Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.4.19.35 - Nicolas Coolman (19/04/2014)
~ Lancé par S (19/04/2014 20:13:37)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v28.0.1500.72
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : JXRM3
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Kaspersky Internet Security v14.0.0.4651
Spybot - Search & Destroy v2.1.19
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v3.07 =>.Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8091 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 31 GB (31%) free of 98 GB
---\\ Mode de connexion au système
~ Computer Name: S-PC
~ User Name: S
~ All Users Names: S, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\S\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\S\AppData\Roaming\
~ %Desktop% : C:\Users\S\Desktop\
~ %Favorites% : C:\Users\S\Favorites\
~ %LocalAppData% : C:\Users\S\AppData\Local\
~ %StartMenu% : C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 196 Go of 200 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 1 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 24 Go of 465 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/332
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/118
~ Mes Documents (My Documents) : 1/44
~ Mon Bureau (My Desktop) : 1/1883
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.9E9754B5687AC2021A666E355F37F8A9] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3921432] [PID.2264]
[MD5.B96D82EA7BC9A842028559968E9570D4] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [1004864] [PID.4192]
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.1528]
[MD5.AD1397AEEC8AFB56BFF9A9BEBE5B963D] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\DyMnm.exe [778240] [PID.9828]
[MD5.119DD160AF6701632CA8C905CB598661] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\QBLink\QBLink.exe [2550048] [PID.7736]
[MD5.874CC731DE6D47A80055080DB739DC5B] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYSEM_TNOPENG.exe [520536] [PID.9892]
[MD5.6E68B4D23B998634492B640BE8EEB2E6] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYPRMC_ALB_IT.exe [82264] [PID.3320]
[MD5.8EE50C2898A96FAF139726F2AC1EC83E] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DyMEMO_TNOPENG.exe [258392] [PID.10236]
[MD5.94E52CDF993A2380D74C9DEDE93C808B] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\QBSPOOLER.exe [334112] [PID.9496]
[MD5.A1F8B58F1EC431485F8377A273E02223] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.12244]
[MD5.54CEC2F353ADA568B06FB88500390AA7] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\A50301.exe [7745536] [PID.35432]
[MD5.FE09E538D3985EF52D865B7DF0A2701C] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DyParent_TNOPNFR.exe [29016] [PID.35544]
[MD5.29DA1595A76752A044893F4472464F9E] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYCDM_TNOPENG.exe [29016] [PID.35792]
[MD5.E6AC6CA5C72059EEB742C7DE0034C7AB] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtbws.exe [302784] [PID.28588]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.34368]
[MD5.4C820B50704EB1B259E63672EC55B122] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe [138944] [PID.7228]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.34496]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.15304]
[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288] [PID.1764]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHP\ZHPDiag\ZHPDiag.exe [8219648] [PID.6272]
[MD5.8F9D8732840C374D1C5EAF9E1645F4AC] - (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104] [PID.1484]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1920]
[MD5.8750B3454AF73568BE6203047A08F560] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Infoserv\Apache2\bin\apache.exe [24645] [PID.1956]
[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512] [PID.1476]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.2920]
[MD5.9B7B8F61A11A05617DC379D0860E32A5] - (.Pas de propriétaire - srpts.) -- C:\Program Files (x86)\LPT\srpts.exe [37920] [PID.500] =>Adware.Incredibar
[MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408] [PID.3232]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944] [PID.4364]
[MD5.1A4EC186A245B0D66321753B48181FE0] - (...) -- C:\Program Files (x86)\RightSurf\updateRightSurf.exe [350496] [PID.4568] =>PUP.RightSurf
[MD5.59DCE6783F9ED27EB72C81466E363BF8] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528] [PID.5048]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.delta-homes.com =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.8.9, (Activé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.14.0.0.4917 (Désactivé)
G2 - GCE: Preference [User Data\Default] [kekfoodhbhpjhjcdecjngamojfhknooc] SharaGet download helper v.1.0 (Désactivé) =>Toolbar.iPumper
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.1.4.1 (Activé) =>PUP.ExtendedProtection
