn [Multiplug] (2014/07/25) G2 – GCE: Preference [User Data\Default] [nhfgoieljnjfbnmoecbgdpajpleffhgg] save on v.2.14 (Désactivé)
O2 – BHO: sAvaE oon [64Bits] – {C62360D9-B4CA-15E0-3138-A592F1EB27B3} . (…) — C:\Program Files (x86)\sAvaE oon\z8dJ3xD16.dll
O43 – CFD: 10/06/2014 – 14:45:46 – [] —-D C:\Program Files (x86)\sAvaE oon
O43 – CFD: 11/06/2014 – 17:25:18 – [0] —-D C:\Program Files (x86)\save oun
O43 – CFD: 10/06/2014 – 14:45:46 – [] —-D C:\ProgramData\sAvaE oon
O43 – CFD: 11/06/2014 – 18:50:30 – [0] —-D C:\ProgramData\save oun
PUP.NetCoupon [Adware] (2014/07/25) G2 – GCE: Preference [User Data\Default] [flnhpjimbjmjggchhpikdcodkppnplmi] NetaoCoupoNN v.6.1 (Désactivé)
G2 – EXT: C:\Documents and Settings\dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flnhpjimbjmjggchhpikdcodkppnplmi [NetaoCoupoNN]
M2 – MFEP: prefs.js [dell – wsuo5bzk.default\rp.0@ioouou.net] [] NetaoCoupoNN v6.1 (..)
PUP.Multiplug (2014/07/24) O2 – BHO: DiscountExtaeNssi – {03DB6C99-C749-1FF3-ABFA-79E3F6713D7F} . (…) — C:\ProgramData\DiscountExtaeNssi\z9HVm.dll
O42 – Logiciel: DiscountExtaeNssi – (.DiscouantExtensi.) [HKLM] — {B138259A-351E-33FA-2726-8D71704F1DA9}
O43 – CFD: 12/07/2014 – 15:05:28 – [] —-D C:\ProgramData\DiscountExtaeNssi
PUP.CrossRider [Adware] (2014/07/24) O42 – Logiciel: HQPureV1.8 – (.HQPure.) [HKLM][64Bits] — HQPureV1.8
O43 – CFD: 22/07/2014 – 23:17:02 – [] —-D C:\Program Files (x86)\HQPureV1.8
PUP.IePluginService [Hijacker](2014/07/24) [MD5.E4A8257B84403ACA7367976DD317E9C1] – (.Cherished Technololgy LIMITED – IePlugin Service.) — C:\ProgramData\IePluginServices\PluginService.exe [757872] [PID.1920]
O23 – Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED – IePlugin Service.) – C:\ProgramData\IePluginServices\PluginService.exe
O43 – CFD: 26/06/2014 – 10:36:20 – [] —-D C:\ProgramData\IePluginServices
SR – | Auto 19/06/2014 757872 | (IePluginServices) . (.Cherished Technololgy LIMITED.) – C:\ProgramData\IePluginServices\PluginService.exe
PUP.CrossRider [Adware] (2014/07/23) G2 – GCE: Preference [User Data\Default] [dnaojefanpmakfgcaliphepgoiiafmpf] video MediaPlay-Air v.1.26.35, (Activé)
G2 – EXT: C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf
O2 – BHO: CrossriderApp0059599 [64Bits] – {11111111-1111-1111-1111-110511951199} . (.enter – video MediaPlay-Air BHO.) — C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho.dll
O42 – Logiciel: video MediaPlay-Air – (.enter.) [HKLM][64Bits] — video MediaPlay-Air
[HKCU\Software\AppDataLow\Software\video MediaPlay-Air]
O43 – CFD: 23/07/2014 – 02:07:42 – [] —-D C:\Program Files (x86)\video MediaPlay-Air
PUP.HypeNet (Hijacker) (2014/07/23) O2 – BHO: HypeNet [64Bits] – {9cf7f2d8-05d0-477d-bd80-49233e2ad7d9} . (.HypeNet – HypeNet.) — C:\Program Files (x86)\HypeNet\HypeNetBHO.dll
