cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.17.49 - Nicolas Coolman (17/05/2015)
~ Lancé par toshiba (18/05/2015 15:32:07)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801
GCIE: Google Chrome v42.0.2311.152
OPIE: Opera Stable v29.0.1795.47 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : W8DQG
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Avast Free Antivirus v10.2.2218
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 ActiveX
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 205 GB (68%) free of 298 GB

---\\ Mode de connexion au système
~ Computer Name: TOSHIBA-PC
~ User Name: toshiba
~ All Users Names: toshiba, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\toshiba\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\toshiba\AppData\Roaming\
~ %Desktop% : C:\Users\toshiba\Desktop\
~ %Favorites% : C:\Users\toshiba\Favorites\
~ %LocalAppData% : C:\Users\toshiba\AppData\Local\
~ %StartMenu% : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 205 Go of 298 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 01:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CB5F450D21B9D76B7F01D006E4AEDB40] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 11:02:00.) -- C:\Windows\System32\wininet.dll [1882112]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.16/07/2014 - 21:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 08:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 02:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 04:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 04:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 05:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 22:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 04:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.7FE680A3DFA421C4A8E4879AE4C5AAB0] - (.Microsoft Corporation - TDI Translation Driver.) (.10/11/2014 - 21:32:14.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 08:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/109
~ Mes musiques (My Musics) : 1/72
~ Mes Videos (My Videos) : 2/40
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/184
~ Mon Bureau (My Desktop) : 1/1228
~ Menu demarrer (Programs) : 1/68
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.1724]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.1732]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.1760]
[MD5.65C6AA484AD2287D20541C7735989437] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5515496] [PID.1812]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.1836]
[MD5.7016A5D74459577060366F7D1E44F495] - (.FileProperties_CompanyName - FileProperties_FileDescription.) -- C:\Program Files\dr games\dr_games_notification_service.exe [1417216] [PID.2180] =>PUP.CrossRider
[MD5.395BCC9122E705F6586217E32CD01CC9] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672] [PID.2960]
[MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.3900]
[MD5.DA36DB02D14B230C188856735F983B6E] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files\TeamViewer\TeamViewer.exe [17655056] [PID.156]
[MD5.135724D3F79E261B63628D75A6DD0817] - (.Hewlett-Packard Co. - HPNetworkCommunicator.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe [673384] [PID.4828]
[MD5.51CFFD7BBFEA2F7316C560DCC4479759] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8209408] [PID.3112]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js
C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\user.js
M2 - MFEP: RegExtension {B64D9B05-48E1-4CEB-BF58-E0643994E900} . (...) -- C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ (.not file.)
M2 - MFEP: Extension [toshiba - [opt]rs0] {B64D9B05-48E1-4CEB-BF58-E0643994E900}
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com =>PUP.SweetPage
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (31)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: 71c6c330e74701318a6f0adb73eaa5ae0060804 - {11111111-1111-1111-1111-110611081104} . (.Radio Canyon - Radio Canyon BHO.) -- C:\Program Files\Radio Canyon\Radio Canyon-bho.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 28 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll =>Toolbar.Bing
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [toshiba]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\TaskBar [toshiba]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\Program [toshiba]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\SystemTools [toshiba]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Global Startup: 5 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [YTDownloader] C:\Program Files\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms (.not file.)
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [YTDownloader] C:\Program Files\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKCU\..\Run: [BoBrowser] Clé orpheline =>PUP.BoBrowser
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3055068142-3418456093-3361095981-1000\..\Run: [DellSystemDetect] C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms (.not file.)
