Sujet Précédent Sujet Suivant

Comment supprimer le Proxy serveur 127.0.0.1

Fermé
marius99999 Messages postés 7 Date d'inscription vendredi 14 novembre 2014 Statut Membre Dernière intervention 2 février 2016 - 27 janv. 2016 à 18:12
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 - 2 févr. 2016 à 19:11
Je n'arrive pas à supprimer le proxy serveur 127.0.0.1. Même en configurant en détection automatique, il revient toujours

Merci de m'indiquer la procédure à suivre

Marius99999

5 réponses

Réponse 1 / 5
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 4 795
27 janv. 2016 à 21:14
Salut,

▶ Télécharge ici : RogueKiller (choisir entre la version 32 et 64 bits selon ton Windows, si tu ne sais pas, demande moi!)
▶ Enregistre et ferme tous les programmes en cours
▶ Lance RogueKiller et attend que le Prescan ait fini
▶ Accepte l'EULA puis clique sur Scan.
▶ Une fois terminé, clique sur Rapport et copie/colle le rapport dans ta prochaine réponse.
2
Réponse 2 / 5
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 4 795
28 janv. 2016 à 18:33
BONJOUR

Tu peux effectuer le nettoyage avec RogueKiller et poster le rapport.

Ensuite :

Télécharge ici : AdwCleaner (de Xplode)

▶ Lance-le.

▶ Lis et accepte le contrat d'utilisation.

▶ Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans le répertoire AdwCleaner de ton disque dur ( C:\AdwCleaner\AdwCleaner[x].txt) ou son contenu s'il s'ouvre.

Bonne soirée.
1
marius99999
29 janv. 2016 à 14:11
RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : Guillaume [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 01/29/2016 11:05:28

¤¤¤ Processus : 6 ¤¤¤
[Suspicious.Path|VT.Unknown] CGIDaemonTooltip.exe(1780) -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Generic6.CGQQ] win32wordProvider.exe(2340) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> Tué(e) [TermProc]
[VT.Unknown] FinderPerlWYSIWYG.exe(1212) -- C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.PUP.Optional.PrxySvrRST] fat32macroRecovery.exe(5424) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\fat32macroRecovery.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (SVC) CGIDaemonTooltip.exe -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> ERROR [41c]
[Suspicious.Path|VT.Generic6.CGQQ] (SVC) win32wordProvider.exe -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> ERROR [41c]

¤¤¤ Registre : 43 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Supprimé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Supprimé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Supprimé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Supprimé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Supprimé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Remplacé(e) ()

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] l8yfehcu.default : user_pref("network.proxy.type", 4); -> Non sélectionné

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNF256GMCS +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 226921 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 466452480 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 467374080 | Size: 11892 MB
6 - [MAN-MOUNT] Basic data partition | Offset (sectors): 491728896 | Size: 4096 MB
User = LL1 ... OK
User = LL2 ... OK
0
marius99999
31 janv. 2016 à 16:18
Pardon je me suis trompé de fichier:
Ci dessous le fichier AdwCleaner

# AdwCleaner v5.031 - Rapport créé le 29/01/2016 à 15:56:45
# Mis à jour le 25/01/2016 par Xplode
# Base de données : 2016-01-25.3 [Serveur]
# Système d'exploitation : Windows 8.1 (x64)
# Nom d'utilisateur : Guillaume - PC-GUILLAUME
# Exécuté depuis : C:\Users\Guillaume\Downloads\adwcleaner_5.031 (1).exe
# Option : Scanner
# Support : http://toolslib.net/forum
          • [ Services ] *****
          • [ Dossiers ] *****
          • [ Fichiers ] *****
          • [ DLL ] *****
          • [ Raccourcis ] *****
          • [ Tâches planifiées ] *****
          • [ Registre ] *****


Clé Trouvée : HKLM\SOFTWARE\Upt
          • [ Navigateurs ] *****



########## EOF - C:\AdwCleaner\AdwCleaner[S25].txt - [666 octets] ##########
0
Réponse 3 / 5
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 4 795
1 févr. 2016 à 19:23
Bonjour,

Comment se porte le PC ?

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Installe le (choisis bien français ); ne modifie pas les paramètres d'installation !