O23 – Service: Update HypeNet (Update HypeNet) . (.HypeNet – HypeNet.) – C:\Program Files (x86)\HypeNet\updateHypeNet.exe
O23 – Service: Util HypeNet (Util HypeNet) . (.HypeNet – HypeNet.) – C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe
[HKLM\Software\Wow6432Node\HypeNet]
O43 – CFD: 20/07/2014 – 17:58:31 – [0] —-D C:\Program Files\HypeNet
PUP.Whilokii (Hijacker) (2014/07/23) [MD5.BFA19004FEF04D778DE09E374CD858A3] – (…) — C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter.exe [96536] [PID.3744]
G2 – GCE: Preference [User Data\Default] [dljhohhmfjfhgfhpgkfefjoojfobodhn] Whilokii v.1.0.0 (Désactivé)
[HKLM\Software\Wow6432Node\Whilokii]
O43 – CFD: 29-06-14 – 12:45:22 – [] —-D C:\Program Files (x86)\Whilokii
O45 – LFCP:[MD5.1FD081B00AAA55D6708218037F8C0153] – 22-07-14 – 19:21:08 —A- – C:\Windows\Prefetch\WHILOKII.BROWSERADAPTER.EXE-758EB880.pf
O45 – LFCP:[MD5.0B564224ABF5EADCF34A56BE7D03F981] – 22-07-14 – 19:20:55 —A- – C:\Windows\Prefetch\WHILOKII.PURBROWSE64.EXE-A62FE49E.pf
PUP.ServiceManager (2014/07/22) O4 – HKLM\..\Run: [Windows Service Manager] . (…) — C:\Program Files\Service Manager\systemv32.exe
O4 – HKLM\..\Run: [systemv32] . (…) — C:\Program Files\Service Manager\systemv32.exe
O43 – CFD: 21/07/2014 – 17:59:25 – [] —-D C:\Program Files\Service Manager
PUP.AdPeak [Adware] (2014/07/21) [MD5.125D03DA07311D432EE75C5C4FAD178F] – (…) — C:\Program Files\005\cyycfhtzro32.exe [543232] [PID.2280]
O23 – Service: cyycfhtzro32 (cyycfhtzro32) . (…) – C:\Program Files\005\cyycfhtzro32.exe
O43 – CFD: 21/07/2014 – 17:55:23 – [] —-D C:\Program Files\005
SR – | Auto 21/07/2014 543232 | (cyycfhtzro32) . (…) – C:\Program Files\005\cyycfhtzro32.exe
PUP.Multiplug (2014/07/21) O43 – CFD: 12/06/2014 – 18:42:40 – [0] —-D C:\Program Files\SaluesMAggneet
O43 – CFD: 21/07/2014 – 18:59:27 – [0] —-D C:\Program Files\DeAlsFinndaerPro
O43 – CFD: 25/03/2014 – 19:04:51 – [] —-D C:\ProgramData\CoolSSalleCaoupaon
O43 – CFD: 06/07/2014 – 19:14:35 – [0] —-D C:\ProgramData\SalesCheoCker
PUP.MarkkIt [Spyware] (2014/07/20) G2 – GCE: Preference [User Data\Default] [fepfchmifnojkckdkccoedjenodhcicc] MarkKit v.1.136 (Activé)
O2 – BHO: MarkKit [64Bits] – {d51a6574-89aa-47ae-b2e0-1520e6f72ed6} . (…) — C:\Program Files (x86)\MarkKit\136.dll
O23 – Service: MarkKit (MarkKit) . (.MarkKit – MarkKit.) – C:\Program Files (x86)\mark_kit\MarkKithC173.exe
O42 – Logiciel: MarkKit – (.MarkKit Software.) [HKLM][64Bits] — {81e9bfbe-ac91-438c-9305-65aa4876b482}
PUP.CrossRider (2014/07/20) G2 – GCE: Preference [User Data\Default] [iilfecopjcmjdgfffklfdkhbkpkmcglh] HDvid-Codec V9.0 v.1.26.9, (Activ?)