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 22 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\prefs.js
M3 - MFPP: Plugins - [S] -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\searchplugins\Web Search.xml =>Parasite.Pugi
M2 - MFEP: prefs.js [S - dbw1j4j0.default\quick_start@gmail.com] [] Quick Start v5.0.2 (..) =>PUP.QuickStart
M2 - MFEP: prefs.js [S - dbw1j4j0.default\{22052eee-6f37-7664-68b7-b45edc6f60f9}] [] Snap.Do v1.2.1 (..) =>Hijacker.SmartBar
~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com =>Hijacker.SmartBar
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: Re-markit [64Bits] - {4b805e37-6319-485e-92e2-a6e8db73ee9e} . (...) -- C:\Program Files (x86)\Re-markit\150.dll (.not file.) =>PUP.ReMarkIt
O2 - BHO: RightSurf [64Bits] - {a61c899f-1166-4586-be97-3226ea8872fc} . (.RightSurf - RightSurf.) -- C:\Program Files (x86)\RightSurf\RightSurfBHO.dll =>PUP.RightSurf
~ BHO: 14 Legitimates Filtered in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de consommables - HP Officejet Pro 8600.lnk . (...) -- C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\hpqDTSS.exe (.not file.) =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Documentation HOP 060300.lnk . (...) -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_ 06.03.00.pdf
O4 - GS\Desktop [Public]: Documentation HOP 060500.lnk . (...) -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_06.05.00.pdf
O4 - GS\Desktop [Public]: Documentation HOP 070100.lnk . (...) -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_07.01.00.pdf
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: HOP2000.lnk . (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\TnMNM.exe
O4 - GS\Desktop [Public]: HP Officejet Pro 8600.lnk . (...) -- C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (.not file.) =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [Public]: Launch Configuration Application.lnk . (.Alcatel-Lucent - appliconf MFC Application.) -- C:\Program Files (x86)\Alcatel\OHL Driver\appliconf.exe
O4 - GS\Desktop [Public]: LayOut 3.lnk . (.Trimble Navigation Limited - LayOut.) -- C:\Program Files (x86)\Google\Google SketchUp 8\LayOut\LayOut.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: NewPlayer.lnk . (.Tuguu SL - NewPlayer.) -- C:\Program Files (x86)\NewPlayer\NewPlayer.exe =>PUP.VAFPlayer
O4 - GS\Desktop [Public]: OMC 800 22.1a.lnk . (.Alcatel-Lucent - Configuration program for OmniPCX Office.) -- C:\Program Files (x86)\PCXTools\OMC\R800_22.1a\bin\omc.exe
O4 - GS\Desktop [Public]: SketchUp 8.lnk . (.Trimble Navigation Limited - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Desktop [Public]: Style Builder 2.lnk . (.Trimble Navigation Limited - Style Builder.) -- C:\Program Files (x86)\Google\Google SketchUp 8\Style Builder\Style Builder.exe
O4 - GS\Desktop [Public]: Téléchargement mise à jour HOP.lnk . (.Dylog SAM - Pas de description.) -- C:\Program Files (x86)\TnOpenG\HopDylogUpdate.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [S]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [S]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [S]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [S]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [S]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [S]: Search.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\SystemTools [S]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [S]: BELLA VISTA - Raccourci.lnk . (...) -- D:\BELLA VISTA
O4 - GS\Desktop [S]: GoPro CineForm Studio.lnk . (.Microsoft - GoProImport.) -- C:\Program Files (x86)\GoPro\Tools\GoPro CineForm Studio.exe
O4 - GS\Desktop [S]: Hugin.lnk . (...) -- C:\Program Files (x86)\Hugin\bin\hugin.exe
O4 - GS\Desktop [S]: My DAP Downloads.lnk . (...) -- C:\Users\S\Desktop
O4 - GS\Desktop [S]: OS (D) - data.lnk . (...) -- D:\
O4 - GS\Desktop [S]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [S]: RecentPlaces.lnk - Clé orpheline
~ Global Startup: 92 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: CineForm Status.lnk . (.GoPro - GoPro/CineForm Status Viewer.) -- C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
O4 - GS\Startup [Public]: Logiciel d'impression Marketsplash.lnk . (.Hewlett-Packard Company - HPLocalWebPrintAgent.) -- C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
O4 - GS\Startup [Public]: WDDMStatus.lnk . (...) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (.not file.)
O4 - GS\Startup [Public]: WDSmartWare.lnk . (.Western Digital - WD SmartWare.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - GS\Startup [S]: Alertes de surveillance de l'encre - HP Officejet Pro 8600 (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_77] . (...) -- C:\Program Files (x86)\fst_fr_77\fst_fr_77.exe =>PUP.FreeSoftToday
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BingBar Service (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (.not file.) =>Toolbar.Bing
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.not file.)
