cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.4.35 - Nicolas Coolman (29/03/2015)
~ Lancé par Frédéric (08/04/2015 18:32:20)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17691
GCIE: Google Chrome v39.0.2171.99 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : M8X2Q
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.7.0205.0
Trend Micro Titanium v5.00
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3992 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 179 GB (65%) free of 272 GB

---\\ Mode de connexion au système
~ Computer Name: FRÉDÉRIC-MSI
~ User Name: Frédéric
~ All Users Names: HomeGroupUser$, Frédéric, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Frédéric\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Frédéric\AppData\Roaming\
~ %Desktop% : C:\Users\Frédéric\Desktop\
~ %Favorites% : C:\Users\Frédéric\Favorites\
~ %LocalAppData% : C:\Users\Frédéric\AppData\Local\
~ %StartMenu% : C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 179 Go of 272 Go)
D: Hard drive, Flash drive, Thumb drive (Free 179 Go of 182 Go)
E: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 795 Go of 932 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2012 - 13:27:40.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 02:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/04/2012 - 13:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
Mes musiques (My Musics) : 3/3 (Modified)
~ Mes Favoris (My Favorites) : 1/7
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.C08AF3D7162084119A3089D40240E592] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072] [PID.1968]
[MD5.CFCB4F1C6DBE8A5DC0B8DBF058E2586A] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files (x86)\SFR\Kit\9props.exe [976192] [PID.2480]
[MD5.E8F28312EC0211C7A9C5E344730EE312] - (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe [1067280] [PID.1668]
[MD5.7D6E1809C844B1D2AA02B6DCF1950084] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200] [PID.1872]
[MD5.6CB24AD9998AC4F83F0EBE05B4DF8AAB] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Frédéric\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248] [PID.1864]
[MD5.4D1DA8CE5E364D22B4FF00F163194514] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.3272]
[MD5.E02A512F30FC2A02A9CADEEC375FC969] - (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056] [PID.3324]
[MD5.2FD32328C48D021E680D11E8EE8C68A0] - (.MSI - Super-Charger.) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288] [PID.3348]
[MD5.1D48498CC21174A45267BBDC526FA4CF] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576] [PID.3356]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.6880]
[MD5.CA1DC0FFE7DD4D633421B8BC39ED5FFD] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.4424]
[MD5.2CA0461A5730F6FC3F90FA3833C645C9] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904] [PID.5056]
[MD5.761017ABC629ADDBCD43992AF06AEB65] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8195584] [PID.7748]
[MD5.146BF1C1D613AC15F1AC900D3BBE02E7] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginServices\PluginService.exe [702344] [PID.1504] =>PUP.IePluginService
[MD5.83BEF4680718A0367A8AA598A6602C9C] - (.SysTool PasSame LIMITED - Windows SysTool Svr.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [531968] [PID.1048] =>PUP.Fuyu
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2184]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2212]
[MD5.A52EA1D8C2900055323C93DDB252A3DA] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.2240]
[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.2316]
[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.2376]
[MD5.F172AD4E906D97ED8F071896FC6789DC] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912] [PID.2644]
[MD5.6A860C1C8B589B761CC8487E468187EE] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\XTab\ProtectService.exe [158816] [PID.3476]
[MD5.5A8C154DE7DDEE8ADA3375CC76C4351F] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320] [PID.2508]
[MD5.13E838EA8652F8451F29301D3B56B17B] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648] [PID.4116]
[MD5.71C6748EE8DE938532057EF10B4B7E44] - (.Micro-Star International Co., Ltd. - MSI SCM Service.) -- C:\Program Files (x86)\S-Bar\MSIService.exe [160768] [PID.4276]
[MD5.C72ADF8436182E12B1B7E04390CE4C5B] - (.MSI - Super-Charger Service.) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768] [PID.4340]
[MD5.E024300408694566DDF65AB5E004F880] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912] [PID.4428]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\windows\SysWOW64\PnkBstrA.exe [76888] [PID.4532]
[MD5.7143B9E0809236E344FB469C14B9C5B0] - (...) -- C:\Users\Frédéric\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496] [PID.4768] =>PUP.CompatibilityVerifier
[MD5.392450754E17FF778CBC5B9D20583AD1] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.4900]
[MD5.091210450CA7CED08F360D9D7FEC5D11] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.6608]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.4604]
[MD5.BD9457699AC9C1A0FE43398043617279] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276824] [PID.4540]
[MD5.F76057596EF65049869098677AB72C30] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [362840] [PID.6600]
[MD5.2F1DAA9C8700BF7911C79B064D098F2A] - (...) -- C:\Users\Frédéric\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe [51308712] [PID.6824] =>PUP.CompatibilityVerifier
~ Processes Running: Scanned in 00mn 05s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][StartupURLs] http://searchy.easylifeapp.com/ =>Hijacker.GadgetBox
G2 - GCE: Preference [User Data\Default] [aaaaojmikegpiepcfdkkjaplodkpfmlo] Ask Toolbar v.7.15.23.42079 (Désactivé) =>Toolbar.Ask
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.2.0.1 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.2.0 (Activé)
G2 - GCE: Preference [User Data\Default] [fjfiaeaopgmgbenipljajjipecobmbni] HD Cinema Plus 1.8V11.03 v.1.26.31, (Désactivé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [gggfdhjndkkhbgiibdklehpionnkhabj] savinshop v.2.3 (Activé) =>PUP.SavinShop
G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>PUP.Wajam
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.8.64 (Activé)
G2 - GCE: Preference [User Data\Default] [lcbellgjkdfcgjmnlnaolkojlojimiaa] BlockAndSurf v.1.190.0.0 (Désactivé) =>PUP.BlockAndSurf
G2 - GCE: Preference [User Data\Default] [nbifkhamdppnoccklaghalaobnnfaplp] Bigpoint Games FR v.2.3.18.20 (Désactivé)
G2 - GCE: Preference [User Data\Default] [ndkhncnongaclekkbelchmeafffimifj] Giant Savings v.1.21.52 (Désactivé) =>Adware.VidSaver
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [niapdbllcanepiiimjjndipklodoedlc] Yontoo v.1.0.2 (Désactivé) =>Adware.Yontoo
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 40 Legitimates Filtered in 00mn 09s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.)