O4 - HKUS\S-1-5-21-3055068142-3418456093-3361095981-1000\..\Run: [HP Deskjet 3520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-3055068142-3418456093-3361095981-1000\..\Run: [YTDownloader] C:\Program Files\YTDownloader\YTDownloader.exe (.not file.) =>PUP.YTDownloader
O4 - HKUS\S-1-5-21-3055068142-3418456093-3361095981-1000\..\Run: [BoBrowser] Clé orpheline =>PUP.BoBrowser
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_0_3.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF781B61-621E-4DED-B1F5-2830F13ED022}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BF781B61-621E-4DED-B1F5-2830F13ED022}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BF781B61-621E-4DED-B1F5-2830F13ED022}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense - SaveSenseLive Update.) - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.CrossRider
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 10 Legitimates Filtered in 00mn 08s



---\\ Tâches planifiées en automatique (O39)
[MD5.22F237E0AEA5FDAEE03EBFD6BFD6AA31] [APT] [5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1] (.Radio Canyon.) -- C:\Program Files\Radio Canyon\Radio Canyon-codedownloader.exe [1022432]
[MD5.77A4A622635BD1B491128195AC05013A] [APT] [5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11] (.Radio Canyon.) -- C:\Program Files\Radio Canyon\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11.exe [2024928]
[MD5.3E4F32FDB3551B3CFF5D2086952A2D43] [APT] [5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5] (.Radio Canyon.) -- C:\Program Files\Radio Canyon\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5.exe [1168352]
[MD5.3E4F32FDB3551B3CFF5D2086952A2D43] [APT] [5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user] (.Radio Canyon.) -- C:\Program Files\Radio Canyon\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5.exe [1168352]
[MD5.FA1550EF2F5AF447883B659B518971F4] [APT] [5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6] (.Radio Canyon.) -- C:\Program Files\Radio Canyon\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6.exe [1192416]
[MD5.22F237E0AEA5FDAEE03EBFD6BFD6AA31] [APT] [5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7] (.Radio Canyon.) -- C:\Program Files\Radio Canyon\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7.exe [1022432]
[MD5.00000000000000000000000000000000] [APT] [DoctorPC_Popup] (...) -- C:\Program Files\Doctor PC\Splash.exe (.not file.) [0] =>PUP.DoctorPC
[MD5.00000000000000000000000000000000] [APT] [DoctorPC_Start] (...) -- C:\Program Files\Doctor PC\DoctorPC.exe (.not file.) [0] =>PUP.DoctorPC
[MD5.7016A5D74459577060366F7D1E44F495] [APT] [dr_games_notification_service] (.FileProperties_CompanyName.) -- C:\Program Files\dr games\dr_games_notification_service.exe [1417216] =>PUP.CrossRider
[MD5.5F126BD699C6B4D75E22DACDB74AD314] [APT] [dr_games_updating_service] (...) -- C:\Program Files\dr games\dr_games_updating_service.exe [96256] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.1904F248B992D83308DFDF54E40B7F23] [APT] [Opera scheduled Autoupdate 1418048248] (.Opera Software.) -- C:\Program Files\Opera\launcher.exe [888440]
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineCore] (.SaveSense.) -- C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.CrossRider
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineUA] (.SaveSense.) -- C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [YTDownloader] (...) -- C:\Program Files\YTDownloader\YTDownloader.exe (.not file.) [0] =>PUP.YTDownloader
[MD5.00000000000000000000000000000000] [APT] [{93AF74A5-CF7E-432B-A78B-3A685F3A9E96}] (...) -- C:\Program Files\Picexa\uninstall.exe (.not file.) [0]
[MD5.1087BE1ED3E4CF8BAC3DFB8BCF76FACF] [APT] [{EEE298BD-7366-43A7-8E66-148E566ED99F}] (.Skytech Co., Ltd..) -- C:\Users\toshiba\AppData\Roaming\sweet-page\UninstallManager.exe [1891840] =>PUP.SweetPage