O23 - Service: LPT System Updater Service (LPTSystemUpdater) . (.Pas de propriétaire - srpts.) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar
O23 - Service: Office Link Driver Service (OHL Driver Service) . (...) - C:\Program Files (x86)\Alcatel\OHL Driver\OHLService.exe (.not file.)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Update RightSurf (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf
O23 - Service: Util RightSurf (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
~ Services: 20 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\USerS\S\AppData\Local\FileSFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [{205A3558-CBF0-4F4B-AEE6-1D62CD59B9B4}] (...) -- E:\setup\install.exe (.not file.) [0]
[MD5.8CFF20A62EFADF9860B0CEEE960975A0] [APT] [{50D6FE7D-4673-45EF-934A-0F3B83DE2A32}] (...) -- D:\exec\OOo_3.2.1_Win_x86_install-wJRE_fr.exe [149664176]
[MD5.102D9B33314A3E1C7D8C6BD631435C81] [APT] [{54333B19-5103-4499-A171-1F79A76837E3}] (...) -- C:\USerS\S\AppData\Roaming\iPumper\ipumperinSt.exe [3613128]
[MD5.99A1BB08EB7CABD85F18E2F07EE0CA68] [APT] [{9F152ED3-A199-4C10-AF91-D32D6CEB3F98}] (...) -- C:\Windows\uninstallivw.exe [1457664]
[MD5.00000000000000000000000000000000] [APT] [{C2B748E3-979D-4E20-86D6-76959DD3B2A3}] (...) -- E:\autorun.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s
---\\ Logiciels installés (O42)
O42 - Logiciel: BrowseMark - (.BrowseMark.) [HKLM][64Bits] -- BrowseMark =>PUP.BrowseMark
O42 - Logiciel: DECEMBRE 2013 - (.DYlog SAM.) [HKLM][64Bits] -- {99A679F4-9C64-4EBF-BF74-680E3571BD5E}
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM][64Bits] -- Download Accelerator Plus (DAP)
O42 - Logiciel: HOP2000 Update 06.03.00 MARS 2011 - (.DYlog SAM.) [HKLM][64Bits] -- {B113B412-397D-45A8-B03B-8AB9D2EBBF46}
O42 - Logiciel: HOP2000_06.03.00 - (.Dylog.) [HKLM][64Bits] -- {E91D27D0-206C-4D9D-AA9B-A0998A0C2C7F}
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.SProtector
O42 - Logiciel: LPT System Updater Service - (.LPT.) [HKLM][64Bits] -- {BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} =>Adware.IncrediBar
O42 - Logiciel: NewPlayer - (.TUGUU SL.) [HKLM][64Bits] -- NewPlayer =>PUP.VAFPlayer
O42 - Logiciel: Re-markit - (.Re-markit Software.) [HKLM][64Bits] -- 407e23f0-1879-41be-ac02-198a55ce6751 =>PUP.ReMarkIt
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab =>PUP.SupTab
O42 - Logiciel: fst_fr_77 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_77_is1 =>PUP.FreeSoftToday
~ Logic: 33 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BrowseMark] =>PUP.BrowseMark
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\RightSurf] =>PUP.RightSurf
[HKCU\Software\Tutorials] =>AgenceExclusive
[HKCU\Software\card]
[HKCU\Software\iCare_Free]
[HKLM\Software\Wow6432Node\BrowseMark] =>PUP.BrowseMark
[HKLM\Software\Wow6432Node\MLDTMGR]
[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 333 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/04/2014 - 11:01:42 - [] ----D C:\Program Files (x86)\BrowseMark =>PUP.BrowseMark
O43 - CFD: 04/02/2014 - 14:48:24 - [] ----D C:\Program Files (x86)\fst_fr_77 =>PUP.FreeSoftToday
O43 - CFD: 18/04/2014 - 13:06:10 - [] ----D C:\Program Files (x86)\LPT =>Adware.Incredibar
O43 - CFD: 04/02/2014 - 14:49:16 - [] ----D C:\Program Files (x86)\NewPlayer
O43 - CFD: 27/02/2014 - 18:48:31 - [] ----D C:\Program Files (x86)\RightSurf =>PUP.RightSurf
O43 - CFD: 11/04/2014 - 08:40:40 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 18/04/2014 - 14:57:25 - [] ----D C:\Program Files (x86)\TnOpenG
O43 - CFD: 04/02/2014 - 14:50:14 - [] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 10/09/2010 - 09:35:35 - [] ----D C:\Program Files (x86)\Common Files\CRXl_Temp
O43 - CFD: 10/09/2010 - 09:34:18 - [] ----D C:\Program Files (x86)\Common Files\DAO350
O43 - CFD: 10/09/2010 - 09:34:18 - [] ----D C:\Program Files (x86)\Common Files\DAO360
O43 - CFD: 18/04/2014 - 14:57:37 - [] ----D C:\Program Files (x86)\Common Files\OleSVR
O43 - CFD: 11/04/2014 - 08:40:39 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 26/02/2014 - 19:18:25 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 18/04/2014 - 11:01:49 - [] ----D C:\Users\S\AppData\Roaming\0V1L2Z2Z1T1I1L1T
O43 - CFD: 26/02/2014 - 19:19:07 - [] ----D C:\Users\S\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 15/02/2014 - 20:40:19 - [] ----D C:\Users\S\AppData\Local\fst_fr_77 =>PUP.FreeSoftToday
O43 - CFD: 18/04/2014 - 12:05:19 - [] ----D C:\Users\S\AppData\Local\LPT =>Adware.Incredibar
O43 - CFD: 04/02/2014 - 14:49:23 - [] ----D C:\Users\S\AppData\Local\newplayer
O43 - CFD: 04/05/2011 - 12:43:16 - [] ----D C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infoserv
~ Program Folder: 209 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B02E3A4A369A8775FE9E769087F9B07A] - 18/04/2014 - 13:57:27 ---A- . (...) -- C:\LogUpdateHopAdo.txt [49374]
O44 - LFC:[MD5.627FF2D02F0C7B1F42E7158958BAAC5C] - 18/04/2014 - 15:06:46 ---A- . (...) -- C:\Windows\wininit.ini [2378]
~ Files: 22 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.766F689564BC30E5A91F8621CE65AD68] - 05/03/2007 - 09:55:48 ---A- . (.EyePower Games Pte. Ltd. - Advanced Video FX Filter Driver (x64).) -- C:\Windows\System32\Drivers\OEM07Vfx.sys [12288]
O58 - SDL:[MD5.E31960692CBB3A8BCDF300BC1D889E1F] - 19/03/2007 - 11:09:36 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmpx64.sys [55808]
