~ Rapport de ZHPDiag v2014.4.19.35 - Nicolas Coolman  (19/04/2014)
~ Lancé par S (19/04/2014 20:13:37)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v28.0.1500.72

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : JXRM3
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Internet Security v14.0.0.4651
Spybot - Search & Destroy v2.1.19
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.07  =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8091 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 31 GB (31%) free of 98 GB

---\\ Mode de connexion au système
~ Computer Name: S-PC
~ User Name: S
~ All Users Names: S, HomeGroupUser$, ASPNET, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\S\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\S\AppData\Roaming\
~ %Desktop% : C:\Users\S\Desktop\
~ %Favorites% : C:\Users\S\Favorites\
~ %LocalAppData% : C:\Users\S\AppData\Local\
~ %StartMenu% : C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 196 Go of 200 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 1 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 24 Go of 465 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/332
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/118
~ Mes Documents (My Documents) : 1/44
~ Mon Bureau (My Desktop) : 1/1883
~ Menu demarrer (Programs) : 1/36
~ Hidden Files:  Scanned in 00mn 01s



---\\ Processus lancés
[MD5.9E9754B5687AC2021A666E355F37F8A9] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe   [3921432] [PID.2264]
[MD5.B96D82EA7BC9A842028559968E9570D4] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe   [1004864] [PID.4192]
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe   [222720] [PID.1528]
[MD5.AD1397AEEC8AFB56BFF9A9BEBE5B963D] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\DyMnm.exe   [778240] [PID.9828]
[MD5.119DD160AF6701632CA8C905CB598661] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\QBLink\QBLink.exe   [2550048] [PID.7736]
[MD5.874CC731DE6D47A80055080DB739DC5B] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYSEM_TNOPENG.exe   [520536] [PID.9892]
[MD5.6E68B4D23B998634492B640BE8EEB2E6] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYPRMC_ALB_IT.exe   [82264] [PID.3320]
[MD5.8EE50C2898A96FAF139726F2AC1EC83E] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DyMEMO_TNOPENG.exe   [258392] [PID.10236]
[MD5.94E52CDF993A2380D74C9DEDE93C808B] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\QBSPOOLER.exe   [334112] [PID.9496]
[MD5.A1F8B58F1EC431485F8377A273E02223] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe   [390256] [PID.12244]
[MD5.54CEC2F353ADA568B06FB88500390AA7] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\A50301.exe   [7745536] [PID.35432]
[MD5.FE09E538D3985EF52D865B7DF0A2701C] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DyParent_TNOPNFR.exe   [29016] [PID.35544]
[MD5.29DA1595A76752A044893F4472464F9E] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYCDM_TNOPENG.exe   [29016] [PID.35792]
[MD5.E6AC6CA5C72059EEB742C7DE0034C7AB] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtbws.exe   [302784] [PID.28588]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.34368]
[MD5.4C820B50704EB1B259E63672EC55B122] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe   [138944] [PID.7228]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [18544] [PID.34496]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe   [1863560] [PID.15304]
[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [846288] [PID.1764]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHP\ZHPDiag\ZHPDiag.exe   [8219648] [PID.6272]
[MD5.8F9D8732840C374D1C5EAF9E1645F4AC] - (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe   [425104] [PID.1484]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1920]
[MD5.8750B3454AF73568BE6203047A08F560] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Infoserv\Apache2\bin\apache.exe   [24645] [PID.1956]
[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe   [214512] [PID.1476]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [116648] [PID.2920]
[MD5.9B7B8F61A11A05617DC379D0860E32A5] - (.Pas de propriétaire - srpts.) -- C:\Program Files (x86)\LPT\srpts.exe   [37920] [PID.500]  =>Adware.Incredibar
[MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe   [29293408] [PID.3232]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe   [238944] [PID.4364]
[MD5.1A4EC186A245B0D66321753B48181FE0] - (...) -- C:\Program Files (x86)\RightSurf\updateRightSurf.exe   [350496] [PID.4568]  =>PUP.RightSurf
[MD5.59DCE6783F9ED27EB72C81466E363BF8] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe   [166528] [PID.5048]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.delta-homes.com  =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.8.9, (Activé)  =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.14.0.0.4917 (Désactivé)