▶ Décoche la case Activer l'essai gratuit de Malwarebytes Anti-Malware Premium à la fin de l'installation

/!\ Utilisateurs de Vista/7/8/8.1 : faire un clic droit sur le raccourci de MalwareBytes' Anti-Malware et choisir Exécuter en tant qu'administrateur

▶ Clique sur Mettre à jour dans le Tableau de bord afin de mettre à jour la base de données.

▶ Dans l'onglet Examen, sélectionne Examen Menaces puis clique sur Examiner maintenant.

▶ Une fois le scan terminé, clique sur Tout mettre en quarantaine puis sur Appliquez les actions

Si un message demande de redémarrer le PC pour terminer la suppression, accepte

▶ Le rapport est disponible dans Historique -> Journaux de l'application. (Choisis bien le dernier en date)

Tu sélectionnes le fichier et tu demandes l'affichage
En bas à gauche un bouton exporter ; tu cliques dessus et tu choisis "fichier texte" et tu choisis ensuite où l'enregistrer pour ensuite pouvoir le poster dans ta prochaine réponse.

A+
1
marius99999 Messages postés 7 Date d'inscription vendredi 14 novembre 2014 Statut Membre Dernière intervention 2 février 2016
2 févr. 2016 à 11:29
Le PC se comporte mieux. Le proxy serveur 127.0.0.1 a été supprimé et nous sommes revenus à détection automatique des paramètres de connexion. Merci
Il y a toujours des pop-ups (Pubs?) mais qui sont bloqués par le logiciel AdBlock Plus.

Ci-dessous le journal d'analyse
Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 01/02/2016
Heure de l'analyse: 19:23
Fichier journal: Journal d'analyse 2016-02-01.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.02.01.06
Base de données de rootkits: v2016.01.20.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Guillaume

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 437954
Temps écoulé: 51 min, 11 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 2
Adware.Pirrit, C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe, 12668, Supprimer au redémarrage, [e7a33a212673de585acc28ac5fa25fa1]
PUP.Optional.Obrona.PrxySvrRST, C:\Program Files (x86)\PopApp\rasplapits32.exe, 552, Supprimer au redémarrage, [771366f52178a88e32a0c97e9e66e020]