O58 - SDL:[MD5.82356915157AB59064A24993AE5BE8AA] - 27/02/2007 - 15:10:38 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspx64.sys [53760]
O58 - SDL:[MD5.C01A92A546854A3E34103B642F0F94A1] - 26/03/2007 - 18:48:24 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [55808]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 03s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.delta-homes.com =>Hijacker.Browsers
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.delta-homes.com =>Toolbar.DeltaSearch
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.SmartbarDisabled", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageCapacity", 3); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageCounter", 0); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageDay", 18); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageLastEvent", "1397642755953"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageMinInterval", 15); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.barcodeid", "126634"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.countryiso", "fr"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.downloadprovider", "somotoch"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"Http[...] =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.fromautoupdate", "false"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.installationid", "22052eee-6f37-7664-68b7-b45edc6f60f9"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.installdate", "18/04/2014"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.keepAliveLastevent", "1397815556"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1397930590025"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.publisher", "somoto"); =>PUP.HelperBar
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C9B89BA9B23CFB6E319A984493B0F9D7] [SPRF][07/06/2011] (...) -- C:\Users\S\Desktop\dap96.exe [12956872]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C89BA091-DCE9-46A0-A353-02D71D12AB9E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SnugTV\SnugTV Station\ConfigWizard.exe (.not file.)
O87 - FAEL: "{9333CE4A-4B03-4DD4-8D80-934DB550A144}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SnugTV\SnugTV Station\ConfigWizard.exe (.not file.)
O87 - FAEL: "TCP Query User{5EAE40A6-6488-464E-81A0-3B0185F3ACC2}C:\infoserv\infoserv.exe" | In - Public - P6 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "UDP Query User{44D6FA5C-B94F-4DBE-8D2F-A6BBFC0BDB6F}C:\infoserv\infoserv.exe" | In - Public - P17 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "TCP Query User{7E43C9FD-3179-423D-966C-1AAD962F6DE9}C:\infoserv\infoserv.exe" | In - Private - P6 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "UDP Query User{EA534685-6EA7-4579-9862-8FF70B7C027F}C:\infoserv\infoserv.exe" | In - Private - P17 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "{DC3B8DF2-67D6-4797-A7F8-3108B19A32E1}" |In - Private - P6 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS04C4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{39302104-5600-43D3-8B4D-A1D37F2A859E}" |In - Private - P17 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS04C4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{7216685A-8633-4DCA-94D4-62EE8EF7A32B}" |In - Private - P6 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS5EA9\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{A11F40AE-E83A-4AD7-859A-C3D1377E72FA}" |In - Private - P17 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS5EA9\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 231 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "008994F1F8081704484B265069060E65" . (.PCXTools OMC 800 22.1a.) -- C:\Windows\Installer\{1F499800-808F-4071-84B4-62059660E056}\ArpProductIcon
O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "C89768CF90B26814BBEFE77173BE7879" . (.OHL Driver.) -- C:\Windows\Installer\{FC86798C-2B09-4186-BBFE-7E1737EB8797}\ARPPRODUCTICON.exe
O90 - PUC: "D1BA600022B9FD34D841E6DB81ED4DEE" . (..) -- C:\Windows\Installer\{0006AB1D-9B22-43DF-8D14-6EBD18DED4EE}\ARPPRODUCTICON.exe
~ Update Products: 74 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.09D232ED38DC5023D3E61A6B890144EC] [WIS][18/04/2014] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\141648d1.msi [10108928] =>Hijacker.SmartBar
[MD5.0018C0854FB76747B5FCECD34856186D] [WIS][08/04/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\141648d8.msi [1892352] =>Adware.IncrediBar
[MD5.41B7BC792AC8BB1C9BE06D62FAC2A718] [WIS][08/12/2012] (.Trimble Navigation Limited - SketchUp Pro 8 Installer.) -- C:\Windows\Installer\15cfefdd.msi [80236544]
~ WIS: 80 Legitimates Filtered in 00mn 13s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BI_RunOnce_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BI_RunOnce_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_C8CBFED7F00D3A8C_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_C8CBFED7F00D3A8C_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASMANCS =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\supreme savings-bg_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\supreme savings-bg_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Supreme Savings_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Supreme Savings_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASMANCS =>PUP.VAFPlayer