G2 - GCE: Preference [User Data\Default] [kekfoodhbhpjhjcdecjngamojfhknooc] SharaGet download helper v.1.0 (Désactivé)  =>Toolbar.iPumper
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.1.4.1 (Activé)  =>PUP.ExtendedProtection

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 22 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\prefs.js
M3 - MFPP: Plugins - [S] -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\searchplugins\Web Search.xml  =>Parasite.Pugi
M2 - MFEP: prefs.js [S - dbw1j4j0.default\quick_start@gmail.com] [] Quick Start v5.0.2 (..)  =>PUP.QuickStart
M2 - MFEP: prefs.js [S - dbw1j4j0.default\{22052eee-6f37-7664-68b7-b45edc6f60f9}] [] Snap.Do  v1.2.1 (..)  =>Hijacker.SmartBar
~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com  =>Hijacker.SmartBar
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com  =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com  =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com  =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com  =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com  =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com  =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com  =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com  =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com  =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.delta-homes.com  =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.delta-homes.com  =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com  =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com  =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com  =>PUP.Awesomehp
~ IE Browser: 26 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll  =>PUP.SupTab
O2 - BHO: Re-markit [64Bits] - {4b805e37-6319-485e-92e2-a6e8db73ee9e} . (...) -- C:\Program Files (x86)\Re-markit\150.dll (.not file.)  =>PUP.ReMarkIt
O2 - BHO: RightSurf [64Bits] - {a61c899f-1166-4586-be97-3226ea8872fc} . (.RightSurf - RightSurf.) -- C:\Program Files (x86)\RightSurf\RightSurfBHO.dll  =>PUP.RightSurf
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de consommables - HP Officejet Pro 8600.lnk . (...)  -- C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\hpqDTSS.exe (.not file.)  =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Documentation HOP 060300.lnk . (...)  -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_ 06.03.00.pdf 
O4 - GS\Desktop [Public]: Documentation HOP 060500.lnk . (...)  -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_06.05.00.pdf 
O4 - GS\Desktop [Public]: Documentation HOP 070100.lnk . (...)  -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_07.01.00.pdf 
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\Desktop [Public]: HOP2000.lnk . (.Dylog Italia S.p.A. - Pas de description.)  -- C:\Program Files (x86)\TnOpenG\TnMNM.exe 
O4 - GS\Desktop [Public]: HP Officejet Pro 8600.lnk . (...)  -- C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (.not file.)  =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.)  -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe 
O4 - GS\Desktop [Public]: Launch Configuration Application.lnk . (.Alcatel-Lucent - appliconf MFC Application.)  -- C:\Program Files (x86)\Alcatel\OHL Driver\appliconf.exe 
O4 - GS\Desktop [Public]: LayOut 3.lnk . (.Trimble Navigation Limited - LayOut.)  -- C:\Program Files (x86)\Google\Google SketchUp 8\LayOut\LayOut.exe 
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\Desktop [Public]: NewPlayer.lnk . (.Tuguu SL - NewPlayer.)  -- C:\Program Files (x86)\NewPlayer\NewPlayer.exe   =>PUP.VAFPlayer
O4 - GS\Desktop [Public]: OMC 800 22.1a.lnk . (.Alcatel-Lucent - Configuration program for OmniPCX Office.)  -- C:\Program Files (x86)\PCXTools\OMC\R800_22.1a\bin\omc.exe 
O4 - GS\Desktop [Public]: SketchUp 8.lnk . (.Trimble Navigation Limited - SketchUp Application.)  -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe 
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.)  -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe 
O4 - GS\Desktop [Public]: Style Builder 2.lnk . (.Trimble Navigation Limited - Style Builder.)  -- C:\Program Files (x86)\Google\Google SketchUp 8\Style Builder\Style Builder.exe 
O4 - GS\Desktop [Public]: Téléchargement mise à jour HOP.lnk . (.Dylog SAM - Pas de description.)  -- C:\Program Files (x86)\TnOpenG\HopDylogUpdate.exe 
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.)  -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe 
O4 - GS\QuickLaunch [S]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\QuickLaunch [S]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\QuickLaunch [S]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\TaskBar [S]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\Program [S]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\Program [S]: Search.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com  =>Hijacker.SmartBar