P2 - FPN:Firefox Plugin Navigator . (.Pas de propriétaire - NPAPI Extension for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com =>Hijacker.GadgetBox
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com =>Hijacker.GadgetBox
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com =>Hijacker.GadgetBox
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://searchfunmoods.com =>PUP.Funmoods
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com =>PUP.SweetPage
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (23)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
O2 - BHO: tpERfectcoupaoN [64Bits] - {64afcfa7-6c9c-4101-8a3e-b26a2625fb21} . (...) -- C:\Program Files\tpERfectcoupaoN\QR0jz4sfiBiFk5.dll =>PUP.TPerfectCoupon
O2 - BHO: saveerabOOx [64Bits] - {c4c9cc1f-c703-4305-97dd-16d42f0d15f2} . (...) -- C:\Program Files\saveerabOOx\iCmcND2Jxs6IZ1.dll =>PUP.SaverBox
O2 - BHO: PriCeDownloadder [64Bits] - {cabfc193-cae2-4e72-b1e9-0c94908b1ff6} . (...) -- C:\Program Files (x86)\PriCeDownloadder\S7mKzJFdEJCH1t.dll =>PUP.PriceDownloader
~ BHO: 7 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Frédéric]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [Frédéric]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\TaskBar [Frédéric]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\Program [Frédéric]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\SystemTools [Frédéric]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Global Startup: 5 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [THXCfg64] . (.Creative Technology Ltd. - Pas de description.) -- C:\windows\system32\THXCfg64.dll
O4 - HKLM\..\Run: [VizorHtmlDialog.exe] . (.Trend Micro Inc. - Trend Titanium.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - VizorShortCut Dynamic Link Library.) -- C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] \b \nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files (x86)\SFR\Kit\9props.exe
O4 - HKCU\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Frédéric\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Frédéric\AppData\Local\Microsoft\OneDrive\OneDrive.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Frédéric\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [S-Bar] . (.Micro-Star International Co.,Ltd. - S-Bar.) -- C:\Program Files (x86)\S-Bar\S-Bar.exe
O4 - HKLM\..\Wow6432Node\Run: [THX Audio Control Panel] . (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [Super-Charger] . (.MSI - Super-Charger.) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Wow6432Node\Run: [Tutorials] Clé orpheline =>PUP.AgenceExclusive
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Easywidget] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [Easynotif] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files (x86)\SFR\Kit\9props.exe
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Frédéric\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Frédéric\AppData\Local\Microsoft\OneDrive\OneDrive.exe
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1504167032-3351206394-1777087434-1001\..\RunOnce: [Uninstall C:\Users\Frédéric\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\windows\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 02s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{178CB911-525E-4FCD-8A7C-4FCCF46B35B4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5558AF2-769A-49E3-9C8E-62F252FFBD52}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{178CB911-525E-4FCD-8A7C-4FCCF46B35B4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{B5558AF2-769A-49E3-9C8E-62F252FFBD52}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{178CB911-525E-4FCD-8A7C-4FCCF46B35B4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 344.) - C:\windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Browser System Enahncer (671c50b0) . (...) - c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll =>Trojan.SProtector
O23 - Service: CouponarificService64 (CouponarificService64) . (...) - C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe =>PUP.CouponArific
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: rqpbhevlkc64 (rqpbhevlkc64) . (...) - C:\Program Files\004\rqpbhevlkc64.exe =>Adware.AdPeak
O23 - Service: Compatibility Verify (Verifies and fixes application compatibility issues) . (...) - C:\Users\Frédéric\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe =>PUP.CompatibilityVerifier
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 34 Legitimates Filtered in 00mn 33s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Tempo Runner] (...) -- C:\ProgramData\pennybee\pennybee.exe (.not file.) [0] =>PUP.PaybyAds
[MD5.00000000000000000000000000000000] [APT] [{90A096B8-23C3-4273-BB9A-3CD3D5C18BC5}] (...) -- C:\Users\Frédéric\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.) [0] =>PUP.SweetPage
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1504167032-3351206394-1777087434-1001Core [918]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1504167032-3351206394-1777087434-1001UA [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [828]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [828] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [830]
O39 - APT: Tempo Runner - (...) -- C:\Windows\Tasks\Tempo Runner.job [184]
O39 - APT: Tempo Runner - (...) -- C:\Windows\System32\Tasks\Tempo Runner [184]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 05s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (cqqzfjts) . (. - .) - C:\windows\system32\drivers\cqqzfjts.sys (.not file.)