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1 - (.Radio Canyon.) -- C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1.job [3422] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1 - (.Radio Canyon.) -- C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1 [3422] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11 - (.Radio Canyon.) -- C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11.job [4814] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11 - (.Radio Canyon.) -- C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11 [4814] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5 - (.Radio Canyon.) -- C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5.job [2420] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5 - (.Radio Canyon.) -- C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5 [2420] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user - (.Radio Canyon.) -- C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user.job [2420] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user - (.Radio Canyon.) -- C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user [2420] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6 - (.Radio Canyon.) -- C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6.job [5492] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6 - (.Radio Canyon.) -- C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6 [5492] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7 - (.Radio Canyon.) -- C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7.job [5156] =>PUP.CrossRider
O39 - APT: 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7 - (.Radio Canyon.) -- C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7 [5156] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: dr_games_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\Tasks\dr_games_notification_service.job [1294] =>PUP.CrossRider
O39 - APT: dr_games_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\System32\Tasks\dr_games_notification_service [1294] =>PUP.CrossRider
O39 - APT: dr_games_updating_service - (...) -- C:\Windows\Tasks\dr_games_updating_service.job [656] =>PUP.CrossRider
O39 - APT: dr_games_updating_service - (...) -- C:\Windows\System32\Tasks\dr_games_updating_service [656] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [944] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [944] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [948] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [948] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: SaveSenseLiveUpdateTaskMachineCore - (.SaveSense.) -- C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job [918] =>PUP.CrossRider
O39 - APT: SaveSenseLiveUpdateTaskMachineCore - (.SaveSense.) -- C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore [918] =>PUP.CrossRider
O39 - APT: SaveSenseLiveUpdateTaskMachineUA - (.SaveSense.) -- C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job [922] =>PUP.CrossRider
O39 - APT: SaveSenseLiveUpdateTaskMachineUA - (.SaveSense.) -- C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA [922] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\temp_3f46055e-d36f-4909-9244-de55fb0b0e33-6.job [5382]
O39 - APT: - (..) -- C:\Windows\Tasks\temp_dea5eea2-51ea-4d61-86ad-12ae273a872c-6.job [5082]
~ Scheduled Task: 124 Legitimates Filtered in 00mn 07s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: ({8d9208df-94f9-4c96-a224-97b37b0df94e}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw.sys =>PUP.LinkiDoo
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Radio Canyon - (.Radio Canyon.) [HKLM] -- Radio Canyon
O42 - Logiciel: SaveSense - (.SaveSense.) [HKCU] -- SaveSense =>PUP.CrossRider
O42 - Logiciel: sweet-page uninstall - (.sweet-page.) [HKLM] -- sweet-page uninstall =>PUP.SweetPage
~ Logic: 14 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]
[HKCU\Software\5868cddbd6dba48] =>Hijacker.Eazel
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\BoBrowser] =>PUP.BoBrowser
[HKCU\Software\CoinisRS] =>Adware.InstallCore
[HKCU\Software\DoctorPCConfig]
[HKCU\Software\DoctorPCLanguage]
[HKCU\Software\GACRJ]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\OB]
[HKCU\Software\PUCGC]
[HKCU\Software\QBOABVWE]
[HKCU\Software\Radio Canyon-nv]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\SaveSenseLive] =>PUP.CrossRider
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\dr games]
[HKCU\Software\drgames]
[HKLM\Software\36d7554d-007f-4862-9690-ee8f1d930ea9] =>PUP.CrossRider