O4 - GS\SystemTools [S]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com  =>PUP.Awesomehp
O4 - GS\Desktop [S]: BELLA VISTA - Raccourci.lnk . (...)  -- D:\BELLA VISTA 
O4 - GS\Desktop [S]: GoPro CineForm Studio.lnk . (.Microsoft - GoProImport.)  -- C:\Program Files (x86)\GoPro\Tools\GoPro CineForm Studio.exe 
O4 - GS\Desktop [S]: Hugin.lnk . (...)  -- C:\Program Files (x86)\Hugin\bin\hugin.exe
O4 - GS\Desktop [S]: My DAP Downloads.lnk . (...)  -- C:\Users\S\Desktop 
O4 - GS\Desktop [S]: OS (D) - data.lnk . (...)  -- D:\ 
O4 - GS\Desktop [S]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.)  -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe 
O4 - GS\Desktop [S]: RecentPlaces.lnk - Clé orpheline
~ Global Startup: 92 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: CineForm Status.lnk . (.GoPro - GoPro/CineForm Status Viewer.)  -- C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe 
O4 - GS\Startup [Public]: Logiciel d'impression Marketsplash.lnk . (.Hewlett-Packard Company - HPLocalWebPrintAgent.)  -- C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe 
O4 - GS\Startup [Public]: WDDMStatus.lnk . (...)  -- C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (.not file.)
O4 - GS\Startup [Public]: WDSmartWare.lnk . (.Western Digital - WD SmartWare.)  -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe 
O4 - GS\Startup [S]: Alertes de surveillance de l'encre - HP Officejet Pro 8600 (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.)  -- C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll   =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe   =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe   =>.Microsoft Corporation
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe   =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe 
O4 - HKCU\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_77] . (...) -- C:\Program Files (x86)\fst_fr_77\fst_fr_77.exe   =>PUP.FreeSoftToday
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe   =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe 
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BingBar Service (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (.not file.)  =>Toolbar.Bing
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe  =>Trojan.SProtector
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.not file.)
O23 - Service: LPT System Updater Service (LPTSystemUpdater) . (.Pas de propriétaire - srpts.) - C:\Program Files (x86)\LPT\srpts.exe  =>Adware.Incredibar
O23 - Service: Office Link Driver Service (OHL Driver Service) . (...) - C:\Program Files (x86)\Alcatel\OHL Driver\OHLService.exe (.not file.)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Update RightSurf (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe  =>PUP.RightSurf
O23 - Service: Util RightSurf (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe  =>PUP.RightSurf
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe  =>PUP.WpManager
~ Services: 20 Legitimates Filtered in 00mn 08s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\USerS\S\AppData\Local\FileSFrog Update Checker\update_checker.exe (.not file.)   [0]  =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [{205A3558-CBF0-4F4B-AEE6-1D62CD59B9B4}] (...) -- E:\setup\install.exe (.not file.)   [0]
[MD5.8CFF20A62EFADF9860B0CEEE960975A0] [APT] [{50D6FE7D-4673-45EF-934A-0F3B83DE2A32}] (...) -- D:\exec\OOo_3.2.1_Win_x86_install-wJRE_fr.exe   [149664176]
[MD5.102D9B33314A3E1C7D8C6BD631435C81] [APT] [{54333B19-5103-4499-A171-1F79A76837E3}] (...) -- C:\USerS\S\AppData\Roaming\iPumper\ipumperinSt.exe   [3613128]
[MD5.99A1BB08EB7CABD85F18E2F07EE0CA68] [APT] [{9F152ED3-A199-4C10-AF91-D32D6CEB3F98}] (...) -- C:\Windows\uninstallivw.exe   [1457664]
[MD5.00000000000000000000000000000000] [APT] [{C2B748E3-979D-4E20-86D6-76959DD3B2A3}] (...) -- E:\autorun.exe (.not file.)   [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: BrowseMark - (.BrowseMark.) [HKLM][64Bits] -- BrowseMark  =>PUP.BrowseMark
O42 - Logiciel: DECEMBRE 2013 - (.DYlog SAM.) [HKLM][64Bits] -- {99A679F4-9C64-4EBF-BF74-680E3571BD5E}
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM][64Bits] -- Download Accelerator Plus (DAP)
O42 - Logiciel: HOP2000 Update 06.03.00 MARS 2011 - (.DYlog SAM.) [HKLM][64Bits] -- {B113B412-397D-45A8-B03B-8AB9D2EBBF46}
O42 - Logiciel: HOP2000_06.03.00 - (.Dylog.) [HKLM][64Bits] -- {E91D27D0-206C-4D9D-AA9B-A0998A0C2C7F}
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins  =>Trojan.SProtector
O42 - Logiciel: LPT System Updater Service - (.LPT.) [HKLM][64Bits] -- {BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}  =>Adware.IncrediBar