O2 – BHO: HDvid-Codec V9.0 – {11111111-1111-1111-1111-110511131156} . (…) — c:\program files\hdvid-codec v9.0\HDvid-Codec V9.0-bho.dll
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\HDvid-Codec V9.0
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\hdvidcodec.com
C:\Windows\System32\Tasks\HDvid-Codec V9.0-chromeinstaller
C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
PUP.IsStart [Hijacker] (2014/07/19) [MD5.1608D54DC69EA7E763CDAB78F71CAFD6] – (.Skytech Co., Ltd. – Skytech.) — C:\Users\Coolman\AppData\Roaming\istart123\UninstallManager.exe [1856512] [PID.5228]
M3 – MFPP: Plugins – [Jean] — C:\Program Files\Mozilla FireFox\searchplugins\istart123.xml
M0 – MFSP: prefs.js [Jean – eaof5vh0.default] http://www.istart123.com
R0 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com
R1 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com
O42 – Logiciel: istart123 uninstall – (.istart123.) [HKLM] — istart123 uninstall
Adware.Incredibar [Hijacker] (2014/07/19) [MD5.E954838E8482BB4B4B0852BE00A97A08] – (…) — C:\Program Files\Video downloader\ExtensionUpdaterService.exe [188760] [PID.2672]
O2 – BHO: V-bates Helper [64Bits] – {77BEC163-D389-42c1-91A4-C758846296A5} . (…) — C:\Program Files\Video downloader\Extension32.dll
O23 – Service: V-bates Updater (V-bates Updater) . (…) – C:\Program Files\Video downloader\ExtensionUpdaterService.exe
PUP.Genesis [Adware] (2014/07/18) [MD5.759CAFCCF5638BB7695D412A8EE1671C] – (.çà – Chloe.) — C:\Users\Coolman\AppData\Local\gwwpoi.exe [2056192] [PID.3508]
O4 – HKCU\..\Run: [gwwpoi] . (.çà – Chloe.) — c:\users\Coolman\appdata\local\gwwpoi.exe
O4 – HKUS\S-1-5-21-91697975-1426437849-2742492269-1001\..\Run: [gwwpoi] . (.çà – Chloe.) — c:\users\Coolman\appdata\local\gwwpoi.exe
O42 – Logiciel: Genesis – (…) [HKCU] — gwwpoi
O61 – LFC: 11-07-14 – 09:18:43 —A- . (.çà.) — C:\Users\Coolman\AppData\Local\gwwpoi.exe [2056192]
PUP.Norpalla [Adware] (2014/07/18) O2 – BHO: Norpalla [64Bits] – {18b20944-f54e-4509-88fa-f0ad137bf8de} . (.Norpalla – Norpalla.) — C:\Program Files (x86)\Norpalla\NorpallaBHO.dll
O23 – Service: Util Norpalla (Util Norpalla) . (.Norpalla – Norpalla.) – C:\Program Files (x86)\Norpalla\bin\utilNorpalla.exe
O23 – Service: Update Norpalla (Update Norpalla) . (.Norpalla – Norpalla.) – C:\Program Files (x86)\Norpalla\updateNorpalla.exe
O42 – Logiciel: Norpalla 2013.11.07.232809 – (.Norpalla.) [HKLM] — Norpalla
HKLM\SOFTWARE\Microsoft\Tracing\Norpalla_RASAPI32
PUP.Groovorio [Hijacker] (2014/07/18) G2 – GCE: Preference [User Data\Default] [blmchfpimpbbdmgpcieclabeafkljbhm] Groovorio New Tab v.0.3.3, (Activé)
R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com
O39 – APT: Groovorio Updater – (…) — C:\Windows\Tasks\Groovorio Updater.job [306]
O42 – Logiciel: Groovorio – (.Groovorio.) [HKLM][64Bits] — Groovorio
PUP.TalLtd [Adware] (2014/07/17) [MD5.09F59DB84947B00750F9EFA979FB11EB] – (…) — C:\Program Files (x86)\Isis\isis.exe [330544] [PID.6056]
O4 – HKLM\..\Wow6432Node\Run: [Isis] . (…) — C:\Program Files (x86)\Isis\isis.exe
[HKLM\Software\Wow6432Node\Isis]
O58 – SDL:15/07/2014 – 13:51:04 —A- . (.Windows Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) — C:\Windows\System32\Drivers\isis.sys [52016]