[HKLM\Software\5868cddbd6dba48] =>Hijacker.Eazel
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Clara]
[HKLM\Software\DealPlyLive] =>PUP.DealPly
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\PicexaSvc]
[HKLM\Software\Radio Canyon-nv]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\SaveSenseLive] =>PUP.CrossRider
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\supTab] =>PUP.SupTab
~ Key Software: 193 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/05/2015 - 15:52:00 - [0] ----D C:\Program Files\1f573b1a-311a-45d4-8376-9ce355065ef6
O43 - CFD: 08/01/2015 - 09:49:26 - [0] ----D C:\Program Files\33c8a5ec-a514-4c72-90c1-386f488381f9
O43 - CFD: 02/04/2015 - 15:50:06 - [] ----D C:\Program Files\dr games
O43 - CFD: 17/07/2014 - 18:10:43 - [] ----D C:\Program Files\DRPU Bulk SMS (Demo)
O43 - CFD: 08/12/2014 - 10:15:31 - [] ----D C:\Program Files\Free Codec Pack
O43 - CFD: 13/05/2015 - 15:49:39 - [] ----D C:\Program Files\Radio Canyon
O43 - CFD: 06/01/2015 - 18:24:21 - [] ----D C:\Program Files\Reimageplus.com =>Rogue.ReimageRepair
O43 - CFD: 04/02/2014 - 10:02:45 - [] ----D C:\Program Files\SaveSenseLive =>PUP.CrossRider
O43 - CFD: 09/05/2015 - 15:00:26 - [] ----D C:\Program Files\XTab
O43 - CFD: 10/04/2013 - 16:15:22 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 04/02/2014 - 10:02:45 - [] ----D C:\ProgramData\SaveSenseLive =>PUP.CrossRider
O43 - CFD: 10/04/2013 - 17:10:32 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 09/05/2015 - 14:59:43 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 10/01/2015 - 12:53:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream =>Adware.LiveiStream
O43 - CFD: 06/01/2015 - 18:20:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Express =>Rogue.ReimageRepair
O43 - CFD: 14/07/2009 - 05:00:22 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 10/04/2013 - 16:15:21 - [] ----D C:\Users\toshiba\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 08/01/2015 - 10:37:11 - [] ----D C:\Users\toshiba\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 19/06/2014 - 12:27:17 - [] ----D C:\Users\toshiba\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 08/12/2014 - 10:15:17 - [] ----D C:\Users\toshiba\AppData\Roaming\RHEng =>PUP.Conduit
O43 - CFD: 04/02/2014 - 10:02:40 - [] ----D C:\Users\toshiba\AppData\Roaming\SaveSense =>PUP.CrossRider
O43 - CFD: 07/01/2015 - 17:36:39 - [] ----D C:\Users\toshiba\AppData\Roaming\sweet-page =>PUP.SweetPage
O43 - CFD: 07/01/2015 - 17:00:26 - [] ----D C:\Users\toshiba\AppData\Local\CrossBrowser =>PUP.CrossBrowser
O43 - CFD: 06/01/2015 - 17:20:07 - [] ----D C:\Users\toshiba\AppData\Local\Doctor_PC =>PUP.DoctorPC
O43 - CFD: 13/11/2014 - 10:04:46 - [] -SH-D C:\Users\toshiba\AppData\Local\EmieBrowserModeList
O43 - CFD: 13/05/2015 - 15:52:01 - [0] ----D C:\Users\toshiba\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 13/05/2015 - 15:52:00 - [] ----D C:\Users\toshiba\AppData\Local\SaveSense =>PUP.CrossRider
O43 - CFD: 04/02/2014 - 10:02:45 - [] ----D C:\Users\toshiba\AppData\Local\SaveSenseLive =>PUP.CrossRider
O43 - CFD: 04/02/2014 - 10:02:30 - [] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.CrossRider
~ Program Folder: 186 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EFDEF61C488A193986D4672658E91532] - 13/05/2015 - 15:02:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144]
O44 - LFC:[MD5.A4A192A229E969C9911B76155AFD0AC2] - 18/05/2015 - 10:14:13 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
~ Files: 107 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.22196161068C4707BCA74EB7BAE964F5] - 18/05/2015 - 12:33:53 ---A- - C:\Windows\Prefetch\DR_GAMES_UPDATING_SERVICE.EXE-30BEAD11.pf =>PUP.CrossRider
O45 - LFCP:[MD5.67C92327F5B4078CC98F784C85B5F7E4] - 18/05/2015 - 15:07:07 ---A- - C:\Windows\Prefetch\SAVESENSELIVE.EXE-8CF64CD6.pf =>PUP.CrossRider
O45 - LFCP:[MD5.7A3C7A8B8735ED40A7B7F6D8B6F9D4CF] - 18/05/2015 - 10:16:32 ---A- - C:\Windows\Prefetch\SAVESENSELIVEHANDLER.EXE-C1847C87.pf =>PUP.CrossRider
~ Prefetcher: 3 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{99165c9e-b5de-11e4-a0c4-00a0d14f97e2}\AutoRun\command. (...) -- E:\loader.exe (.not file.)
