Comment supprimer le Proxy serveur 127.0.0.1 [Fermé]

Signaler
Messages postés
7
Date d'inscription
vendredi 14 novembre 2014
Statut
Membre
Dernière intervention
2 février 2016
-
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
5 mai 2017
-
Je n'arrive pas à supprimer le proxy serveur 127.0.0.1. Même en configurant en détection automatique, il revient toujours

Merci de m'indiquer la procédure à suivre

Marius99999

5 réponses

Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
5 mai 2017
4 765
Salut,

▶ Télécharge ici : RogueKiller (choisir entre la version 32 et 64 bits selon ton Windows, si tu ne sais pas, demande moi!)
▶ Enregistre et ferme tous les programmes en cours
▶ Lance RogueKiller et attend que le Prescan ait fini
▶ Accepte l'EULA puis clique sur Scan.
▶ Une fois terminé, clique sur Rapport et copie/colle le rapport dans ta prochaine réponse.
2
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 63550 internautes nous ont dit merci ce mois-ci

Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
5 mai 2017
4 765
BONJOUR

Tu peux effectuer le nettoyage avec RogueKiller et poster le rapport.

Ensuite :

Télécharge ici : AdwCleaner (de Xplode)

▶ Lance-le.

▶ Lis et accepte le contrat d'utilisation.

▶ Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans le répertoire AdwCleaner de ton disque dur ( C:\AdwCleaner\AdwCleaner[x].txt) ou son contenu s'il s'ouvre.

Bonne soirée.
RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : Guillaume [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 01/29/2016 11:05:28

¤¤¤ Processus : 6 ¤¤¤
[Suspicious.Path|VT.Unknown] CGIDaemonTooltip.exe(1780) -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Generic6.CGQQ] win32wordProvider.exe(2340) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> Tué(e) [TermProc]
[VT.Unknown] FinderPerlWYSIWYG.exe(1212) -- C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.PUP.Optional.PrxySvrRST] fat32macroRecovery.exe(5424) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\fat32macroRecovery.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (SVC) CGIDaemonTooltip.exe -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> ERROR [41c]
[Suspicious.Path|VT.Generic6.CGQQ] (SVC) win32wordProvider.exe -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> ERROR [41c]

¤¤¤ Registre : 43 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Supprimé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Supprimé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Supprimé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Supprimé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Supprimé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] l8yfehcu.default : user_pref("network.proxy.type", 4); -> Non sélectionné

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNF256GMCS +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 226921 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 466452480 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 467374080 | Size: 11892 MB
6 - [MAN-MOUNT] Basic data partition | Offset (sectors): 491728896 | Size: 4096 MB
User = LL1 ... OK
User = LL2 ... OK
Pardon je me suis trompé de fichier:
Ci dessous le fichier AdwCleaner

# AdwCleaner v5.031 - Rapport créé le 29/01/2016 à 15:56:45
# Mis à jour le 25/01/2016 par Xplode
# Base de données : 2016-01-25.3 [Serveur]
# Système d'exploitation : Windows 8.1 (x64)
# Nom d'utilisateur : Guillaume - PC-GUILLAUME
# Exécuté depuis : C:\Users\Guillaume\Downloads\adwcleaner_5.031 (1).exe
# Option : Scanner
# Support : http://toolslib.net/forum
          • [ Services ] *****
          • [ Dossiers ] *****
          • [ Fichiers ] *****
          • [ DLL ] *****
          • [ Raccourcis ] *****
          • [ Tâches planifiées ] *****
          • [ Registre ] *****


Clé Trouvée : HKLM\SOFTWARE\Upt
          • [ Navigateurs ] *****



########## EOF - C:\AdwCleaner\AdwCleaner[S25].txt - [666 octets] ##########
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
5 mai 2017
4 765
Bonjour,

Comment se porte le PC ?

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Installe le (choisis bien français ); ne modifie pas les paramètres d'installation !

▶ Décoche la case Activer l'essai gratuit de Malwarebytes Anti-Malware Premium à la fin de l'installation

/!\ Utilisateurs de Vista/7/8/8.1 : faire un clic droit sur le raccourci de MalwareBytes' Anti-Malware et choisir Exécuter en tant qu'administrateur

▶ Clique sur Mettre à jour dans le Tableau de bord afin de mettre à jour la base de données.