PUP.YouTuAdBlocker [Multiplug] (2014/07/17) G2 – GCE: Preference [User Data\Default] [onaicbopofgfjgbpljdicmkcneimakli] YYouTUAdBilocker v.1.1 (Activé)
O43 – CFD: 16/07/2014 – 17:00:21 – [] —-D C:\ProgramData\onaicbopofgfjgbpljdicmkcneimakli
O43 – CFD: 11/02/2014 – 02:04:39 – [] —-D C:\ProgramData\YYouTUAdBilocker
PUP.BrowserTabSearch (Hijacker) (2014/07/17) O4 – HKCU\..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe
O4 – HKUS\S-1-5-21-326481815-4273728263-2701684966-1000\..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe
O42 – Logiciel: Browser Tab Search by Ask for Firefox – (.IAC Search and Media.) [HKLM][64Bits] — Browser Tab Search by Ask_FF
O42 – Logiciel: Browser Tab Search by Ask for Internet Explorer – (.IAC Search and Media.) [HKLM][64Bits] — Browser Tab Search by Ask_IE
O43 – CFD: 27/04/2014 – 03:29:05 – [] —-D C:\Program Files (x86)\Browser Tab Search by Ask
PUP.BlockAndSurf (Spyware) (2014/07/16) MD5.EFBED3E6ADFFF2EB31C3E06176DBC0AA] – (…) — C:\Program Files (x86)\di8BlockAndSurf\BlockAndSurf.exe [130560] [PID.1816]
[MD5.F869DEF0D1345AB963DF2D75B47604F3] – (…) — C:\Program Files (x86)\di8BlockAndSurf\K8BlockAndSurfm.exe [98304] [PID.4304]
O2 – BHO: BlockAndSurf [64Bits] – {C29E789C-DCB6-4B82-88C0-D5046D2C8FF6} . (…) — C:\Program Files (x86)\di8BlockAndSurf\175.dll
O4 – HKCU\..\Run: [BlockAndSurf] . (…) — C:\Program Files (x86)\di8BlockAndSurf\BlockAndSurf.exe
[MD5.3E0AA4FEC6875B3CC84AB40C1348BF84] [APT] [BlockAndSurf Update] (…) — C:\Program Files (x86)\di8BlockAndSurf\W2BlockAndSurfv67.exe [427008]
[MD5.F869DEF0D1345AB963DF2D75B47604F3] [APT] [BlockAndSurf_wd] (…) — C:\Program Files (x86)\di8BlockAndSurf\K8BlockAndSurfm.exe [98304]
O39 – APT: BlockAndSurf Update – (…) — C:\Windows\Tasks\BlockAndSurf Update.job [450]
O39 – APT: BlockAndSurf Update – (…) — C:\Windows\System32\Tasks\BlockAndSurf Update [450]
O39 – APT: BlockAndSurf_wd – (…) — C:\Windows\Tasks\BlockAndSurf_wd.job [430]
O39 – APT: BlockAndSurf_wd – (…) — C:\Windows\System32\Tasks\BlockAndSurf_wd [430]
O43 – CFD: 15/07/2014 – 19:31:56 – [] —-D C:\Program Files (x86)\di8BlockAndSurf
PUP.VeriBrowse [AddLyrics] (2014/07/15) [MD5.9BD97CFE375B3BF741768E4C0B311C56] – (…) — C:\Program Files\di3VeriBrowse\di4VeriBrowseD.exe [98304] [PID.2032]
O2 – BHO: VeriBrowse – {203567BE-8826-2295-90A9-F5D404EB2523} . (…) — C:\Program Files\di3VeriBrowse\175.dll
O23 – Service: VeriBrowse (VeriBrowse) . (…) – C:\Program Files\di3VeriBrowse\di0VeriBrowselt175.exe
[MD5.3A42F4019831396F51726EDFBB41672C] [APT] [VeriBrowse Update] (…) — C:\Program Files\di3VeriBrowse\di3VeriBrowseT83.exe [405504]
[MD5.9BD97CFE375B3BF741768E4C0B311C56] [APT] [VeriBrowse_wd] (…) — C:\Program Files\di3VeriBrowse\di4VeriBrowseD.exe [98304]
O42 – Logiciel: VeriBrowse – (.VeriBrowse-software.) [HKLM] — 4FEF0052-74F2-99D9-2024-C6216DB55976
PUP.SecureSurf (Toolbar) (2014/07/15) O69 – SBI: SearchScopes [HKCU] {c70e19e8-6f35-46ba-b9fc-7d7949b7d987} – (secure-surf) – http://www.secure-surf.com
O69 – SBI: SearchScopes [HKCU] {ec644a48-026d-4780-84c3-83229a26fa0f} – (secure-surf) – http://www.secure-surf.com