O41 - Driver: (dhmogubd) . (. - .) - C:\windows\system32\drivers\dhmogubd.sys (.not file.)
O41 - Driver: (fjfdwbcl) . (. - .) - C:\windows\system32\drivers\fjfdwbcl.sys (.not file.)
O41 - Driver: (hctphjdd) . (. - .) - C:\windows\system32\drivers\hctphjdd.sys (.not file.)
O41 - Driver: (hvtyiopb) . (. - .) - C:\windows\system32\drivers\hvtyiopb.sys (.not file.)
O41 - Driver: (kvbnubvi) . (. - .) - C:\windows\system32\drivers\kvbnubvi.sys (.not file.)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: (pivbksju) . (. - .) - C:\windows\system32\drivers\pivbksju.sys (.not file.)
~ Drivers: 96 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Browser System Enahncer - (.WorldLoad.) [HKLM][64Bits] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0} =>Trojan.SProtector
O42 - Logiciel: CouponDownloader - (.CouponDownloader.) [HKLM][64Bits] -- {813BA625-B0FA-48D8-9B75-59759C88C219} =>PUP.CouponDownloader
O42 - Logiciel: CouponFactor - (.CouponFactor.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1
O42 - Logiciel: Tournoi de tarot démo - (.Pierre JACQUET.) [HKLM][64Bits] -- {AB457707-CA33-4A6C-9625-09CC74440190}
~ Logic: 38 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Coupon Downloader] =>PUP.CouponDownloader
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\GoldenGate]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Kromtech]
[HKCU\Software\Kukouri]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Tuto4PC] =>PUP.AgenceExclusive
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\XA Tech]
[HKLM\Software\0892CCEA-3029-46F2-BD98-F3177431F5F8] =>PUP.CrossRider
[HKLM\Software\CouponDownloader ] =>PUP.CouponDownloader
[HKLM\Software\CouponDownloader] =>PUP.CouponDownloader
[HKLM\Software\F2E59BED-97F5-4486-9726-66DE2DDE3B23] =>PUP.CrossRider
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\ ]
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Easyvoyage]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\PicexaSvc]
[HKLM\Software\Wow6432Node\Pyro]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\TUTO4PC] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia
[HKLM\Software\Wow6432Node\couponarific] =>PUP.CouponArific
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\couponarific] =>PUP.CouponArific
~ Key Software: 298 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/12/2014 - 18:59:37 - [] ----D C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8
O43 - CFD: 12/03/2015 - 00:19:21 - [] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 22/07/2014 - 11:17:25 - [] ----D C:\Program Files (x86)\ASP
O43 - CFD: 12/03/2013 - 12:10:40 - [] ----D C:\Program Files (x86)\Browser Helper Object
O43 - CFD: 13/06/2014 - 13:43:12 - [] ----D C:\Program Files (x86)\Browsersafeguard =>PUP.BrowserSafeguard
O43 - CFD: 21/07/2014 - 23:44:16 - [0] ----D C:\Program Files (x86)\cosstminn =>PUP.CostMin
O43 - CFD: 02/03/2015 - 11:19:57 - [] ----D C:\Program Files (x86)\daealsteR =>PUP.DealSter
O43 - CFD: 12/03/2015 - 00:21:30 - [] ----D C:\Program Files (x86)\HD Cinema Plus 1.8V11.03 =>PUP.CrossRider
O43 - CFD: 12/03/2015 - 00:21:30 - [] ----D C:\Program Files (x86)\I - Cinema =>PUP.CrossRider
O43 - CFD: 12/03/2015 - 00:07:07 - [0] ----D C:\Program Files (x86)\IGS
O43 - CFD: 02/03/2015 - 11:19:57 - [] ----D C:\Program Files (x86)\Jobisjob Alerts
O43 - CFD: 12/03/2015 - 00:19:20 - [] ----D C:\Program Files (x86)\Mountain Bike =>PUP.MountainBike
O43 - CFD: 21/07/2014 - 23:54:33 - [] ----D C:\Program Files (x86)\NewPlayer =>Adware.NewPlayer
O43 - CFD: 06/03/2015 - 02:11:48 - [] ----D C:\Program Files (x86)\PriCeDownloadder =>PUP.PriceDownloader
O43 - CFD: 12/03/2015 - 00:19:19 - [] ----D C:\Program Files (x86)\QuickRef_1.10.0.9 =>PUP.QuickRef
O43 - CFD: 22/07/2014 - 11:17:23 - [] ----D C:\Program Files (x86)\RCP
O43 - CFD: 06/03/2015 - 02:10:44 - [] ----D C:\Program Files (x86)\saaavernet =>PUP.SaveNet
O43 - CFD: 06/03/2015 - 02:10:44 - [] ----D C:\Program Files (x86)\savernnet =>PUP.SaveNet
O43 - CFD: 22/07/2014 - 11:17:29 - [] ----D C:\Program Files (x86)\Supporter =>PUP.SaveClicker
O43 - CFD: 29/03/2014 - 03:19:13 - [] ----D C:\Program Files (x86)\TournoiTarotDémo
O43 - CFD: 12/03/2015 - 00:19:19 - [] ----D C:\Program Files (x86)\ver8BlockAndSurf =>PUP.BlockAndSurf
O43 - CFD: 27/03/2015 - 13:42:19 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 12/03/2015 - 00:19:21 - [0] ----D C:\Program Files (x86)\Common Files\ClaraUpdater =>Adware.SupTab
O43 - CFD: 06/01/2015 - 17:12:11 - [] ----D C:\ProgramData\2643c78b65623c26
O43 - CFD: 16/03/2015 - 19:02:00 - [] ----D C:\ProgramData\2757266798396193830UL
O43 - CFD: 11/08/2014 - 10:37:00 - [0] ----D C:\ProgramData\374311380