▶ Dans l'onglet Examen, sélectionne Examen Menaces puis clique sur Examiner maintenant.

▶ Une fois le scan terminé, clique sur Tout mettre en quarantaine puis sur Appliquez les actions

Si un message demande de redémarrer le PC pour terminer la suppression, accepte

▶ Le rapport est disponible dans Historique -> Journaux de l'application. (Choisis bien le dernier en date)

Tu sélectionnes le fichier et tu demandes l'affichage
En bas à gauche un bouton exporter ; tu cliques dessus et tu choisis "fichier texte" et tu choisis ensuite où l'enregistrer pour ensuite pouvoir le poster dans ta prochaine réponse.

A+
Messages postés
7
Date d'inscription
vendredi 14 novembre 2014
Statut
Membre
Dernière intervention
2 février 2016

Le PC se comporte mieux. Le proxy serveur 127.0.0.1 a été supprimé et nous sommes revenus à détection automatique des paramètres de connexion. Merci
Il y a toujours des pop-ups (Pubs?) mais qui sont bloqués par le logiciel AdBlock Plus.

Ci-dessous le journal d'analyse
Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 01/02/2016
Heure de l'analyse: 19:23
Fichier journal: Journal d'analyse 2016-02-01.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.02.01.06
Base de données de rootkits: v2016.01.20.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Guillaume

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 437954
Temps écoulé: 51 min, 11 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 2
Adware.Pirrit, C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe, 12668, Supprimer au redémarrage, [e7a33a212673de585acc28ac5fa25fa1]
PUP.Optional.Obrona.PrxySvrRST, C:\Program Files (x86)\PopApp\rasplapits32.exe, 552, Supprimer au redémarrage, [771366f52178a88e32a0c97e9e66e020]