~ BTK: 384 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 10/02/2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe =>Toolbar.Bing
SS - | Auto 02/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/09/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SS - | Auto 10/07/1658 0 | (LMS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 13/08/2010 259440 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SS - | Demand 19/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (OHL Driver Service) . (...) - C:\Program Files (x86)\Alcatel\OHL Driver\OHLService.exe
SS - | Auto 04/07/2012 1188896 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Auto 04/07/2012 1395736 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 08/12/2010 63488 | (ServiceOMC) . (.Alcatel-Lucent.) - C:\Windows\SysWOW64\ServiceOMC.exe
SS - | Auto 10/07/1658 0 | (TeamViewer5) . (...) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Auto 10/07/1658 0 | (UNS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Auto 18/04/2014 350496 | (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf
SS - | Auto 26/02/2014 501904 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 04/05/2011 24645 | (Apache_Infoserv) . (.Apache Software Foundation.) - C:\Infoserv\Apache2\bin\apache.exe
SR - | Auto 12/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 23/09/2010 67584 | (cbVSCService) . (.CobianSoft, Luis Cobian.) - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
SR - | Auto 06/12/2010 164008 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 08/04/2014 37920 | (LPTSystemUpdater) . (...) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar
SR - | Auto 14/04/2010 1052328 | (lxea_device) . (...) - C:\Windows\system32\lxeacoms.exe
SR - | Auto 22/03/2012 166528 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 18/04/2014 350496 | (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf
SR - | Auto 04/09/2009 116224 | (WDDMService.exe) . (.WDC.) - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
SR - | Auto 16/06/2009 20480 | (WDSmartWareBackgroundService) . (.Memeo.) - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/02/2014 425104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13044 - (19/04/2014)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 15
Fichiers trouvés (Files found) : 11
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc] =>Toolbar.iPumper^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo] =>PUP.ExtendedProtection^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B805E37-6319-485E-92E2-A6E8DB73EE9E}] =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A61C899F-1166-4586-BE97-3226EA8872FC}] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\BBSvc] =>Toolbar.Bing^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater] =>Adware.Incredibar^
[HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseMark] =>PUP.BrowseMark^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer] =>PUP.VAFPlayer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\407e23f0-1879-41be-ac02-198a55ce6751] =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SupTab] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_77_is1] =>PUP.FreeSoftToday^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_77 =>PUP.FreeSoftToday^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc =>Toolbar.iPumper^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo =>PUP.ExtendedProtection^
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\extensions\quick_start@gmail.com =>PUP.QuickStart^
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\extensions\{22052eee-6f37-7664-68b7-b45edc6f60f9} =>Hijacker.SmartBar^
C:\Program Files (x86)\BrowseMark =>PUP.BrowseMark^
C:\Program Files (x86)\fst_fr_77 =>PUP.FreeSoftToday^
C:\Program Files (x86)\LPT =>Adware.Incredibar^
C:\Program Files (x86)\RightSurf =>PUP.RightSurf^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\S\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\S\AppData\Local\fst_fr_77 =>PUP.FreeSoftToday^
C:\Users\S\AppData\Local\LPT =>Adware.Incredibar^
C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar^
C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf^
[HKCU\Software\BrowseMark] =>PUP.BrowseMark^
[HKCU\Software\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\BrowseMark] =>PUP.BrowseMark^
[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Windows\Installer\141648d1.msi =>Hijacker.SmartBar^
C:\Windows\Installer\141648d8.msi =>Adware.IncrediBar^
~ Additionnel Scan: 317761 Items scanned in 00mn 35s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf =>PUP.RightSurf
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex =>PUP.Elex
http://nicolascoolman.webs.com/apps/blog/show/30840517-toolbar-ipumper =>Toolbar.iPumper
http://nicolascoolman.webs.com/apps/blog/show/41817737-pup-extendedprotection =>PUP.ExtendedProtection
http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi =>Parasite.Pugi
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart =>PUP.QuickStart
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/36657231-pup-remarkit =>PUP.ReMarkIt
http://nicolascoolman.webs.com/apps/blog/show/30392620-pup-vafplayer =>PUP.VAFPlayer
http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/42099886-pup-browsemark =>PUP.BrowseMark