O51 - MPSK:{d2f923b0-2f0e-11e4-b567-00a0d14f97e2}\AutoRun\command. (...) -- C:\Windows\system32\http:\\www.semag.fr\ (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/05/2015 - 15:02:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:13/05/2015 - 15:02:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:13/05/2015 - 15:02:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [209048] =>.ALWIL Software
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/01/2015 - 06:44:44 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw.sys [43160] =>PUP.LinkiDoo
O58 - SDL:07/01/2015 - 08:44:30 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw.sys [43160] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 81 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 13/05/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 06/01/2015 - C:\Windows\System32\drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw.sys ({8d9208df-94f9-4c96-a224-97b37b0df94e}Gw) .(.StdLib - StdLib.) - LEGACY_{8D9208DF-94F9-4C96-A224-97B37B0DF94E}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 07/01/2015 - C:\Windows\System32\drivers\{bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw.sys ({bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw) .(.StdLib - StdLib.) - LEGACY_{BF5001A3-AE7A-4910-925A-5060EF2C0508}GW =>PUP.LinkiDoo
~ Legacy: 81 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Launcher.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {4C2D0E20-35EB-48E6-B06C-EA8DECD70F94} - (Google) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://do-search.com =>PUP.DoSearches
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DB87C68F56675955913B4167045523C0] [SPRF][03/01/2015] (.HQ-VideoV03.01 - HQ-Video-Pro-2.1cV03.01 exe.) -- C:\Users\toshiba\AppData\Roaming\GDQD.exe [2014696] =>PUP.CrossRider
[MD5.CF3FE0732B2FDBD2E42AF651CE131BAE] [SPRF][03/01/2015] (.Object Browser - Sense exe.) -- C:\Users\toshiba\AppData\Roaming\YKIMT.exe [1810408] =>PUP.ObjectBrowser
[MD5.75F80936FC185FF77AAC85282FC08880] [SPRF][08/01/2015] (...) -- C:\Users\toshiba\Desktop\PlayerStubWrapper1.exe [58765]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "11BC8E7AE90B8F64B9EA2B0EE1FBE715" . (.Bing Bar.) -- C:\Windows\Installer\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5868cddbd6dba48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5868cddbd6dba48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\5868cddbd6dba48] =>PUP.Babylon^
[HKLM\Software\5868cddbd6dba48] => Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5CF3166473755204151B89D8F3069690] [WIS][15/09/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\56ffcd3.msi [4748288] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\dr_games_notification_service_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Microsoft\Tracing\dr_games_updating_service_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 110 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.CrossRider
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.CrossRider
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.CrossRider
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate
[HKCR\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99}] (SaveSense) =>PUP.CrossRider
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.CrossRider
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.CrossRider
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.CrossRider
[HKCR\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}] (SaveSenseLive Update Plugin) =>PUP.CrossRider
[HKCR\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}] (SaveSenseLive Legacy On Demand) =>PUP.CrossRider
[HKCR\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}] (SaveSenseLive Update Plugin) =>PUP.CrossRider
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.CrossRider
~ BCK: 5294 Legitimates Filtered in 00mn 18s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 15/09/2011 195320 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 08/01/2015 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Demand 08/01/2015 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Auto 21/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2015 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 04/02/2014 146920 | (savesenselive) . (.SaveSense.) - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.CrossRider
SS - | Demand 04/02/2014 146920 | (savesenselivem) . (.SaveSense.) - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.CrossRider
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/02/2010 733184 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 13/05/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/07/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 08/05/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 30/04/2015 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 17/04/2015 5448976 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/03/2015 531968 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 18s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by toshiba at 18/05/2015 15:33:28
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 nt!IofCallDriver[0x82C71122] >> \Device\Harddisk0\DR0[0x8547C030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 26 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by toshiba at 18/05/2015 15:33:30
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (17/05/2015)
Clés trouvées (Keys found) : 36