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 64
Adware.Pirrit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FinderPerlWYSIWYG, En quarantaine, [e7a33a212673de585acc28ac5fa25fa1],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, En quarantaine, [751577e4f1a89f973c40543f2fd38f71],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, En quarantaine, [b8d20457990079bd58241a799d6550b0],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, En quarantaine, [96f40853f5a478be3f3d6330d52df20e],
PUP.Optional.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FAT32MACRORECOVERY.EXE, En quarantaine, [ed9db9a2c9d00c2a1c7efb1d4ab70ff1],
PUP.Optional.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FAT32MACRORECOVERY.EXE, En quarantaine, [ed9db9a2c9d00c2a1c7efb1d4ab70ff1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C636C57-F979-4BDF-997A-42461626F208}, En quarantaine, [0b7f9ac17722082e2a3a49839172fa06],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F06F22-50F6-432B-BD51-547E2E9FCA4C}, En quarantaine, [2565bba05445d1650361ca02649f2fd1],
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, En quarantaine, [eaa0df7c8b0eb6807afa70c40ff5c13f],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C636C57-F979-4BDF-997A-42461626F208}, En quarantaine, [ee9c86d5970221153232f9d30102cf31],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F06F22-50F6-432B-BD51-547E2E9FCA4C}, En quarantaine, [e9a1cd8ed4c567cfe3819c308a7904fc],
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, En quarantaine, [fc8e0e4d2e6bf046a4d0bd77966ed62a],
PUP.Optional.Obrona.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PAPPSERVICE, En quarantaine, [771366f52178a88e32a0c97e9e66e020],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C636C57-F979-4BDF-997A-42461626F208}, En quarantaine, [92f8bba06b2e53e37cc7824af60da25e],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{227E1A02-2F5D-4EF6-B81A-AFDAFDC85EA2}, En quarantaine, [2f5b5dfe455458dea79ebc1042c145bb],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2377982A-3928-426E-B147-2496E9A92255}, En quarantaine, [9eec2a314f4a9c9aa0a5e4e81de68a76],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27120728-88C3-47F0-B174-AA9B7E7FA93F}, En quarantaine, [c2c8d78488119a9c2e1626a6fb0816ea],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E1123CA-F0DC-45C1-8D9A-A51C1E189F98}, En quarantaine, [0c7eec6fdcbdff374bf90fbd63a0b050],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E136F1-F8C6-4501-99DA-23806ED2A59D}, En quarantaine, [0981c992e2b7de5881c407c5c34037c9],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E16BA8-3ED8-46E2-ACDE-1DE69F1E4E46}, En quarantaine, [55358ad1a9f0f5419ca912ba7291bb45],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{357B868A-97E3-45B6-8E5A-3C838760AEFA}, En quarantaine, [e9a1fc5fff9a5dd9fb49a626de255da3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38D12421-6F20-41DF-86C6-AA63154AA090}, En quarantaine, [22681f3c3e5b73c3ec587e4e7291f10f],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DD0C5BA-D36F-46D8-B4C5-91CB8E25ECE2}, En quarantaine, [87037ae132670d2914309d2f20e3dd23],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4364C94B-AF2B-4B66-B4D2-67A586A6A83D}, En quarantaine, [9eec77e44c4d2a0c370e4a82bc4744bc],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F06F22-50F6-432B-BD51-547E2E9FCA4C}, En quarantaine, [99f1500b1b7e8da94df6a02ccd36748c],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{48C1295B-9661-4DA7-8DB0-2247B7A6D8BA}, En quarantaine, [c9c1ff5c7b1e67cfd56f49835ba806fa],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51F95670-ABEF-4489-A27F-92706F605AD0}, En quarantaine, [32589bc039607fb70441bf0d818212ee],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F358DA-1FA6-4268-858C-E3ECA79D1FDB}, En quarantaine, [a5e53a21f1a8c76fa2a2c705be457888],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BA9C428-6686-4BB7-A56D-8FD4F42DFFDE}, En quarantaine, [6822530874258da947fd7953d42fb848],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{651EAF39-749D-4BA2-8B46-25C9C7D07CE8}, En