O42 - Logiciel: NewPlayer - (.TUGUU SL.) [HKLM][64Bits] -- NewPlayer  =>PUP.VAFPlayer
O42 - Logiciel: Re-markit - (.Re-markit Software.) [HKLM][64Bits] -- 407e23f0-1879-41be-ac02-198a55ce6751  =>PUP.ReMarkIt
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab  =>PUP.SupTab
O42 - Logiciel: fst_fr_77 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_77_is1  =>PUP.FreeSoftToday
~ Logic: 33 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BrowseMark]  =>PUP.BrowseMark
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\RightSurf]  =>PUP.RightSurf
[HKCU\Software\Tutorials]  =>AgenceExclusive
[HKCU\Software\card]
[HKCU\Software\iCare_Free]
[HKLM\Software\Wow6432Node\BrowseMark]  =>PUP.BrowseMark
[HKLM\Software\Wow6432Node\MLDTMGR]
[HKLM\Software\Wow6432Node\RightSurf]  =>PUP.RightSurf
[HKLM\Software\Wow6432Node\Tutorials]  =>AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm]  =>PUP.WpManager
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\supTab]  =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM]  =>PUP.WpManager
~ Key Software: 333 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/04/2014 - 11:01:42 - [] ----D C:\Program Files (x86)\BrowseMark  =>PUP.BrowseMark
O43 - CFD: 04/02/2014 - 14:48:24 - [] ----D C:\Program Files (x86)\fst_fr_77  =>PUP.FreeSoftToday
O43 - CFD: 18/04/2014 - 13:06:10 - [] ----D C:\Program Files (x86)\LPT  =>Adware.Incredibar
O43 - CFD: 04/02/2014 - 14:49:16 - [] ----D C:\Program Files (x86)\NewPlayer
O43 - CFD: 27/02/2014 - 18:48:31 - [] ----D C:\Program Files (x86)\RightSurf  =>PUP.RightSurf
O43 - CFD: 11/04/2014 - 08:40:40 - [] ----D C:\Program Files (x86)\SupTab  =>PUP.SupTab
O43 - CFD: 18/04/2014 - 14:57:25 - [] ----D C:\Program Files (x86)\TnOpenG
O43 - CFD: 04/02/2014 - 14:50:14 - [] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 10/09/2010 - 09:35:35 - [] ----D C:\Program Files (x86)\Common Files\CRXl_Temp
O43 - CFD: 10/09/2010 - 09:34:18 - [] ----D C:\Program Files (x86)\Common Files\DAO350
O43 - CFD: 10/09/2010 - 09:34:18 - [] ----D C:\Program Files (x86)\Common Files\DAO360
O43 - CFD: 18/04/2014 - 14:57:37 - [] ----D C:\Program Files (x86)\Common Files\OleSVR
O43 - CFD: 11/04/2014 - 08:40:39 - [] ----D C:\ProgramData\IePluginService  =>Trojan.SProtector
O43 - CFD: 26/02/2014 - 19:18:25 - [] ----D C:\ProgramData\WPM  =>PUP.WpManager
O43 - CFD: 18/04/2014 - 11:01:49 - [] ----D C:\Users\S\AppData\Roaming\0V1L2Z2Z1T1I1L1T
O43 - CFD: 26/02/2014 - 19:19:07 - [] ----D C:\Users\S\AppData\Roaming\SupTab  =>PUP.SupTab
O43 - CFD: 15/02/2014 - 20:40:19 - [] ----D C:\Users\S\AppData\Local\fst_fr_77  =>PUP.FreeSoftToday
O43 - CFD: 18/04/2014 - 12:05:19 - [] ----D C:\Users\S\AppData\Local\LPT  =>Adware.Incredibar
O43 - CFD: 04/02/2014 - 14:49:23 - [] ----D C:\Users\S\AppData\Local\newplayer
O43 - CFD: 04/05/2011 - 12:43:16 - [] ----D C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infoserv
~ Program Folder: 209 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B02E3A4A369A8775FE9E769087F9B07A] - 18/04/2014 - 13:57:27 ---A- . (...) -- C:\LogUpdateHopAdo.txt   [49374]
O44 - LFC:[MD5.627FF2D02F0C7B1F42E7158958BAAC5C] - 18/04/2014 - 15:06:46 ---A- . (...) -- C:\Windows\wininit.ini   [2378]
~ Files: 22 Legitimates Filtered in 00mn 02s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.766F689564BC30E5A91F8621CE65AD68] - 05/03/2007 - 09:55:48 ---A- . (.EyePower Games Pte. Ltd. - Advanced Video FX Filter  Driver (x64).) -- C:\Windows\System32\Drivers\OEM07Vfx.sys   [12288]
O58 - SDL:[MD5.E31960692CBB3A8BCDF300BC1D889E1F] - 19/03/2007 - 11:09:36 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmpx64.sys   [55808]
O58 - SDL:[MD5.82356915157AB59064A24993AE5BE8AA] - 27/02/2007 - 15:10:38 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspx64.sys   [53760]
O58 - SDL:[MD5.C01A92A546854A3E34103B642F0F94A1] - 26/03/2007 - 18:48:24 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys   [55808]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) --  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.delta-homes.com  =>Hijacker.Browsers
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) --  C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.delta-homes.com  =>Toolbar.DeltaSearch