O43 - CFD: 04/05/2013 - 13:49:30 - [] ----D C:\ProgramData\Ask
O43 - CFD: 02/10/2012 - 18:12:14 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 12/03/2015 - 00:19:23 - [] ----D C:\ProgramData\Browser System Enahncer =>Trojan.SProtector
O43 - CFD: 27/10/2014 - 20:46:35 - [] ----D C:\ProgramData\CheapCoupon
O43 - CFD: 23/10/2014 - 06:43:00 - [0] ----D C:\ProgramData\CoolSaLeCeOuPoon =>PUP.CoolSaleCoupon
O43 - CFD: 01/03/2015 - 19:22:09 - [] ----D C:\ProgramData\CouponFactor
O43 - CFD: 05/02/2015 - 20:09:24 - [0] ----D C:\ProgramData\CouponFactory =>PUP.CouponFactory
O43 - CFD: 10/12/2014 - 12:22:15 - [0] ----D C:\ProgramData\couponpeak =>PUP.CouponPeak
O43 - CFD: 10/02/2015 - 07:48:43 - [] ----D C:\ProgramData\DealsFactor =>PUP.DealsFactor
O43 - CFD: 11/12/2014 - 08:47:13 - [0] ----D C:\ProgramData\dealster =>PUP.DealSter
O43 - CFD: 20/11/2014 - 10:48:54 - [] ----D C:\ProgramData\downloaditkeep =>PUP.DownloadItKeep
O43 - CFD: 11/10/2014 - 19:37:50 - [0] ----D C:\ProgramData\eAsyTosuhop =>PUP.EasyToShop
O43 - CFD: 20/05/2014 - 19:50:48 - [] ----D C:\ProgramData\IePluginService =>PUP.IePluginService
O43 - CFD: 24/07/2014 - 16:57:50 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 06/01/2015 - 17:11:55 - [] ----D C:\ProgramData\lgckloncibljihofopkbiboaccffhohc
O43 - CFD: 12/03/2015 - 00:21:30 - [] ----D C:\ProgramData\MWHgfgYXsS
O43 - CFD: 13/12/2014 - 20:58:26 - [0] ----D C:\ProgramData\OEM Links
O43 - CFD: 07/03/2015 - 13:40:07 - [] ----D C:\ProgramData\saveernet =>PUP.SaveNet
O43 - CFD: 26/11/2014 - 16:50:41 - [] ----D C:\ProgramData\saveitkeep =>PUP.SaveItKeep
O43 - CFD: 11/12/2014 - 08:47:13 - [0] ----D C:\ProgramData\savinshop =>PUP.SavinShop
O43 - CFD: 11/10/2014 - 19:37:50 - [0] ----D C:\ProgramData\shiopNdroPP =>PUP.ShopDrop
O43 - CFD: 07/03/2015 - 13:40:07 - [] ----D C:\ProgramData\shoopondRop =>PUP.ShopDrop
O43 - CFD: 14/12/2014 - 00:22:17 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 13/06/2014 - 13:43:02 - [] ----D C:\ProgramData\weebsoavEr =>PUP.Websave
O43 - CFD: 27/03/2015 - 13:41:04 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 12/06/2014 - 22:08:28 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 19/05/2014 - 19:59:53 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 12/03/2015 - 00:19:18 - [] ----D C:\ProgramData\ZombieNews
O43 - CFD: 12/03/2015 - 00:19:18 - [] ----D C:\ProgramData\{d5f4ff25-7e1d-5075-d5f4-4ff257e1fc95}
O43 - CFD: 13/04/2012 - 13:50:21 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 12/03/2015 - 00:19:10 - [] ----D C:\Users\Frédéric\AppData\Roaming\03000200-1426110027-0500-0006-000700080009
O43 - CFD: 19/05/2014 - 19:51:00 - [0] ----D C:\Users\Frédéric\AppData\Roaming\Activeris =>PUP.Activeris
O43 - CFD: 12/03/2015 - 00:01:26 - [] -SH-D C:\Users\Frédéric\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 17/03/2013 - 19:42:30 - [] ----D C:\Users\Frédéric\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 15/03/2013 - 22:48:37 - [] ----D C:\Users\Frédéric\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 15/03/2013 - 17:56:55 - [] ----D C:\Users\Frédéric\AppData\Roaming\com.wb.DC2
O43 - CFD: 24/07/2014 - 16:59:55 - [] --H-D C:\Users\Frédéric\AppData\Roaming\GoldenGate
O43 - CFD: 11/09/2014 - 23:36:48 - [] ----D C:\Users\Frédéric\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 22/07/2014 - 11:08:14 - [] ----D C:\Users\Frédéric\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 04/05/2013 - 14:10:54 - [] ----D C:\Users\Frédéric\AppData\Roaming\Radiocom
O43 - CFD: 12/06/2014 - 22:31:52 - [] ----D C:\Users\Frédéric\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 03/10/2014 - 00:32:39 - [0] ----D C:\Users\Frédéric\AppData\Roaming\unpacked27940
O43 - CFD: 12/03/2015 - 00:19:02 - [0] ----D C:\Users\Frédéric\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 21/07/2014 - 23:41:52 - [] ----D C:\Users\Frédéric\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O43 - CFD: 11/03/2015 - 23:45:04 - [] ----D C:\Users\Frédéric\AppData\Roaming\WTools =>PUP.Nosibay
O43 - CFD: 12/03/2015 - 00:19:18 - [] ----D C:\Users\Frédéric\AppData\Local\03000200-1426113899-0500-0006-000700080009
O43 - CFD: 12/03/2015 - 00:19:18 - [] ----D C:\Users\Frédéric\AppData\Local\03000200-1426113913-0500-0006-000700080009
O43 - CFD: 11/03/2015 - 23:43:23 - [] ----D C:\Users\Frédéric\AppData\Local\BoBrowser =>PUP.BoBrowser
O43 - CFD: 19/05/2014 - 19:49:35 - [] ----D C:\Users\Frédéric\AppData\Local\com
O43 - CFD: 11/03/2015 - 23:42:21 - [] ----D C:\Users\Frédéric\AppData\Local\CrossBrowser =>PUP.CrossBrowser
O43 - CFD: 11/03/2015 - 23:41:28 - [] -SH-D C:\Users\Frédéric\AppData\Local\EmieBrowserModeList
O43 - CFD: 24/07/2014 - 18:02:10 - [] ----D C:\Users\Frédéric\AppData\Local\Gameo =>PUP.Gameo