PUP.SupraSavings [Adware] (2014/07/15) O2 – BHO: SupraSavings – {68f4dacb-10fa-ca10-ad7d-91b574356f1d} . (…) — C:\Program Files\ED8C9CDF-28C5-4A5A-9A1D-8200C60706FF\sgnahzzzax.dll
O2 – BHO: SupraSavings – {9dbbe4f9-6e7b-b8b7-9283-368de8576190} . (…) — C:\Program Files\ED8C9CDF-28C5-4A5A-9A1D-8200C60706FF\krltucdfau.dll
O23 – Service: SSupraSavingsService (SupraSavingsService) . (..) – C:\Program Files\ED8C9CDF-28C5-4A5A-9A1D-8200C60706FF\SupraSavingsService.exe
Rogue.FastCleanPro [Spyware] (2014/07/14) O4 – HKCU\..\Run: [fastclean] C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe
O43 – CFD: 2014-06-28 – 12:31:52 – [] —-D C:\Program Files (x86)\FastClean PRO
O43 – CFD: 2014-03-09 – 12:50:03 – [0,001] —-D C:\Users\Admin\AppData\Local\fastcleanpro
PUP.CrossRider (2014/07/12) [MD5.817C4AF32644C8A3545762E421A41E1E] – (.V-9.1HD – V-9.1HD exe.) — C:\Program Files\V-9.1HD\44c8e5d2-a9a3-43f2-aa82-f3c35a2ebc8c-10.exe [348696] [PID.3568]
[MD5.C36C066DD8BFE69CEBF1EBD983B723E9] – (.V-9.1HD – V-9.1HD exe.) — C:\Program Files\V-9.1HD\V-9.1HD-nova.exe [602136] [PID.3808]
O39 – APT: 44c8e5d2-a9a3-43f2-aa82-f3c35a2ebc8c-5_user – (.V-9.1HD.) — C:\Windows\Tasks\44c8e5d2-a9a3-43f2-aa82-f3c35a2ebc8c-5_user.job [1420]
O39 – APT: 44c8e5d2-a9a3-43f2-aa82-f3c35a2ebc8c-5_user – (.V-9.1HD.) — C:\Windows\System32\Tasks\44c8e5d2-a9a3-43f2-aa82-f3c35a2ebc8c-5_user [1420]
[HKLM\Software\V-9.1HD] => PUP.CrossRider
O43 – CFD: 10/07/2014 – 03:37:31 – [] —-D C:\Program Files\V-9.1HD
Adware.ScriptHost (TrackWare) (2014/07/12) M2 – MFEP: prefs.js [Coolman – rib66fcy.default-1402680467228\freegames4357@BestOffers] [] Free Games 111 v3.0.0.0 (..)
M2 – MFEP: prefs.js [Coolman – rib66fcy.default-1402680467228\speedtest171@SpeedTest] [] Speed Test v3.0.0.0 (..)
M2 – MFEP: prefs.js [Coolman – rib66fcy.default-1402680467228\speedtest4354@BestOffers] [] Speed Test 127 v3.0.0.0 (..)
PUP.LinkDoumi (Parasite) (2014/07/11) O4 – HKCU\..\Run: [linkdoumi] . (…) — C:\Program Files (x86)\linkdoumi\linkdoumi.exe
O42 – Logiciel: Window LinkDoumi – (…) [HKLM][64Bits] — LinkDoumi
[HKCU\Software\linkdoumi]
O43 – CFD: 28/02/2013 – 13:52:27 – [] —-D C:\Program Files (x86)\linkdoumi
PUP.SavingToYou (2014/07/11) O42 – Logiciel: saviinGtoyOu – (.savIngtoyou.) [HKLM] — {A2616871-3463-BCEE-5AFA-73773317A381}
[HKCU\Software\savIngtoyou]
O43 – CFD: 09/07/2014 – 13:50:27 – [] —-D C:\Program Files (x86)\savIngtoyou
PUP.BrowserApp (2014/07/11) O42 – Logiciel: Browser App – (.app.) [HKLM] — Browser App
[HKCU\Software\Browser App]
O43 – CFD: 02/07/2014 – 20:17:34 – [] —-D C:\Program Files\Browser App
PUP.Sense [CrossRider] (2014/07/11) G2 – GCE: Preference [User Data\Default] [dfohdbmjdkfijghgklbickfnaepghgba] Sense v.1.26.49, (Activé)
G2 – EXT: C:\Users\adminmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba [Sense]
O2 – BHO: CrossriderApp0048292 [64Bits] – {11111111-1111-1111-1111-110411821192} . (.Object Browser – Sense BHO.) — C:\Program Files (x86)\Sense\Sense-bho.dll
O42 – Logiciel: Sense – (.Object Browser.) [HKLM][64Bits] — Sense
[HKCU\Software\AppDataLow\Software\Sense]
O43 – CFD: 29/04/2014 – 09:19:02 – [] —-D C:\Program Files (x86)\Sense
PUP.RealDeal [Multiplug] (2014/07/10) M2 – MFEP: prefs.js [Coolman – fl7i4ap0.default\buouoy@xnfm-aao.co.uk] [] reaLdeoal v1.9 (..)