quarantaine, [eb9f26357b1e0531c58005c741c2cb35],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{656E0590-7BCC-4482-847A-2966EDE1FE16}, En quarantaine, [5337a7b4fc9d36000045c804a16248b8],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DEBA5D7-CBC8-459D-9830-671CD57E5AE1}, En quarantaine, [a5e5411a0693a393291c725a1ee59868],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7A6F233A-F36D-4F9E-9944-E4EA83A9F279}, En quarantaine, [266484d71c7d2e08d2731daf46bd4eb2],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BB222CC-63D4-42E6-A041-D5D0C3B03092}, En quarantaine, [eb9f97c43366a09646fed2fade254fb1],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8377C7E4-7BF5-4715-B284-A54D61A3991E}, En quarantaine, [4d3d8ecd6d2c8fa787bda5277a8909f7],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8EA8D312-5D21-4160-8E22-D683E2839124}, En quarantaine, [533760fbdabf3cfa8eb73993669db848],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A24CD10F-97F8-4C2A-A287-605EA8331D51}, En quarantaine, [74169bc0534652e477cdba12d231a15f],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A767DC0B-93FC-495E-B360-EB5EF928845A}, En quarantaine, [7a10b5a62079350161e407c5946fa65a],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADE13786-2B35-4FA5-96EB-1176E4D7605A}, En quarantaine, [98f2adae2b6e55e1a69ec5071fe428d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE91B67A-3981-4367-8358-E7BECB5E463D}, En quarantaine, [850594c7dfba73c359eb24a828dbf20e],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B68E0984-2CDF-4991-A02B-2A7992D3C2BE}, En quarantaine, [0f7b2f2c1e7b1e1876cf12ba6e95da26],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD82C1CD-3DA8-4AE7-89D5-12ADAF9513A9}, En quarantaine, [4248cf8c7c1de2549da88b414db650b0],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF9F75BC-D51E-4858-84AF-3ED85E774368}, En quarantaine, [5e2cd388f8a137ff49fb25a77291a858],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D06E13-6B00-466E-B64A-E86B383B189F}, En quarantaine, [2c5e72e957428fa7004544886a991de3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D180A2CC-FA1F-4E4C-8DB0-16F833179DC0}, En quarantaine, [0b7f25364950dc5a410348847291659b],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1C1A6AE-F667-47E7-A9ED-84322D80A5B3}, En quarantaine, [cebc86d55f3af93d63e107c50ff4b848],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D580B85C-E8A4-4105-8DE7-A46AECC35453}, En quarantaine, [88021546b4e5cb6b67de418b679cba46],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D67CB258-4865-437E-B1CD-B17ED3715367}, En quarantaine, [2c5e97c43d5c2d09f54fbf0d1de61de3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E63BA36B-7087-4E36-B820-7A204AE06C2C}, En quarantaine, [36540a51792081b5f74d17b58c779f61],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E94E6946-9DB0-4547-B22B-4ED3AD60953D}, En quarantaine, [028853083564bc7a9ca823a9946ffe02],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0D7707C-30E4-4467-B593-26A42B711D22}, En quarantaine, [1971abb03f5a3501182c448861a255ab],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5020665-FA0B-4372-BB63-4A49B4471558}, En quarantaine, [45450b50b5e42d09dd67f9d3dc2729d7],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8FAF067-B9D5-46FF-9FED-A1966399156A}, En quarantaine, [e8a23d1e405947ef79cb5c708f74d52b],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F93D01F4-C157-4F95-B57D-C85EDBAF5EF3}, En quarantaine, [bdcd372401983ff75ce8408c2cd79a66],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD7B5017-C3ED-40F9-B991-7968C23C7542}, En quarantaine, [543685d6217857dfcd773e8e55ae39c7],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF7D2330-F773-408E-A4A4-5297E9285121}, En quarantaine, [18725dfe0990c472a69f616b51b2ca36],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA3512E-2640-46F7-B4FA-9EDF3A83A1CE}, En quarantaine, [a6e452098712ae88152f25a7996a7b85],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\Crossrider, En quarantaine, [fc8e84d738614de95ff679bee32143bd],