O43 - CFD: 02/10/2012 - 18:16:11 - [] ----D C:\Users\Frédéric\AppData\Local\Giant Savings =>Adware.VidSaver
O43 - CFD: 21/07/2014 - 23:42:24 - [] ----D C:\Users\Frédéric\AppData\Local\newplayer =>Adware.NewPlayer
O43 - CFD: 22/07/2014 - 11:17:21 - [] ----D C:\Users\Frédéric\AppData\Local\PriceMeter =>PUP.PriceMeter
O43 - CFD: 10/01/2013 - 07:54:50 - [] ----D C:\Users\Frédéric\AppData\Local\supeasyfr1
O43 - CFD: 24/07/2014 - 16:57:04 - [] ----D C:\Users\Frédéric\AppData\Local\tmp27934
O43 - CFD: 02/10/2012 - 18:12:22 - [] ----D C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>PUP.Wajam
~ 195 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 488 Legitimates Filtered in 00mn 05s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:09/01/2012 - 20:32:40 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/02/2012 - 11:31:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [143144]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:19/11/2014 - 16:38:44 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [41168]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:30/10/2013 - 04:16:30 ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 73 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 04/04/2015 - 18:35:17 ---A- . (...) -- C:\Users\Frédéric\Downloads\SteamSetup.exe [1142128]
O61 - LFC: 08/04/2015 - 18:34:54 ---A- . (...) -- C:\Users\Frédéric\AppData\Roaming\appdataFr3.bin [20]
~ 143 Fichiers temporaires (Temporary files)
~ 147 Fichiers cookies (Cookies files)
~ Files: 9 Legitimates Filtered in 01mn 28s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 19/11/2014 - C:\Windows\System32\drivers\netfilter64.sys (netfilter64) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_NETFILTER64
~ Legacy: 76 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Frédéric\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://www.delta-homes.com =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {6C2A5B39-4363-44F9-91A6-0FB0EE20FC81} - (SweetIM Search) - http://www.delta-homes.com =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {8A244612-A1F7-11E0-95C0-E71F4824019B} - (Search) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {8E407A64-6CAD-4BDF-B6C6-F7DC1D174CEB} - (Bing) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {CC95312F-241B-45F2-AE52-3FFFF3C491AF} - (Ask Search) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {CF842AED-4C79-4E65-B4BD-4DF87407F56F} - () - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.055AAA8AB1AD136255CD21B2F57F2D34] [SPRF][08/04/2015] (...) -- C:\ProgramData\Ye1eWwR.dat [112]
[MD5.F2DD0DEDB2C260419ECE4A9E03B2E828] [SPRF][13/12/2014] (...) -- C:\Users\Frédéric\AppData\Roaming\appdataFr2.bin [4]
[MD5.86EFFA53457E16C6D7847C98D53BA895] [SPRF][08/04/2015] (...) -- C:\Users\Frédéric\AppData\Roaming\appdataFr3.bin [20]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B98BDE9C67A7703C8D2E3B84BC2DD088] [WIS][15/06/2014] (.CouponDownloader - CouponDownloader.) -- C:\Windows\Installer\1f840e6.msi [1359872] =>PUP.CouponDownloader
~ WIS: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32 =>Adware.Boxore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS =>Adware.Boxore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\giant savings-bg_RASAPI32 =>Adware.VidSaver
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\giant savings-bg_RASMANCS =>Adware.VidSaver
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Giant Savings_RASAPI32 =>Adware.VidSaver
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Giant Savings_RASMANCS =>Adware.VidSaver
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_0308-accd2ad2_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_0308-accd2ad2_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\majt4pcfr_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\majt4pcfr_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\majtuto4pcfrdyn_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\majtuto4pcfrdyn_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32 =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32 =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32 =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_IronSource_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_IronSource_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\toolbar_vit_sweetim_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\toolbar_vit_sweetim_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_4_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_4_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upt4pcfr4_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upt4pcfr4_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1364_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1364_RASMANCS =>Adware.Yontoo