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.DockingPositionDown", false);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.SmartbarDisabled", false);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.Visibility", false);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageCapacity", 3);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageCounter", 0);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageDay", 18);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageLastEvent", "1397642755953");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageMinInterval", 15);  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.barcodeid", "126634");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.countryiso", "fr");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.downloadprovider", "somotoch");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"Http[...]  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.fromautoupdate", "false");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.installationid", "22052eee-6f37-7664-68b7-b45edc6f60f9");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.installdate", "18/04/2014");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.keepAliveLastevent", "1397815556");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1397930590025");  =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.publisher", "somoto");  =>PUP.HelperBar
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com  =>Hijacker.SmartBar
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C9B89BA9B23CFB6E319A984493B0F9D7] [SPRF][07/06/2011] (...) -- C:\Users\S\Desktop\dap96.exe   [12956872]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C89BA091-DCE9-46A0-A353-02D71D12AB9E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SnugTV\SnugTV Station\ConfigWizard.exe (.not file.)
O87 - FAEL: "{9333CE4A-4B03-4DD4-8D80-934DB550A144}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SnugTV\SnugTV Station\ConfigWizard.exe (.not file.)
O87 - FAEL: "TCP Query User{5EAE40A6-6488-464E-81A0-3B0185F3ACC2}C:\infoserv\infoserv.exe" | In - Public - P6 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "UDP Query User{44D6FA5C-B94F-4DBE-8D2F-A6BBFC0BDB6F}C:\infoserv\infoserv.exe" | In - Public - P17 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "TCP Query User{7E43C9FD-3179-423D-966C-1AAD962F6DE9}C:\infoserv\infoserv.exe" | In - Private - P6 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "UDP Query User{EA534685-6EA7-4579-9862-8FF70B7C027F}C:\infoserv\infoserv.exe" | In - Private - P17 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "{DC3B8DF2-67D6-4797-A7F8-3108B19A32E1}" |In - Private - P6 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS04C4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{39302104-5600-43D3-8B4D-A1D37F2A859E}" |In - Private - P17 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS04C4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{7216685A-8633-4DCA-94D4-62EE8EF7A32B}" |In - Private - P6 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS5EA9\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{A11F40AE-E83A-4AD7-859A-C3D1377E72FA}" |In - Private - P17 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS5EA9\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 231 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "008994F1F8081704484B265069060E65" . (.PCXTools OMC 800 22.1a.) -- C:\Windows\Installer\{1F499800-808F-4071-84B4-62059660E056}\ArpProductIcon
O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico  =>Toolbar.Bing
O90 - PUC: "C89768CF90B26814BBEFE77173BE7879" . (.OHL Driver.) -- C:\Windows\Installer\{FC86798C-2B09-4186-BBFE-7E1737EB8797}\ARPPRODUCTICON.exe
O90 - PUC: "D1BA600022B9FD34D841E6DB81ED4DEE" . (..) -- C:\Windows\Installer\{0006AB1D-9B22-43DF-8D14-6EBD18DED4EE}\ARPPRODUCTICON.exe
~ Update Products: 74 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.09D232ED38DC5023D3E61A6B890144EC] [WIS][18/04/2014] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\141648d1.msi   [10108928]  =>Hijacker.SmartBar
[MD5.0018C0854FB76747B5FCECD34856186D] [WIS][08/04/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\141648d8.msi   [1892352]  =>Adware.IncrediBar
[MD5.41B7BC792AC8BB1C9BE06D62FAC2A718] [WIS][08/12/2012] (.Trimble Navigation Limited - SketchUp Pro 8 Installer.) -- C:\Windows\Installer\15cfefdd.msi   [80236544]
~ WIS: 80 Legitimates Filtered in 00mn 13s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32  =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS  =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32  =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS  =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32  =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BI_RunOnce_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BI_RunOnce_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_C8CBFED7F00D3A8C_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_C8CBFED7F00D3A8C_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASAPI32  =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASMANCS  =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32  =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS  =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32  =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS  =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\supreme savings-bg_RASAPI32  =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\supreme savings-bg_RASMANCS  =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Supreme Savings_RASAPI32  =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Supreme Savings_RASMANCS  =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32  =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS  =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASAPI32  =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASMANCS  =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASAPI32  =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASMANCS  =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASAPI32  =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASMANCS  =>PUP.VAFPlayer