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 64
Adware.Pirrit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FinderPerlWYSIWYG, En quarantaine, [e7a33a212673de585acc28ac5fa25fa1],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, En quarantaine, [751577e4f1a89f973c40543f2fd38f71],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, En quarantaine, [b2d8f6654d4c5dd9621ae3b08f73a65a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, En quarantaine, [b8d20457990079bd58241a799d6550b0],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, En quarantaine, [96f40853f5a478be3f3d6330d52df20e],
PUP.Optional.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FAT32MACRORECOVERY.EXE, En quarantaine, [ed9db9a2c9d00c2a1c7efb1d4ab70ff1],
PUP.Optional.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FAT32MACRORECOVERY.EXE, En quarantaine, [ed9db9a2c9d00c2a1c7efb1d4ab70ff1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C636C57-F979-4BDF-997A-42461626F208}, En quarantaine, [0b7f9ac17722082e2a3a49839172fa06],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F06F22-50F6-432B-BD51-547E2E9FCA4C}, En quarantaine, [2565bba05445d1650361ca02649f2fd1],
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, En quarantaine, [eaa0df7c8b0eb6807afa70c40ff5c13f],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C636C57-F979-4BDF-997A-42461626F208}, En quarantaine, [ee9c86d5970221153232f9d30102cf31],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F06F22-50F6-432B-BD51-547E2E9FCA4C}, En quarantaine, [e9a1cd8ed4c567cfe3819c308a7904fc],
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, En quarantaine, [fc8e0e4d2e6bf046a4d0bd77966ed62a],
PUP.Optional.Obrona.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PAPPSERVICE, En quarantaine, [771366f52178a88e32a0c97e9e66e020],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C636C57-F979-4BDF-997A-42461626F208}, En quarantaine, [92f8bba06b2e53e37cc7824af60da25e],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{227E1A02-2F5D-4EF6-B81A-AFDAFDC85EA2}, En quarantaine, [2f5b5dfe455458dea79ebc1042c145bb],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2377982A-3928-426E-B147-2496E9A92255}, En quarantaine, [9eec2a314f4a9c9aa0a5e4e81de68a76],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27120728-88C3-47F0-B174-AA9B7E7FA93F}, En quarantaine, [c2c8d78488119a9c2e1626a6fb0816ea],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E1123CA-F0DC-45C1-8D9A-A51C1E189F98}, En quarantaine, [0c7eec6fdcbdff374bf90fbd63a0b050],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E136F1-F8C6-4501-99DA-23806ED2A59D}, En quarantaine, [0981c992e2b7de5881c407c5c34037c9],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E16BA8-3ED8-46E2-ACDE-1DE69F1E4E46}, En quarantaine, [55358ad1a9f0f5419ca912ba7291bb45],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{357B868A-97E3-45B6-8E5A-3C838760AEFA}, En quarantaine, [e9a1fc5fff9a5dd9fb49a626de255da3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38D12421-6F20-41DF-86C6-AA63154AA090}, En quarantaine, [22681f3c3e5b73c3ec587e4e7291f10f],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DD0C5BA-D36F-46D8-B4C5-91CB8E25ECE2}, En quarantaine, [87037ae132670d2914309d2f20e3dd23],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4364C94B-AF2B-4B66-B4D2-67A586A6A83D}, En quarantaine, [9eec77e44c4d2a0c370e4a82bc4744bc],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F06F22-50F6-432B-BD51-547E2E9FCA4C}, En quarantaine, [99f1500b1b7e8da94df6a02ccd36748c],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{48C1295B-9661-4DA7-8DB0-2247B7A6D8BA}, En quarantaine, [c9c1ff5c7b1e67cfd56f49835ba806fa],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51F95670-ABEF-4489-A27F-92706F605AD0}, En quarantaine, [32589bc039607fb70441bf0d818212ee],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F358DA-1FA6-4268-858C-E3ECA79D1FDB}, En quarantaine, [a5e53a21f1a8c76fa2a2c705be457888],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BA9C428-6686-4BB7-A56D-8FD4F42DFFDE}, En