~ BTK: 205 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{014ed487-64e2-460f-b376-22767e80f6fe}] (dealster) =>PUP.DealSter
[HKCR\CLSID\{095f1e5c-1b4b-47e2-8575-ce173c35afa1}] (couponpeak) =>PUP.CouponPeak
[HKCR\CLSID\{a295f11a-bd90-440b-9637-c495318707e2}] (dealpeak) =>PUP.DealPeak
~ BCK: 5659 Legitimates Filtered in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 05/02/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 06/12/2011 275912 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SS - | Auto 19/11/2014 186368 | (CouponarificService64) . (...) - C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe =>PUP.CouponArific
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 22/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/02/2012 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Auto 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 11/08/2014 186192 | c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll (671c50b0) . (...) - C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll =>Trojan.SProtector
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/01/2012 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 21/02/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 21/02/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 21/02/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 18/01/2012 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 26/02/2012 626960 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 06/11/2014 1148744 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 02/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/12/2011 2429544 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 24/07/2014 702344 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SR - | Auto 20/03/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 03/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 15/03/2012 127320 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 15/03/2012 162648 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 15/03/2012 276824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 15/10/2014 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 15/03/2012 160768 | (Micro Star SCM) . (.Micro-Star International Co., Ltd..) - C:\Program Files (x86)\S-Bar\MSIService.exe
SR - | Auto 17/07/2010 12800 | (MSI Foundation Service) . (.MSI.) - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
SR - | Auto 03/01/2012 138768 | (MSI_SuperCharger) . (.MSI.) - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
SR - | Auto 30/01/2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 06/11/2014 1795912 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 06/11/2014 19819848 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 03/11/2014 935232 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe
SR - | Auto 26/02/2012 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 13/06/2014 709120 | (rqpbhevlkc64) . (...) - C:\Program Files\004\rqpbhevlkc64.exe =>Adware.AdPeak
SR - | Auto 06/12/2011 247072 | (TiMiniService) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
SR - | Demand 20/01/2012 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 15/03/2012 362840 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/02/2015 99496 | (Verifies and fixes application compatibility issues) . (...) - C:\Users\Frédéric\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe =>PUP.CompatibilityVerifier
SR - | Auto 27/03/2015 531968 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/02/2012 2669840 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 13s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Frédéric at 08/04/2015 18:37:08
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Frédéric at 08/04/2015 18:37:10
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (29/03/2015)
Clés trouvées (Keys found) : 218
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 69
Fichiers trouvés (Files found) : 26

[HKLM\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo] =>Toolbar.Ask^
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\fjfiaeaopgmgbenipljajjipecobmbni] =>PUP.CrossRider^
[HKLM\Software\Google\Chrome\Extensions\gggfdhjndkkhbgiibdklehpionnkhabj] =>PUP.SavinShop^
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>PUP.Wajam^
[HKLM\Software\Google\Chrome\Extensions\lcbellgjkdfcgjmnlnaolkojlojimiaa] =>PUP.BlockAndSurf^
[HKLM\Software\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj] =>Adware.VidSaver^