M2 – MFEP: prefs.js [Coolman – fl7i4ap0.default\onzfkop@bqu.net] [] reealdealu v1.9 (..)
O43 – CFD: 10/07/2014 – 22:09:31 – [] —-D C:\Documents and Settings\All Users\Application Data\realdeall
O43 – CFD: 10/07/2014 – 22:09:31 – [] —-D C:\Documents and Settings\All Users\Application Data\reealedEAl
PUP.Goobzo (Adware) (2014/07/10) O4 – HKCU\..\Run: [GoobzoYouTubeAccelerator] . (.GOOBZO.) — C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
O23 – Service: YouTubeAcceleratorService (YouTubeAcceleratorService) . (.GOOBZO.) – C:\Program Files (x86)\YOUTUB~1\YouTubeAcceleratorService.exe
O42 – Logiciel: YouTube Accelerator – (.Goobzo Ltd..) [HKLM][64Bits] — YouTube Accelerator
[HKLM\Software\Wow6432Node\Goobzo]
PUP.PriceChop [Multiplug] (2014/07/10) O2 – BHO: PPriceChopp – {AB926337-E0B2-A794-9747-C379B0CEA107} . (.PPriceChopp.) — C:\Program Files\PPriceChopp\xmtfI.dll
O43 – CFD: 08/07/2014 – 08:26:59 – [] —-D C:\ProgramData\PPriceChopp
O43 – CFD: 08/07/2014 – 08:26:59 – [] —-D C:\Program Files\PPriceChopp
PUP.iWebar [CrossRider] (2014/07/10) O2 – BHO: CrossriderApp0035510 [64Bits] – {11111111-1111-1111-1111-110311551110} . (.iWebar – iWebar BHO.) — C:\Program Files (x86)\iWebar\iWebar-bho.dll
[MD5.0CD0859FE71C924A352B1C686A910AAF] [APT] [e4183259-4b60-4232-af88-b64fbb747bff-1] (.iWebar.) — C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe [481648]
[MD5.FEBA3FE8968ED067CC0B9E32ED16C0E2] [APT] [e4183259-4b60-4232-af88-b64fbb747bff-2] (.iWebar.) — C:\Program Files (x86)\iWebar\e4183259-4b60-4232-af88-b64fbb747bff-2.exe [337776]
O42 – Logiciel: iWebar – (.iWebar.) [HKLM][64Bits] — iWebar
PUP.ObjectBrowser [CrossRider] (2014/07/09) G2 – GCE: Preference [User Data\Default] [kfgaibfbmkjgmimhbbaikfnpkkjkpoan] Object Browser v.1.26.183, (Activé)
O2 – BHO: CrossriderApp0048292 [64Bits] – {11111111-1111-1111-1111-110411821192} . (.Object Browser – Sense BHO.) — C:\Program Files (x86)\Sense\Sense-bho.dll
[MD5.1E877CF11D1CE1FA11C3423B99E50082] [APT] [71cc2990-a79e-4f3a-8c64-f26d3c6f8b4f-1] (.Object Browser.) — C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe [481648]
O42 – Logiciel: Object Browser – (.Object Browser.) [HKLM][64Bits] — Object Browser
[HKCR\CLSID\{11111111-1111-1111-1111-110311281150}] (Object Browser)
Adware.ShieldPlus (2014/07/09) [MD5.0F6598C52747AD1D7F9B8403B39BB06F] – (.Shield Plus – Shield Plus Process Application.) — C:\Users\Coolman\AppData\Local\ShieldPlus\spprt\spprt.exe [524800] [PID.1848]
O23 – Service: ShieldPlusService (Service) . (.Shield Plus – Shield Plus Service Application.) – C:\Users\Coolman\AppData\Local\ShieldPlus\spprt\spsvc.exe
O42 – Logiciel: Shield Plus – (.ShieldPlus..) [HKLM][64Bits] — spprt