quarantaine, [6822530874258da947fd7953d42fb848],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{651EAF39-749D-4BA2-8B46-25C9C7D07CE8}, En quarantaine, [eb9f26357b1e0531c58005c741c2cb35],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{656E0590-7BCC-4482-847A-2966EDE1FE16}, En quarantaine, [5337a7b4fc9d36000045c804a16248b8],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DEBA5D7-CBC8-459D-9830-671CD57E5AE1}, En quarantaine, [a5e5411a0693a393291c725a1ee59868],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7A6F233A-F36D-4F9E-9944-E4EA83A9F279}, En quarantaine, [266484d71c7d2e08d2731daf46bd4eb2],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BB222CC-63D4-42E6-A041-D5D0C3B03092}, En quarantaine, [eb9f97c43366a09646fed2fade254fb1],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8377C7E4-7BF5-4715-B284-A54D61A3991E}, En quarantaine, [4d3d8ecd6d2c8fa787bda5277a8909f7],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8EA8D312-5D21-4160-8E22-D683E2839124}, En quarantaine, [533760fbdabf3cfa8eb73993669db848],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A24CD10F-97F8-4C2A-A287-605EA8331D51}, En quarantaine, [74169bc0534652e477cdba12d231a15f],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A767DC0B-93FC-495E-B360-EB5EF928845A}, En quarantaine, [7a10b5a62079350161e407c5946fa65a],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADE13786-2B35-4FA5-96EB-1176E4D7605A}, En quarantaine, [98f2adae2b6e55e1a69ec5071fe428d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE91B67A-3981-4367-8358-E7BECB5E463D}, En quarantaine, [850594c7dfba73c359eb24a828dbf20e],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B68E0984-2CDF-4991-A02B-2A7992D3C2BE}, En quarantaine, [0f7b2f2c1e7b1e1876cf12ba6e95da26],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD82C1CD-3DA8-4AE7-89D5-12ADAF9513A9}, En quarantaine, [4248cf8c7c1de2549da88b414db650b0],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF9F75BC-D51E-4858-84AF-3ED85E774368}, En quarantaine, [5e2cd388f8a137ff49fb25a77291a858],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D06E13-6B00-466E-B64A-E86B383B189F}, En quarantaine, [2c5e72e957428fa7004544886a991de3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D180A2CC-FA1F-4E4C-8DB0-16F833179DC0}, En quarantaine, [0b7f25364950dc5a410348847291659b],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1C1A6AE-F667-47E7-A9ED-84322D80A5B3}, En quarantaine, [cebc86d55f3af93d63e107c50ff4b848],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D580B85C-E8A4-4105-8DE7-A46AECC35453}, En quarantaine, [88021546b4e5cb6b67de418b679cba46],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D67CB258-4865-437E-B1CD-B17ED3715367}, En quarantaine, [2c5e97c43d5c2d09f54fbf0d1de61de3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E63BA36B-7087-4E36-B820-7A204AE06C2C}, En quarantaine, [36540a51792081b5f74d17b58c779f61],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E94E6946-9DB0-4547-B22B-4ED3AD60953D}, En quarantaine, [028853083564bc7a9ca823a9946ffe02],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0D7707C-30E4-4467-B593-26A42B711D22}, En quarantaine, [1971abb03f5a3501182c448861a255ab],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5020665-FA0B-4372-BB63-4A49B4471558}, En quarantaine, [45450b50b5e42d09dd67f9d3dc2729d7],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8FAF067-B9D5-46FF-9FED-A1966399156A}, En quarantaine, [e8a23d1e405947ef79cb5c708f74d52b],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F93D01F4-C157-4F95-B57D-C85EDBAF5EF3}, En quarantaine, [bdcd372401983ff75ce8408c2cd79a66],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD7B5017-C3ED-40F9-B991-7968C23C7542}, En quarantaine, [543685d6217857dfcd773e8e55ae39c7],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF7D2330-F773-408E-A4A4-5297E9285121}, En quarantaine, [18725dfe0990c472a69f616b51b2ca36],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA3512E-2640-46F7-B4FA-9EDF3A83A1CE}, En quarantaine, [a6e452098712ae88152f25a7996a7b85],
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\Crossrider, En quarantaine, [fc8e84d738614de95ff679bee32143bd],