[HKLM\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc] =>Adware.Yontoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64AFCFA7-6C9C-4101-8A3E-B26A2625FB21}] =>PUP.TPerfectCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4C9CC1F-C703-4305-97DD-16D42F0D15F2}] =>PUP.SaverBox^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CABFC193-CAE2-4E72-B1E9-0C94908B1FF6}] =>PUP.PriceDownloader^
[HKLM\SYSTEM\CurrentControlSet\Services\671c50b0] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\CouponarificService64] =>PUP.CouponArific^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\rqpbhevlkc64] =>Adware.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\Verifies and fixes application compatibility issues] =>PUP.CompatibilityVerifier^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner] =>PUP.PaybyAds^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0}] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}] =>PUP.CouponDownloader^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Tuto4pc] =>PUP.Eorezo
[HKLM\Software\Wow6432Node\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj] =>Adware.VidSaver
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM
[HKLM\Software\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Tutorials =>PUP.AgenceExclusive^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo =>Toolbar.Ask^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjfiaeaopgmgbenipljajjipecobmbni =>PUP.CrossRider^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gggfdhjndkkhbgiibdklehpionnkhabj =>PUP.SavinShop^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>PUP.Wajam^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbellgjkdfcgjmnlnaolkojlojimiaa =>PUP.BlockAndSurf^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj =>Adware.VidSaver^
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc =>Adware.Yontoo^
C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^
C:\Program Files (x86)\Browsersafeguard =>PUP.BrowserSafeguard^
C:\Program Files (x86)\cosstminn =>PUP.CostMin^
C:\Program Files (x86)\daealsteR =>PUP.DealSter^
C:\Program Files (x86)\HD Cinema Plus 1.8V11.03 =>PUP.CrossRider^
C:\Program Files (x86)\I - Cinema =>PUP.CrossRider^
C:\Program Files (x86)\Mountain Bike =>PUP.MountainBike^
C:\Program Files (x86)\NewPlayer =>Adware.NewPlayer^
C:\Program Files (x86)\PriCeDownloadder =>PUP.PriceDownloader^
C:\Program Files (x86)\QuickRef_1.10.0.9 =>PUP.QuickRef^
C:\Program Files (x86)\saaavernet =>PUP.SaveNet^
C:\Program Files (x86)\savernnet =>PUP.SaveNet^
C:\Program Files (x86)\Supporter =>PUP.SaveClicker^
C:\Program Files (x86)\ver8BlockAndSurf =>PUP.BlockAndSurf^
C:\Program Files (x86)\Common Files\ClaraUpdater =>Adware.SupTab^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\Browser System Enahncer =>Trojan.SProtector^
C:\ProgramData\CoolSaLeCeOuPoon =>PUP.CoolSaleCoupon^
C:\ProgramData\CouponFactory =>PUP.CouponFactory^
C:\ProgramData\couponpeak =>PUP.CouponPeak^
C:\ProgramData\DealsFactor =>PUP.DealsFactor^
C:\ProgramData\dealster =>PUP.DealSter^
C:\ProgramData\downloaditkeep =>PUP.DownloadItKeep^
C:\ProgramData\eAsyTosuhop =>PUP.EasyToShop^
C:\ProgramData\IePluginService =>PUP.IePluginService^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\saveernet =>PUP.SaveNet^
C:\ProgramData\saveitkeep =>PUP.SaveItKeep^
C:\ProgramData\savinshop =>PUP.SavinShop^
C:\ProgramData\shiopNdroPP =>PUP.ShopDrop^
C:\ProgramData\shoopondRop =>PUP.ShopDrop^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\weebsoavEr =>PUP.Websave^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Frédéric\AppData\Roaming\Activeris =>PUP.Activeris^
C:\Users\Frédéric\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Frédéric\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\Frédéric\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Frédéric\AppData\Roaming\OfferBox =>PUP.OfferBox^
C:\Users\Frédéric\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^
C:\Users\Frédéric\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\Frédéric\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\Frédéric\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\Frédéric\AppData\Roaming\WTools =>PUP.Nosibay^
C:\Users\Frédéric\AppData\Local\BoBrowser =>PUP.BoBrowser^
C:\Users\Frédéric\AppData\Local\CrossBrowser =>PUP.CrossBrowser^
C:\Users\Frédéric\AppData\Local\Gameo =>PUP.Gameo^
C:\Users\Frédéric\AppData\Local\Giant Savings =>Adware.VidSaver^
C:\Users\Frédéric\AppData\Local\newplayer =>Adware.NewPlayer^
C:\Users\Frédéric\AppData\Local\PriceMeter =>PUP.PriceMeter^
C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>PUP.Wajam^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Program Files (x86)\Browser Helper Object =>PUP.Babylon