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>AgenceExclusive
http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq =>Adware.DomaIQ
http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 29 link(s) detected in 00mn 00s
~ 1207 Legitimates filtered by white list
End of the scan (718 lines in 01mn 56s)(0)
~ Lancé par S (19/04/2014 20:13:37)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v28.0.1500.72
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : JXRM3
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Kaspersky Internet Security v14.0.0.4651
Spybot - Search & Destroy v2.1.19
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v3.07 =>.Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8091 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 31 GB (31%) free of 98 GB
---\\ Mode de connexion au système
~ Computer Name: S-PC
~ User Name: S
~ All Users Names: S, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\S\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\S\AppData\Roaming\
~ %Desktop% : C:\Users\S\Desktop\
~ %Favorites% : C:\Users\S\Favorites\
~ %LocalAppData% : C:\Users\S\AppData\Local\
~ %StartMenu% : C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 196 Go of 200 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 1 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 24 Go of 465 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/332
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/118
~ Mes Documents (My Documents) : 1/44
~ Mon Bureau (My Desktop) : 1/1883
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.9E9754B5687AC2021A666E355F37F8A9] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3921432] [PID.2264]
[MD5.B96D82EA7BC9A842028559968E9570D4] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [1004864] [PID.4192]
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.1528]
[MD5.AD1397AEEC8AFB56BFF9A9BEBE5B963D] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\DyMnm.exe [778240] [PID.9828]
[MD5.119DD160AF6701632CA8C905CB598661] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\QBLink\QBLink.exe [2550048] [PID.7736]
[MD5.874CC731DE6D47A80055080DB739DC5B] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYSEM_TNOPENG.exe [520536] [PID.9892]
[MD5.6E68B4D23B998634492B640BE8EEB2E6] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYPRMC_ALB_IT.exe [82264] [PID.3320]
[MD5.8EE50C2898A96FAF139726F2AC1EC83E] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DyMEMO_TNOPENG.exe [258392] [PID.10236]
[MD5.94E52CDF993A2380D74C9DEDE93C808B] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\QBSPOOLER.exe [334112] [PID.9496]
[MD5.A1F8B58F1EC431485F8377A273E02223] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.12244]
[MD5.54CEC2F353ADA568B06FB88500390AA7] - (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\A50301.exe [7745536] [PID.35432]
[MD5.FE09E538D3985EF52D865B7DF0A2701C] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DyParent_TNOPNFR.exe [29016] [PID.35544]
[MD5.29DA1595A76752A044893F4472464F9E] - (.Dylog Italia SpA - Pas de description.) -- C:\Program Files (x86)\Common Files\OleSVR\DYCDM_TNOPENG.exe [29016] [PID.35792]
[MD5.E6AC6CA5C72059EEB742C7DE0034C7AB] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtbws.exe [302784] [PID.28588]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.34368]
[MD5.4C820B50704EB1B259E63672EC55B122] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe [138944] [PID.7228]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.34496]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.15304]
[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288] [PID.1764]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHP\ZHPDiag\ZHPDiag.exe [8219648] [PID.6272]
[MD5.8F9D8732840C374D1C5EAF9E1645F4AC] - (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104] [PID.1484]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1920]
[MD5.8750B3454AF73568BE6203047A08F560] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Infoserv\Apache2\bin\apache.exe [24645] [PID.1956]
[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512] [PID.1476]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.2920]
[MD5.9B7B8F61A11A05617DC379D0860E32A5] - (.Pas de propriétaire - srpts.) -- C:\Program Files (x86)\LPT\srpts.exe [37920] [PID.500] =>Adware.Incredibar
[MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408] [PID.3232]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944] [PID.4364]
[MD5.1A4EC186A245B0D66321753B48181FE0] - (...) -- C:\Program Files (x86)\RightSurf\updateRightSurf.exe [350496] [PID.4568] =>PUP.RightSurf
[MD5.59DCE6783F9ED27EB72C81466E363BF8] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528] [PID.5048]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.delta-homes.com =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (Désactivé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.8.9, (Activé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.14.0.0.4917 (Désactivé)
G2 - GCE: Preference [User Data\Default] [kekfoodhbhpjhjcdecjngamojfhknooc] SharaGet download helper v.1.0 (Désactivé) =>Toolbar.iPumper
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.1.4.1 (Activé) =>PUP.ExtendedProtection
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 22 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\prefs.js