Valeurs du Registre: 51
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c636c57-f979-4bdf-997a-42461626f208}|AppName, videos MediaPlay-Air-bg.exe, En quarantaine, [0b7f9ac17722082e2a3a49839172fa06]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44f06f22-50f6-432b-bd51-547e2e9fca4c}|AppName, HQPureV1.8-bg.exe, En quarantaine, [2565bba05445d1650361ca02649f2fd1]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [eaa0df7c8b0eb6807afa70c40ff5c13f]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c636c57-f979-4bdf-997a-42461626f208}|AppName, videos MediaPlay-Air-bg.exe, En quarantaine, [ee9c86d5970221153232f9d30102cf31]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44f06f22-50f6-432b-bd51-547e2e9fca4c}|AppName, HQPureV1.8-bg.exe, En quarantaine, [e9a1cd8ed4c567cfe3819c308a7904fc]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [fc8e0e4d2e6bf046a4d0bd77966ed62a]
PUP.Optional.Obrona.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PAPPSERVICE|ImagePath, C:\Program Files (x86)\PopApp\rasplapits32.exe, En quarantaine, [771366f52178a88e32a0c97e9e66e020]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c636c57-f979-4bdf-997a-42461626f208}|AppName, videos MediaPlay-Air-bg.exe, En quarantaine, [92f8bba06b2e53e37cc7824af60da25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{227E1A02-2F5D-4EF6-B81A-AFDAFDC85EA2}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [2f5b5dfe455458dea79ebc1042c145bb]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2377982A-3928-426E-B147-2496E9A92255}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [9eec2a314f4a9c9aa0a5e4e81de68a76]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27120728-88C3-47F0-B174-AA9B7E7FA93F}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [c2c8d78488119a9c2e1626a6fb0816ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E1123CA-F0DC-45C1-8D9A-A51C1E189F98}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [0c7eec6fdcbdff374bf90fbd63a0b050]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E136F1-F8C6-4501-99DA-23806ED2A59D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [0981c992e2b7de5881c407c5c34037c9]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33E16BA8-3ED8-46E2-ACDE-1DE69F1E4E46}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [55358ad1a9f0f5419ca912ba7291bb45]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{357B868A-97E3-45B6-8E5A-3C838760AEFA}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [e9a1fc5fff9a5dd9fb49a626de255da3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38D12421-6F20-41DF-86C6-AA63154AA090}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [22681f3c3e5b73c3ec587e4e7291f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DD0C5BA-D36F-46D8-B4C5-91CB8E25ECE2}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [87037ae132670d2914309d2f20e3dd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4364C94B-AF2B-4B66-B4D2-67A586A6A83D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [9eec77e44c4d2a0c370e4a82bc4744bc]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44f06f22-50f6-432b-bd51-547e2e9fca4c}|AppName, HQPureV1.8-bg.exe, En quarantaine, [99f1500b1b7e8da94df6a02ccd36748c]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{48C1295B-9661-4DA7-8DB0-2247B7A6D8BA}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [c9c1ff5c7b1e67cfd56f49835ba806fa]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51F95670-ABEF-4489-A27F-92706F605AD0}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [32589bc039607fb70441bf0d818212ee]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F358DA-1FA6-4268-858C-E3ECA79D1FDB}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [a5e53a21f1a8c76fa2a2c705be457888]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BA9C428-6686-4BB7-A56D-8FD4F42DFFDE}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [6822530874258da947fd7953d42fb848]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{651EAF39-749D-4BA2-8B46-25C9C7D07CE8}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [eb9f26357b1e0531c58005c741c2cb35]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{656E0590-7BCC-4482-847A-2966EDE1FE16}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [5337a7b4fc9d36000045c804a16248b8]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DEBA5D7-CBC8-459D-9830-671CD57E5AE1}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [a5e5411a0693a393291c725a1ee59868]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7a6f233a-f36d-4f9e-9944-e4ea83a9f279}|AppName, HQPureV1.8-codedownloader.exe, En quarantaine, [266484d71c7d2e08d2731daf46bd4eb2]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BB222CC-63D4-42E6-A041-D5D0C3B03092}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [eb9f97c43366a09646fed2fade254fb1]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8377C7E4-7BF5-4715-B284-A54D61A3991E}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [4d3d8ecd6d2c8fa787bda5277a8909f7]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8EA8D312-5D21-4160-8E22-D683E2839124}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [533760fbdabf3cfa8eb73993669db848]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A24CD10F-97F8-4C2A-A287-605EA8331D51}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [74169bc0534652e477cdba12d231a15f]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a767dc0b-93fc-495e-b360-eb5ef928845a}|AppName, videos MediaPlay-Air-codedownloader.exe, En quarantaine, [7a10b5a62079350161e407c5946fa65a]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADE13786-2B35-4FA5-96EB-1176E4D7605A}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [98f2adae2b6e55e1a69ec5071fe428d8]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE91B67A-3981-4367-8358-E7BECB5E463D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [850594c7dfba73c359eb24a828dbf20e]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B68E0984-2CDF-4991-A02B-2A7992D3C2BE}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [0f7b2f2c1e7b1e1876cf12ba6e95da26]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD82C1CD-3DA8-4AE7-89D5-12ADAF9513A9}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [4248cf8c7c1de2549da88b414db650b0]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF9F75BC-D51E-4858-84AF-3ED85E774368}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [5e2cd388f8a137ff49fb25a77291a858]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D06E13-6B00-466E-B64A-E86B383B189F}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [2c5e72e957428fa7004544886a991de3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D180A2CC-FA1F-4E4C-8DB0-16F833179DC0}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [0b7f25364950dc5a410348847291659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1C1A6AE-F667-47E7-A9ED-84322D80A5B3}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [cebc86d55f3af93d63e107c50ff4b848]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D580B85C-E8A4-4105-8DE7-A46AECC35453}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-codedownloader.exe, En quarantaine, [88021546b4e5cb6b67de418b679cba46]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D67CB258-4865-437E-B1CD-B17ED3715367}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [2c5e97c43d5c2d09f54fbf0d1de61de3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E63BA36B-7087-4E36-B820-7A204AE06C2C}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [36540a51792081b5f74d17b58c779f61]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E94E6946-9DB0-4547-B22B-4ED3AD60953D}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [028853083564bc7a9ca823a9946ffe02]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0D7707C-30E4-4467-B593-26A42B711D22}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [1971abb03f5a3501182c448861a255ab]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5020665-FA0B-4372-BB63-4A49B4471558}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [45450b50b5e42d09dd67f9d3dc2729d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8FAF067-B9D5-46FF-9FED-A1966399156A}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [e8a23d1e405947ef79cb5c708f74d52b]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F93D01F4-C157-4F95-B57D-C85EDBAF5EF3}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [bdcd372401983ff75ce8408c2cd79a66]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD7B5017-C3ED-40F9-B991-7968C23C7542}|AppName, 5799cf62-35b8-4f36-9475-6852ca53dd51-2.exe-buttonutil.exe, En quarantaine, [543685d6217857dfcd773e8e55ae39c7]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF7D2330-F773-408E-A4A4-5297E9285121}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-codedownloader.exe, En quarantaine, [18725dfe0990c472a69f616b51b2ca36]
PUP.Optional.CrossRider, HKU\S-1-5-21-1285318410-1798839694-3203060279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA3512E-2640-46F7-B4FA-9EDF3A83A1CE}|AppName, b2851e3f-e796-439a-b6eb-1b68a61706cc-2.exe-buttonutil.exe, En quarantaine, [a6e452098712ae88152f25a7996a7b85]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 12
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],