Valeurs du Registre: 51
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c636c57-f979-4bdf-997a-42461626f208}|AppName, videos MediaPlay-Air-bg.exe, En quarantaine, [0b7f9ac17722082e2a3a49839172fa06]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44f06f22-50f6-432b-bd51-547e2e9fca4c}|AppName, HQPureV1.8-bg.exe, En quarantaine, [2565bba05445d1650361ca02649f2fd1]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [eaa0df7c8b0eb6807afa70c40ff5c13f]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c636c57-f979-4bdf-997a-42461626f208}|AppName, videos MediaPlay-Air-bg.exe, En quarantaine, [ee9c86d5970221153232f9d30102cf31]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44f06f22-50f6-432b-bd51-547e2e9fca4c}|AppName, HQPureV1.8-bg.exe, En quarantaine, [e9a1cd8ed4c567cfe3819c308a7904fc]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [fc8e0e4d2e6bf046a4d0bd77966ed62a]
PUP.Optional.Obrona.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PAPPSERVICE|ImagePath, C:\Program Files (x86)\PopApp\rasplapits32.exe, En quarantaine, [771366f52178a88e32a0c97e9e66e020]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c636c57-f979-4bdf-997a-42461626f208}|AppName, videos MediaPlay-Air-bg.exe, En quarantaine, [92f8bba06b2e53e37cc7824af60da25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{227E1A02-2F5D-4EF6-B81A-AFDAFDC85EA2}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [2f5b5dfe455458dea79ebc1042c145bb]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2377982A-3928-426E-B147-2496E9A92255}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [9eec2a314f4a9c9aa0a5e4e81de68a76]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27120728-88C3-47F0-B174-AA9B7E7FA93F}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [c2c8d78488119a9c2e1626a6fb0816ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E1123CA-F0DC-45C1-8D9A-A51C1E189F98}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [0c7eec6fdcbdff374bf90fbd63a0b050]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E136F1-F8C6-4501-99DA-23806ED2A59D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [0981c992e2b7de5881c407c5c34037c9]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E16BA8-3ED8-46E2-ACDE-1DE69F1E4E46}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [55358ad1a9f0f5419ca912ba7291bb45]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{357B868A-97E3-45B6-8E5A-3C838760AEFA}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [e9a1fc5fff9a5dd9fb49a626de255da3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38D12421-6F20-41DF-86C6-AA63154AA090}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [22681f3c3e5b73c3ec587e4e7291f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DD0C5BA-D36F-46D8-B4C5-91CB8E25ECE2}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [87037ae132670d2914309d2f20e3dd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4364C94B-AF2B-4B66-B4D2-67A586A6A83D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [9eec77e44c4d2a0c370e4a82bc4744bc]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44f06f22-50f6-432b-bd51-547e2e9fca4c}|AppName, HQPureV1.8-bg.exe, En quarantaine, [99f1500b1b7e8da94df6a02ccd36748c]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{48C1295B-9661-4DA7-8DB0-2247B7A6D8BA}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [c9c1ff5c7b1e67cfd56f49835ba806fa]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51F95670-ABEF-4489-A27F-92706F605AD0}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [32589bc039607fb70441bf0d818212ee]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F358DA-1FA6-4268-858C-E3ECA79D1FDB}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [a5e53a21f1a8c76fa2a2c705be457888]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BA9C428-6686-4BB7-A56D-8FD4F42DFFDE}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [6822530874258da947fd7953d42fb848]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{651EAF39-749D-4BA2-8B46-25C9C7D07CE8}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [eb9f26357b1e0531c58005c741c2cb35]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{656E0590-7BCC-4482-847A-2966EDE1FE16}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [5337a7b4fc9d36000045c804a16248b8]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DEBA5D7-CBC8-459D-9830-671CD57E5AE1}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [a5e5411a0693a393291c725a1ee59868]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7a6f233a-f36d-4f9e-9944-e4ea83a9f279}|AppName, HQPureV1.8-codedownloader.exe, En quarantaine, [266484d71c7d2e08d2731daf46bd4eb2]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BB222CC-63D4-42E6-A041-D5D0C3B03092}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [eb9f97c43366a09646fed2fade254fb1]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8377C7E4-7BF5-4715-B284-A54D61A3991E}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [4d3d8ecd6d2c8fa787bda5277a8909f7]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8EA8D312-5D21-4160-8E22-D683E2839124}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [533760fbdabf3cfa8eb73993669db848]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A24CD10F-97F8-4C2A-A287-605EA8331D51}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [74169bc0534652e477cdba12d231a15f]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a767dc0b-93fc-495e-b360-eb5ef928845a}|AppName, videos MediaPlay-Air-codedownloader.exe, En quarantaine, [7a10b5a62079350161e407c5946fa65a]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADE13786-2B35-4FA5-96EB-1176E4D7605A}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [98f2adae2b6e55e1a69ec5071fe428d8]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE91B67A-3981-4367-8358-E7BECB5E463D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [850594c7dfba73c359eb24a828dbf20e]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B68E0984-2CDF-4991-A02B-2A7992D3C2BE}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [0f7b2f2c1e7b1e1876cf12ba6e95da26]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD82C1CD-3DA8-4AE7-89D5-12ADAF9513A9}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [4248cf8c7c1de2549da88b414db650b0]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF9F75BC-D51E-4858-84AF-3ED85E774368}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [5e2cd388f8a137ff49fb25a77291a858]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D06E13-6B00-466E-B64A-E86B383B189F}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [2c5e72e957428fa7004544886a991de3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D180A2CC-FA1F-4E4C-8DB0-16F833179DC0}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [0b7f25364950dc5a410348847291659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1C1A6AE-F667-47E7-A9ED-84322D80A5B3}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [cebc86d55f3af93d63e107c50ff4b848]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D580B85C-E8A4-4105-8DE7-A46AECC35453}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [88021546b4e5cb6b67de418b679cba46]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D67CB258-4865-437E-B1CD-B17ED3715367}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [2c5e97c43d5c2d09f54fbf0d1de61de3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E63BA36B-7087-4E36-B820-7A204AE06C2C}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [36540a51792081b5f74d17b58c779f61]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E94E6946-9DB0-4547-B22B-4ED3AD60953D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [028853083564bc7a9ca823a9946ffe02]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0D7707C-30E4-4467-B593-26A42B711D22}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [1971abb03f5a3501182c448861a255ab]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5020665-FA0B-4372-BB63-4A49B4471558}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [45450b50b5e42d09dd67f9d3dc2729d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8FAF067-B9D5-46FF-9FED-A1966399156A}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [e8a23d1e405947ef79cb5c708f74d52b]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F93D01F4-C157-4F95-B57D-C85EDBAF5EF3}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [bdcd372401983ff75ce8408c2cd79a66]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD7B5017-C3ED-40F9-B991-7968C23C7542}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [543685d6217857dfcd773e8e55ae39c7]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF7D2330-F773-408E-A4A4-5297E9285121}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [18725dfe0990c472a69f616b51b2ca36]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA3512E-2640-46F7-B4FA-9EDF3A83A1CE}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [a6e452098712ae88152f25a7996a7b85]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 12
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],