M3 - MFPP: Plugins - [S] -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\searchplugins\Web Search.xml =>Parasite.Pugi
M2 - MFEP: prefs.js [S - dbw1j4j0.default\quick_start@gmail.com] [] Quick Start v5.0.2 (..) =>PUP.QuickStart
M2 - MFEP: prefs.js [S - dbw1j4j0.default\{22052eee-6f37-7664-68b7-b45edc6f60f9}] [] Snap.Do v1.2.1 (..) =>Hijacker.SmartBar
~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com =>Hijacker.SmartBar
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: Re-markit [64Bits] - {4b805e37-6319-485e-92e2-a6e8db73ee9e} . (...) -- C:\Program Files (x86)\Re-markit\150.dll (.not file.) =>PUP.ReMarkIt
O2 - BHO: RightSurf [64Bits] - {a61c899f-1166-4586-be97-3226ea8872fc} . (.RightSurf - RightSurf.) -- C:\Program Files (x86)\RightSurf\RightSurfBHO.dll =>PUP.RightSurf
~ BHO: 14 Legitimates Filtered in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de consommables - HP Officejet Pro 8600.lnk . (...) -- C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\hpqDTSS.exe (.not file.) =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Documentation HOP 060300.lnk . (...) -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_ 06.03.00.pdf
O4 - GS\Desktop [Public]: Documentation HOP 060500.lnk . (...) -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_06.05.00.pdf
O4 - GS\Desktop [Public]: Documentation HOP 070100.lnk . (...) -- C:\Program Files (x86)\TnOpenG\utility\docupdate\DOC_07.01.00.pdf
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: HOP2000.lnk . (.Dylog Italia S.p.A. - Pas de description.) -- C:\Program Files (x86)\TnOpenG\TnMNM.exe
O4 - GS\Desktop [Public]: HP Officejet Pro 8600.lnk . (...) -- C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (.not file.) =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [Public]: Launch Configuration Application.lnk . (.Alcatel-Lucent - appliconf MFC Application.) -- C:\Program Files (x86)\Alcatel\OHL Driver\appliconf.exe
O4 - GS\Desktop [Public]: LayOut 3.lnk . (.Trimble Navigation Limited - LayOut.) -- C:\Program Files (x86)\Google\Google SketchUp 8\LayOut\LayOut.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: NewPlayer.lnk . (.Tuguu SL - NewPlayer.) -- C:\Program Files (x86)\NewPlayer\NewPlayer.exe =>PUP.VAFPlayer
O4 - GS\Desktop [Public]: OMC 800 22.1a.lnk . (.Alcatel-Lucent - Configuration program for OmniPCX Office.) -- C:\Program Files (x86)\PCXTools\OMC\R800_22.1a\bin\omc.exe
O4 - GS\Desktop [Public]: SketchUp 8.lnk . (.Trimble Navigation Limited - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Desktop [Public]: Style Builder 2.lnk . (.Trimble Navigation Limited - Style Builder.) -- C:\Program Files (x86)\Google\Google SketchUp 8\Style Builder\Style Builder.exe
O4 - GS\Desktop [Public]: Téléchargement mise à jour HOP.lnk . (.Dylog SAM - Pas de description.) -- C:\Program Files (x86)\TnOpenG\HopDylogUpdate.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [S]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [S]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [S]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [S]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [S]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [S]: Search.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\SystemTools [S]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [S]: BELLA VISTA - Raccourci.lnk . (...) -- D:\BELLA VISTA
O4 - GS\Desktop [S]: GoPro CineForm Studio.lnk . (.Microsoft - GoProImport.) -- C:\Program Files (x86)\GoPro\Tools\GoPro CineForm Studio.exe
O4 - GS\Desktop [S]: Hugin.lnk . (...) -- C:\Program Files (x86)\Hugin\bin\hugin.exe
O4 - GS\Desktop [S]: My DAP Downloads.lnk . (...) -- C:\Users\S\Desktop
O4 - GS\Desktop [S]: OS (D) - data.lnk . (...) -- D:\
O4 - GS\Desktop [S]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [S]: RecentPlaces.lnk - Clé orpheline
~ Global Startup: 92 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: CineForm Status.lnk . (.GoPro - GoPro/CineForm Status Viewer.) -- C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
O4 - GS\Startup [Public]: Logiciel d'impression Marketsplash.lnk . (.Hewlett-Packard Company - HPLocalWebPrintAgent.) -- C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
O4 - GS\Startup [Public]: WDDMStatus.lnk . (...) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (.not file.)
O4 - GS\Startup [Public]: WDSmartWare.lnk . (.Western Digital - WD SmartWare.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - GS\Startup [S]: Alertes de surveillance de l'encre - HP Officejet Pro 8600 (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_77] . (...) -- C:\Program Files (x86)\fst_fr_77\fst_fr_77.exe =>PUP.FreeSoftToday
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [HP Officejet Pro 8600 (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-3316868416-398408853-2324796046-1000\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DA0187-7858-41D6-8D30-9853CB7E6698}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12177190-D1F0-4A51-9AB9-2D3E42F288D0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{962A0A36-1579-4380-8415-DC424CCA1350}: DhcpNameServer = 80.10.246.2 80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BingBar Service (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (.not file.) =>Toolbar.Bing
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.not file.)