HKCU\Software\ShieldPlus]
PUP.CrossRider (2014/07/08) G2 – GCE: Preference [User Data\Default] [mfhkgfigejkhikbkfkkglinnkfojkdek] Clock View v.0.1 (Activé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [Clock View]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.10_0\crossrider
PUP.CrossRider (2014/07/08) [MD5.6AE4B8216EAE73596002712D8D3A4212] [APT] [d90ab212-e251-4ec5-a58e-1818cf4ae995-1] (.HQ-Pro007.) — C:\Program Files\HQ-Pro-007\HQ-Pro-007-codedownloader.exe [511336]
[MD5.694D24D1A63D196C42062CA33FD562E6] [APT] [d90ab212-e251-4ec5-a58e-1818cf4ae995-2] (.HQ-Pro007.) — C:\Program Files\HQ-Pro-007\d90ab212-e251-4ec5-a58e-1818cf4ae995-2.exe [362856]
[HKCU\Software\AppDataLow\Software\HQ-Pro-007]
O43 – CFD: 11/06/2014 – 20:40:50 – [] —-D C:\Program Files\HQ-Pro-007
PUP.TopAppSoft (Adware) (2014/07/08) [MD5.1D283DD3AE2312EEE624E8B8C46F6ADB] [APT] [SO.Booster-S-5078429478] (…) — c:\programdata\topapp soft\so.booster\SO.Booster.exe [729600]
O39 – APT: SO.Booster-S-5078429478 – (…) — C:\Windows\Tasks\SO.Booster-S-5078429478.job [462]
O39 – APT: SO.Booster-S-5078429478 – (…) — C:\Windows\System32\Tasks\SO.Booster-S-5078429478 [462]
O43 – CFD: 30/05/2014 – 17:51:28 – [] —-D C:\ProgramData\TopApp soft
[HKLM\Software\SO.Booster]
PUP.HulaToo (Adware) (2014/07/07) O23 – Service: Update HulaToo (Update HulaToo) . (…) – C:\Program Files (x86)\HulaToo\updateHulaToo.exe
O23 – Service: Util HulaToo (Util HulaToo) . (…) – C:\Program Files (x86)\HulaToo\bin\utilHulaToo.exe
O42 – Logiciel: HulaToo – (.HulaToo.) [HKLM][64Bits] — HulaToo
[HKCU\Software\HulaToo]
O43 – CFD: 19/06/2014 – 04:20:40 – [] —-D C:\Program Files (x86)\HulaToo
Adware.FreeSoftToday (Spyware) (2014/07/07) [MD5.7C1139226D07DDBBA9D7B5917F760592] – (…) — C:\Program Files (x86)\fst_es_126\fst_es_126.exe [3981312] [PID.3076]
O4 – HKLM\..\Wow6432Node\Run: [fst_es_126] . (…) — C:\Program Files (x86)\fst_es_126\fst_es_126.exe
O43 – CFD: 17/06/2014 – 08:20:31 – [] —-D C:\Program Files (x86)\fst_es_126
O43 – CFD: 12/06/2014 – 08:28:36 – [] —-D C:\Users\Coolman\AppData\Local\fst_es_126
PUP.RockTurner (Hijacker) (2014/07/07) M0 – MFSP: prefs.js [Coolman – b4k2z1dt.default] http://rocket-find.com
M3 – MFPP: Plugins – [Coolman] — C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\b4k2z1dt.default\searchplugins\WSE Rocket.xml
R0 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com
R0 – HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com
PUP.InstallConverter (Adware) (2014/07/06) O42 – Logiciel: InstallConverter – (.InstallConverter.) [HKLM] — InstallConverter
O43 – CFD: 14/06/2014 – 23:08:01 – [] —-D C:\Program Files%5