Fichiers: 36
Adware.Pirrit, C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe, Supprimer au redémarrage, [e7a33a212673de585acc28ac5fa25fa1],
PUP.Optional.OutBrowse, C:\Users\Guillaume\Downloads\Installation.exe, En quarantaine, [bcce91ca0891a78f59faa44c55acb14f],
PUP.Optional.PrxySvrRST, C:\Users\Guillaume\AppData\Local\win32wordProvider\fat32macroRecovery.exe, En quarantaine, [ed9db9a2c9d00c2a1c7efb1d4ab70ff1],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [ee9cde7d287124127e258e59ab57a35d],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [0684c69574250e28188b598e54ae847c],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [43472536e2b7ef47d4cfa24532d013ed],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [ec9e23381782d462495b9e49857dec14],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [820887d413868fa7baea5a8d99696f91],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\lsdb.js, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\background.html, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\content.js, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\kZNAgO.js, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.MultiPlug, C:\Users\Invité\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oahjbglebpgopidihfmkdgpajilcgdki\2.0\manifest.json, En quarantaine, [c4c60e4da1f80c2adbc9be2934ce02fe],
PUP.Optional.UptUpdater, C:\Windows\Temp\UptUpdater.exe, En quarantaine, [fd8d42196d2c7abc91d5f405659e1ee2],
PUP.Optional.Wauctla, C:\Windows\wauctla.exe, En quarantaine, [ee9c55061089320463ed7388cd3602fe],
PUP.Optional.Obrona.PrxySvrRST, C:\Program Files (x86)\PopApp\rasplapits32.exe, Supprimer au redémarrage, [771366f52178a88e32a0c97e9e66e020],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)
0
Réponse 4 / 5
marius99999 Messages postés 7 Date d'inscription vendredi 14 novembre 2014 Statut Membre Dernière intervention 2 février 2016
28 janv. 2016 à 10:32
RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Gratuit) par Adlice Software
email : https://www.adlice.com/contact/
Remontées : https://forum.adlice.com/
Site web : https://www.adlice.com/fr/roguekiller/
Blog : https://www.adlice.com/