Fichiers: 36
Adware.Pirrit, C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe, Supprimer au redémarrage, [e7a33a212673de585acc28ac5fa25fa1],
PUP.Optional.OutBrowse, C:\Users\Guillaume\Downloads\Installation.exe, En quarantaine, [bcce91ca0891a78f59faa44c55acb14f],
PUP.Optional.PrxySvrRST, C:\Users\Guillaume\AppData\Local\win32wordProvider\fat32macroRecovery.exe, En quarantaine, [ed9db9a2c9d00c2a1c7efb1d4ab70ff1],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.UptUpdater, C:\Windows\Temp\UptUpdater.exe, En quarantaine, [fd8d42196d2c7abc91d5f405659e1ee2],
PUP.Optional.Wauctla, C:\Windows\wauctla.exe, En quarantaine, [ee9c55061089320463ed7388cd3602fe],
PUP.Optional.Obrona.PrxySvrRST, C:\Program Files (x86)\PopApp\rasplapits32.exe, Supprimer au redémarrage, [771366f52178a88e32a0c97e9e66e020],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)
Messages postés
7
Date d'inscription
vendredi 14 novembre 2014
Statut
Membre
Dernière intervention
2 février 2016

RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Gratuit) par Adlice Software
email : https://www.adlice.com/contact/
Remontées : https://forum.adlice.com/
Site web : https://www.adlice.com/fr/roguekiller/
Blog : https://www.adlice.com/

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : Guillaume [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/28/2016 07:10:18

¤¤¤ Processus : 6 ¤¤¤
[Suspicious.Path|VT.Unknown] CGIDaemonTooltip.exe(1780) -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Generic6.CGQQ] win32wordProvider.exe(2340) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> Tué(e) [TermProc]
[VT.Unknown] FinderPerlWYSIWYG.exe(1212) -- C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.PUP.Optional.PrxySvrRST] fat32macroRecovery.exe(5424) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\fat32macroRecovery.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (SVC) CGIDaemonTooltip.exe -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> ERROR [41c]
[Suspicious.Path|VT.Generic6.CGQQ] (SVC) win32wordProvider.exe -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> ERROR [41c]

¤¤¤ Registre : 43 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Trouvé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Trouvé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] l8yfehcu.default : user_pref("network.proxy.type", 4); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNF256GMCS +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 226921 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 466452480 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 467374080 | Size: 11892 MB
6 - [MAN-MOUNT] Basic data partition | Offset (sectors): 491728896 | Size: 4096 MB
User = LL1 ... OK
User = LL2 ... OK
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
5 mai 2017
4 765
Hello,

Magnifique, le nettoyage est fini, reste le final :

Passe un coup de delfix en cochant toutes cases : https://www.commentcamarche.net/download/telecharger-34079650-delfix

~~

Fais des scans réguliers avec Malwarebytes, il est efficace.

~~
IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite

~~

Attention à ce que tu installes à l'avenir :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme S0ft0nic.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installé des barres d'outils sans le savoir.

Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/

Passe le mot à tes amis !

~~

Bonne lecture et n'oublie pas d'indiquer que ton sujet est résolu :)


Bonne soirée ...

Julien