~ BTK: 384 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/03/2014 257928 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 |  (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe  =>Toolbar.Bing
SS - | Demand 10/02/2012 240408 |  (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe  =>Toolbar.Bing
SS - | Auto 02/05/2012 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/05/2012 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/09/2010 182768 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 11/04/2014 705136 |  (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe  =>Trojan.SProtector
SS - | Auto 10/07/1658 0 |  (LMS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 13/08/2010 259440 |  (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SS - | Demand 19/04/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 |  (OHL Driver Service) . (...) - C:\Program Files (x86)\Alcatel\OHL Driver\OHLService.exe
SS - | Auto 04/07/2012 1188896 |  (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Auto 04/07/2012 1395736 |  (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Demand 04/01/2012 718888 |  (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 08/12/2010 63488 |  (ServiceOMC) . (.Alcatel-Lucent.) - C:\Windows\SysWOW64\ServiceOMC.exe
SS - | Auto 10/07/1658 0 |  (TeamViewer5) . (...) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Auto 10/07/1658 0 |  (UNS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Auto 18/04/2014 350496 |  (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe  =>PUP.RightSurf
SS - | Auto 26/02/2014 501904 |  (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe  =>PUP.WpManager

SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/08/2009 203264 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 04/05/2011 24645 |  (Apache_Infoserv) . (.Apache Software Foundation.) - C:\Infoserv\Apache2\bin\apache.exe
SR - | Auto 12/10/2013 214512 |  (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 23/09/2010 67584 |  (cbVSCService) . (.CobianSoft, Luis Cobian.) - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
SR - | Auto 06/12/2010 164008 |  (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 08/04/2014 37920 |  (LPTSystemUpdater) . (...) - C:\Program Files (x86)\LPT\srpts.exe  =>Adware.Incredibar
SR - | Auto 14/04/2010 1052328 |  (lxea_device) . (...) - C:\Windows\system32\lxeacoms.exe
SR - | Auto 22/03/2012 166528 |  (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 18/04/2014 350496 |  (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe  =>PUP.RightSurf
SR - | Auto 04/09/2009 116224 |  (WDDMService.exe) . (.WDC.) - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
SR - | Auto 16/06/2009 20480 |  (WDSmartWareBackgroundService) . (.Memeo.) - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/02/2014 425104 |  (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (19/04/2014)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 12
Dossiers trouvés  (Folders found) : 15
Fichiers trouvés  (Files found) : 11

[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo]   =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc]   =>Toolbar.iPumper^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo]   =>PUP.ExtendedProtection^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]   =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B805E37-6319-485E-92E2-A6E8DB73EE9E}]   =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A61C899F-1166-4586-BE97-3226EA8872FC}]   =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\BBSvc]   =>Toolbar.Bing^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService]   =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater]   =>Adware.Incredibar^
[HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf]   =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf]   =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm]   =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseMark]   =>PUP.BrowseMark^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins]   =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}]   =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer]   =>PUP.VAFPlayer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\407e23f0-1879-41be-ac02-198a55ce6751]   =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SupTab]   =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_77_is1]   =>PUP.FreeSoftToday^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}]   =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}]   =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32]   =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS]   =>Hijacker.SmartBar
[HKCU\Software\Tutorials]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo]   =>PUP.Elex
[HKLM\Software\Wow6432Node\delta-homesSoftware]   =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]   =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}]   =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_77   =>PUP.FreeSoftToday^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo   =>PUP.Elex^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc   =>Toolbar.iPumper^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo   =>PUP.ExtendedProtection^
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\extensions\quick_start@gmail.com   =>PUP.QuickStart^
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\extensions\{22052eee-6f37-7664-68b7-b45edc6f60f9}   =>Hijacker.SmartBar^
C:\Program Files (x86)\BrowseMark   =>PUP.BrowseMark^
C:\Program Files (x86)\fst_fr_77   =>PUP.FreeSoftToday^
C:\Program Files (x86)\LPT   =>Adware.Incredibar^
C:\Program Files (x86)\RightSurf   =>PUP.RightSurf^
C:\Program Files (x86)\SupTab   =>PUP.SupTab^
C:\ProgramData\IePluginService   =>Trojan.SProtector^
C:\ProgramData\WPM   =>PUP.WpManager^
C:\Users\S\AppData\Roaming\SupTab   =>PUP.SupTab^
C:\Users\S\AppData\Local\fst_fr_77   =>PUP.FreeSoftToday^
C:\Users\S\AppData\Local\LPT   =>Adware.Incredibar^
C:\Program Files (x86)\LPT\srpts.exe   =>Adware.Incredibar^
C:\Program Files (x86)\RightSurf\updateRightSurf.exe   =>PUP.RightSurf^
[HKCU\Software\BrowseMark]   =>PUP.BrowseMark^
[HKCU\Software\RightSurf]   =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\BrowseMark]   =>PUP.BrowseMark^
[HKLM\Software\Wow6432Node\RightSurf]   =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\Wpm]   =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab]   =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM]   =>PUP.WpManager^
C:\Windows\Installer\141648d1.msi   =>Hijacker.SmartBar^
C:\Windows\Installer\141648d8.msi   =>Adware.IncrediBar^
~ Additionnel Scan: 317761 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar  =>Adware.Incredibar
http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf  =>PUP.RightSurf
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch  =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex  =>PUP.Elex
http://nicolascoolman.webs.com/apps/blog/show/30840517-toolbar-ipumper  =>Toolbar.iPumper
http://nicolascoolman.webs.com/apps/blog/show/41817737-pup-extendedprotection  =>PUP.ExtendedProtection
http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi  =>Parasite.Pugi
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart  =>PUP.QuickStart
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar  =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp  =>PUP.Awesomehp
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab  =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/36657231-pup-remarkit  =>PUP.ReMarkIt
http://nicolascoolman.webs.com/apps/blog/show/30392620-pup-vafplayer  =>PUP.VAFPlayer
http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector  =>Trojan.SProtector
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager  =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch  =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/42099886-pup-browsemark  =>PUP.BrowseMark
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore  =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive  =>AgenceExclusive
http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser  =>Hijacker.Browsers
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup  =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq  =>Adware.DomaIQ
http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution  =>Hijacker.BabSolution
http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop  =>Adware.Lollipop
http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade   =>PUP.RewardsArcade
http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software  =>PUP.V9Software
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma  =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro  =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider  =>PUP.CrossRider
~ MSI: 29 link(s) detected in 00mn 00s



~ 1207 Legitimates filtered by white list
End of the scan (718 lines in 01mn 56s)(0)