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : Guillaume [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/28/2016 07:10:18

¤¤¤ Processus : 6 ¤¤¤
[Suspicious.Path|VT.Unknown] CGIDaemonTooltip.exe(1780) -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Generic6.CGQQ] win32wordProvider.exe(2340) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> Tué(e) [TermProc]
[VT.Unknown] FinderPerlWYSIWYG.exe(1212) -- C:\Windows\SysWOW64\FinderPerlWYSIWYG\FinderPerlWYSIWYG.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.PUP.Optional.PrxySvrRST] fat32macroRecovery.exe(5424) -- C:\Users\Guillaume\AppData\Local\win32wordProvider\fat32macroRecovery.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (SVC) CGIDaemonTooltip.exe -- C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe[-] -> ERROR [41c]
[Suspicious.Path|VT.Generic6.CGQQ] (SVC) win32wordProvider.exe -- C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe[-] -> ERROR [41c]

¤¤¤ Registre : 43 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Trouvé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AddonMethodWYSIWYG.exe (C:\Users\Guillaume\AppData\Local\AddonMethodWYSIWYG\AddonMethodWYSIWYG.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ArchiveDefaultScrolling.exe (C:\Users\Guillaume\AppData\Local\ArchiveDefaultScrolling\ArchiveDefaultScrolling.exe) -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Tirrip.bpm] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CGIDaemonTooltip.exe (C:\Users\Guillaume\AppData\Local\CGIDaemonTooltip\CGIDaemonTooltip.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\classwdmaudUI.exe (C:\Users\Guillaume\AppData\Local\classwdmaudUI\classwdmaudUI.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\compileexportClient.exe (C:\Users\Guillaume\AppData\Local\compileexportClient\compileexportClient.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CronDaemonJAVA.exe (C:\Users\Guillaume\AppData\Local\CronDaemonJAVA\CronDaemonJAVA.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dd40609929a0202bf500a8b122feb401.exe (C:\Users\Guillaume\AppData\Local\dd40609929a0202bf500a8b122feb401\dd40609929a0202bf500a8b122feb401.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLCEncondingFAT32.exe (C:\Users\Guillaume\AppData\Local\DLCEncondingFAT32\DLCEncondingFAT32.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NativeProgramSprite.exe (C:\Users\Guillaume\AppData\Local\NativeProgramSprite\NativeProgramSprite.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perlplaysndsrv_64.exe (C:\Users\Guillaume\AppData\Local\perlplaysndsrv_64\perlplaysndsrv_64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\processqedit64.exe (C:\Users\Guillaume\AppData\Local\processqedit64\processqedit64.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegisterTaskWord.exe (C:\Users\Guillaume\AppData\Local\RegisterTaskWord\RegisterTaskWord.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimegdiBckp.exe (C:\Users\Guillaume\AppData\Local\runtimegdiBckp\runtimegdiBckp.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\runtimeqdvdSched.exe (C:\Users\Guillaume\AppData\Local\runtimeqdvdSched\runtimeqdvdSched.exe) -> Trouvé(e)
[Suspicious.Path|VT.Generic6.CGQQ] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\win32wordProvider.exe (C:\Users\Guillaume\AppData\Local\win32wordProvider\win32wordProvider.exe) -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11332 -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1285318410-1798839694-3203060279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8B732791-F61D-494D-B5EA-E58E659B26CE} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2D62125-23F6-4FC5-B08F-563C2CC28910} | DhcpNameServer : 189.6.0.79 189.6.0.74 ([-][X]) -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] l8yfehcu.default : user_pref("network.proxy.type", 4); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNF256GMCS +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 226921 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 466452480 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 467374080 | Size: 11892 MB
6 - [MAN-MOUNT] Basic data partition | Offset (sectors): 491728896 | Size: 4096 MB
User = LL1 ... OK
User = LL2 ... OK
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 4 795
2 févr. 2016 à 19:11
Hello,

Magnifique, le nettoyage est fini, reste le final :

Passe un coup de delfix en cochant toutes cases : https://www.commentcamarche.net/telecharger/securite/7111-delfix/

~~

Fais des scans réguliers avec Malwarebytes, il est efficace.

~~
IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite

~~

Attention à ce que tu installes à l'avenir :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme S0ft0nic.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installé des barres d'outils sans le savoir.

Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/

Passe le mot à tes amis !

~~

Bonne lecture et n'oublie pas d'indiquer que ton sujet est résolu :)


Bonne soirée ...

Julien
0

Discussions similaires

qu'est-ce que diff message ?
zebulonmarie -
mumu -

18 réponses
Comment reconnaitre si un SMS m'indiquant un message vocal est une arnaque ?
kikidefer -
brucine -

9 réponses
Virus Proxy http=127.0.0.1:8080;https=127.0.0.1:80
MastakBE -
ralphpn61 -

7 réponses
connaitre son serveur proxy
gazol -
Ysis -

49 réponses