C:\Program Files (x86)\HappyLyrics =>Adware.AddLyrics
C:\ProgramData\Software =>Adware.Boxore
C:\Users\Frédéric\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\Frédéric\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Users\Frédéric\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Frédéric\AppData\LocalLow\Funmoods =>PUP.Funmoods
C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService^
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu^
C:\Users\Frédéric\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe =>PUP.CompatibilityVerifier^
C:\Users\Frédéric\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe =>PUP.CompatibilityVerifier^
[HKCU\Software\Coupon Downloader] =>PUP.CouponDownloader^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\Tuto4PC] =>PUP.AgenceExclusive^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKLM\Software\0892CCEA-3029-46F2-BD98-F3177431F5F8] =>PUP.CrossRider^
[HKLM\Software\CouponDownloader ] =>PUP.CouponDownloader^
[HKLM\Software\CouponDownloader] =>PUP.CouponDownloader^
[HKLM\Software\F2E59BED-97F5-4486-9726-66DE2DDE3B23] =>PUP.CrossRider^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\TUTO4PC] =>PUP.AgenceExclusive^
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia^
[HKLM\Software\Wow6432Node\couponarific] =>PUP.CouponArific^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKLM\Software\couponarific] =>PUP.CouponArific^
C:\Windows\Installer\1f840e6.msi =>PUP.CouponDownloader^
[HKCR\CLSID\{014ed487-64e2-460f-b376-22767e80f6fe}] (dealster) =>PUP.DealSter^
[HKCR\CLSID\{095f1e5c-1b4b-47e2-8575-ce173c35afa1}] (couponpeak) =>PUP.CouponPeak^
[HKCR\CLSID\{a295f11a-bd90-440b-9637-c495318707e2}] (dealpeak) =>PUP.DealPeak^
~ Additionnel Scan: 258169 Items scanned in 00mn 26s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>PUP.CompatibilityVerifier
http://nicolascoolman.fr/hijacker-gadgetbox =>Hijacker.GadgetBox
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-savinshop =>PUP.SavinShop
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-blockandsurf =>PUP.BlockAndSurf
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://nicolascoolman.fr/pup-sweetpage =>PUP.SweetPage
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.TPerfectCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.SaverBox
http://www.nicolascoolman.fr/blog/ =>PUP.PriceDownloader
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/trojan-sprotector =>Trojan.SProtector
http://www.nicolascoolman.fr/blog/ =>PUP.CouponArific
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://nicolascoolman.fr/26601441-adware-adpeak =>Adware.AdPeak
http://nicolascoolman.fr/pup-paybyads =>PUP.PaybyAds
http://www.nicolascoolman.fr/blog/ =>PUP.CouponDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/pup-offerbox =>PUP.OfferBox
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://www.nicolascoolman.fr/blog/ =>PUP.LevelQualityWatcher
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-vittalia =>PUP.Vittalia
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/pup-costmin =>PUP.CostMin
http://www.nicolascoolman.fr/blog/ =>PUP.DealSter
http://www.nicolascoolman.fr/blog/ =>PUP.MountainBike
http://www.nicolascoolman.fr/blog/ =>Adware.NewPlayer
http://www.nicolascoolman.fr/blog/ =>PUP.QuickRef
http://www.nicolascoolman.fr/blog/ =>PUP.SaveNet
http://nicolascoolman.fr/pup-saveclicker =>PUP.SaveClicker
http://www.nicolascoolman.fr/blog/ =>Adware.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.CoolSaleCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.CouponFactory
http://www.nicolascoolman.fr/blog/ =>PUP.CouponPeak
http://www.nicolascoolman.fr/blog/ =>PUP.DealsFactor
http://www.nicolascoolman.fr/blog/ =>PUP.DownloadItKeep
http://nicolascoolman.fr/pup-easytoshop =>PUP.EasyToShop
http://www.nicolascoolman.fr/blog/ =>PUP.SaveItKeep
http://www.nicolascoolman.fr/blog/ =>PUP.ShopDrop
http://nicolascoolman.fr/pup-websave =>PUP.Websave
http://nicolascoolman.fr/pup-activeris =>PUP.Activeris
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/pup-pricemeter =>PUP.PriceMeter
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://www.nicolascoolman.fr/blog/ =>PUP.BoBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://www.nicolascoolman.fr/blog/ =>Adware.PricePeep
http://www.nicolascoolman.fr/blog/ =>PUP.DealPeak
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/blog/ =>Adware.CDNHelper
http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
~ MSI: 81 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

~ 1169 Legitimates filtered by white list
End of the scan (1168 lines in 05mn 18s)(0.11)

Publicité


Signaler le contenu de ce document

Publicité