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 20
Fichiers trouvés (Files found) : 62

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\savesenselive) (savesenselive] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall] =>PUP.SweetPage^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>PUP.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611081104}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622082204}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611081104}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
C:\Program Files\Reimageplus.com =>Rogue.ReimageRepair^
C:\Program Files\SaveSenseLive =>PUP.CrossRider^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\SaveSenseLive =>PUP.CrossRider^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream =>Adware.LiveiStream^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Express =>Rogue.ReimageRepair^
C:\Users\toshiba\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\toshiba\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\toshiba\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\toshiba\AppData\Roaming\RHEng =>PUP.Conduit^
C:\Users\toshiba\AppData\Roaming\SaveSense =>PUP.CrossRider^
C:\Users\toshiba\AppData\Roaming\sweet-page =>PUP.SweetPage^
C:\Users\toshiba\AppData\Local\CrossBrowser =>PUP.CrossBrowser^
C:\Users\toshiba\AppData\Local\Doctor_PC =>PUP.DoctorPC^
C:\Users\toshiba\AppData\Local\genienext =>PUP.NextLive^
C:\Users\toshiba\AppData\Local\SaveSense =>PUP.CrossRider^
C:\Users\toshiba\AppData\Local\SaveSenseLive =>PUP.CrossRider^
C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.CrossRider^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files\dr games\dr_games_notification_service.exe =>PUP.CrossRider^
C:\Program Files\dr games\dr_games_updating_service.exe =>PUP.CrossRider^
C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.CrossRider^
C:\Users\toshiba\AppData\Roaming\sweet-page\UninstallManager.exe =>PUP.SweetPage^
C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-1 =>PUP.CrossRider^
C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-11 =>PUP.CrossRider^
C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5 =>PUP.CrossRider^
C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-5_user =>PUP.CrossRider^
C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-6 =>PUP.CrossRider^
C:\Windows\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5e10e201-2f50-4d2e-9d23-6e5026ae19a9-7 =>PUP.CrossRider^
C:\Windows\Tasks\dr_games_notification_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\dr_games_notification_service =>PUP.CrossRider^
C:\Windows\Tasks\dr_games_updating_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\dr_games_updating_service =>PUP.CrossRider^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore =>PUP.CrossRider^
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA =>PUP.CrossRider^
[HKCU\Software\BoBrowser] =>PUP.BoBrowser^
[HKCU\Software\CoinisRS] =>Adware.InstallCore^
[HKCU\Software\SaveSenseLive] =>PUP.CrossRider^
[HKLM\Software\36d7554d-007f-4862-9690-ee8f1d930ea9] =>PUP.CrossRider^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\DealPlyLive] =>PUP.DealPly^
[HKLM\Software\SaveSenseLive] =>PUP.CrossRider^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\supTab] =>PUP.SupTab^
C:\Users\toshiba\AppData\Roaming\GDQD.exe =>PUP.CrossRider^
C:\Users\toshiba\AppData\Roaming\YKIMT.exe =>PUP.ObjectBrowser^
[HKCU\Software\5868cddbd6dba48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5868cddbd6dba48] =>PUP.Babylon^^
C:\Windows\Installer\56ffcd3.msi =>Toolbar.Bing^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.CrossRider^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.CrossRider^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.CrossRider^
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate^
[HKCR\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99}] (SaveSense) =>PUP.CrossRider^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.CrossRider^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.CrossRider^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.CrossRider^
[HKCR\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}] (SaveSenseLive Update Plugin) =>PUP.CrossRider^
[HKCR\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}] (SaveSenseLive Legacy On Demand) =>PUP.CrossRider^
[HKCR\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}] (SaveSenseLive Update Plugin) =>PUP.CrossRider^
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.CrossRider^
C:\Users\toshiba\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 257043 Items scanned in 00mn 37s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://nicolascoolman.fr/pup-sweetpage =>PUP.SweetPage
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.BoBrowser
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>PUP.DoctorPC
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-dealply =>PUP.DealPly
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/blog/ =>Adware.LiveiStream
http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches
http://nicolascoolman.fr/pup-objectbrowser =>PUP.ObjectBrowser
Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedUpMyPC
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox
~ MSI: 38 link(s) detected in 00mn 00s



~ 970 Legitimates filtered by white list
End of the scan (805 lines in 02mn 03s)(0.11)

Publicité


Signaler le contenu de ce document

Publicité