O23 - Service: LPT System Updater Service (LPTSystemUpdater) . (.Pas de propriétaire - srpts.) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar
O23 - Service: Office Link Driver Service (OHL Driver Service) . (...) - C:\Program Files (x86)\Alcatel\OHL Driver\OHLService.exe (.not file.)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Update RightSurf (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf
O23 - Service: Util RightSurf (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
~ Services: 20 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\USerS\S\AppData\Local\FileSFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [{205A3558-CBF0-4F4B-AEE6-1D62CD59B9B4}] (...) -- E:\setup\install.exe (.not file.) [0]
[MD5.8CFF20A62EFADF9860B0CEEE960975A0] [APT] [{50D6FE7D-4673-45EF-934A-0F3B83DE2A32}] (...) -- D:\exec\OOo_3.2.1_Win_x86_install-wJRE_fr.exe [149664176]
[MD5.102D9B33314A3E1C7D8C6BD631435C81] [APT] [{54333B19-5103-4499-A171-1F79A76837E3}] (...) -- C:\USerS\S\AppData\Roaming\iPumper\ipumperinSt.exe [3613128]
[MD5.99A1BB08EB7CABD85F18E2F07EE0CA68] [APT] [{9F152ED3-A199-4C10-AF91-D32D6CEB3F98}] (...) -- C:\Windows\uninstallivw.exe [1457664]
[MD5.00000000000000000000000000000000] [APT] [{C2B748E3-979D-4E20-86D6-76959DD3B2A3}] (...) -- E:\autorun.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s
---\\ Logiciels installés (O42)
O42 - Logiciel: BrowseMark - (.BrowseMark.) [HKLM][64Bits] -- BrowseMark =>PUP.BrowseMark
O42 - Logiciel: DECEMBRE 2013 - (.DYlog SAM.) [HKLM][64Bits] -- {99A679F4-9C64-4EBF-BF74-680E3571BD5E}
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM][64Bits] -- Download Accelerator Plus (DAP)
O42 - Logiciel: HOP2000 Update 06.03.00 MARS 2011 - (.DYlog SAM.) [HKLM][64Bits] -- {B113B412-397D-45A8-B03B-8AB9D2EBBF46}
O42 - Logiciel: HOP2000_06.03.00 - (.Dylog.) [HKLM][64Bits] -- {E91D27D0-206C-4D9D-AA9B-A0998A0C2C7F}
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.SProtector
O42 - Logiciel: LPT System Updater Service - (.LPT.) [HKLM][64Bits] -- {BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} =>Adware.IncrediBar
O42 - Logiciel: NewPlayer - (.TUGUU SL.) [HKLM][64Bits] -- NewPlayer =>PUP.VAFPlayer
O42 - Logiciel: Re-markit - (.Re-markit Software.) [HKLM][64Bits] -- 407e23f0-1879-41be-ac02-198a55ce6751 =>PUP.ReMarkIt
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab =>PUP.SupTab
O42 - Logiciel: fst_fr_77 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_77_is1 =>PUP.FreeSoftToday
~ Logic: 33 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BrowseMark] =>PUP.BrowseMark
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\RightSurf] =>PUP.RightSurf
[HKCU\Software\Tutorials] =>AgenceExclusive
[HKCU\Software\card]
[HKCU\Software\iCare_Free]
[HKLM\Software\Wow6432Node\BrowseMark] =>PUP.BrowseMark
[HKLM\Software\Wow6432Node\MLDTMGR]
[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 333 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/04/2014 - 11:01:42 - [] ----D C:\Program Files (x86)\BrowseMark =>PUP.BrowseMark
O43 - CFD: 04/02/2014 - 14:48:24 - [] ----D C:\Program Files (x86)\fst_fr_77 =>PUP.FreeSoftToday
O43 - CFD: 18/04/2014 - 13:06:10 - [] ----D C:\Program Files (x86)\LPT =>Adware.Incredibar
O43 - CFD: 04/02/2014 - 14:49:16 - [] ----D C:\Program Files (x86)\NewPlayer
O43 - CFD: 27/02/2014 - 18:48:31 - [] ----D C:\Program Files (x86)\RightSurf =>PUP.RightSurf
O43 - CFD: 11/04/2014 - 08:40:40 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 18/04/2014 - 14:57:25 - [] ----D C:\Program Files (x86)\TnOpenG
O43 - CFD: 04/02/2014 - 14:50:14 - [] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 10/09/2010 - 09:35:35 - [] ----D C:\Program Files (x86)\Common Files\CRXl_Temp
O43 - CFD: 10/09/2010 - 09:34:18 - [] ----D C:\Program Files (x86)\Common Files\DAO350
O43 - CFD: 10/09/2010 - 09:34:18 - [] ----D C:\Program Files (x86)\Common Files\DAO360
O43 - CFD: 18/04/2014 - 14:57:37 - [] ----D C:\Program Files (x86)\Common Files\OleSVR
O43 - CFD: 11/04/2014 - 08:40:39 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 26/02/2014 - 19:18:25 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 18/04/2014 - 11:01:49 - [] ----D C:\Users\S\AppData\Roaming\0V1L2Z2Z1T1I1L1T
O43 - CFD: 26/02/2014 - 19:19:07 - [] ----D C:\Users\S\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 15/02/2014 - 20:40:19 - [] ----D C:\Users\S\AppData\Local\fst_fr_77 =>PUP.FreeSoftToday
O43 - CFD: 18/04/2014 - 12:05:19 - [] ----D C:\Users\S\AppData\Local\LPT =>Adware.Incredibar
O43 - CFD: 04/02/2014 - 14:49:23 - [] ----D C:\Users\S\AppData\Local\newplayer
O43 - CFD: 04/05/2011 - 12:43:16 - [] ----D C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infoserv
~ Program Folder: 209 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B02E3A4A369A8775FE9E769087F9B07A] - 18/04/2014 - 13:57:27 ---A- . (...) -- C:\LogUpdateHopAdo.txt [49374]
O44 - LFC:[MD5.627FF2D02F0C7B1F42E7158958BAAC5C] - 18/04/2014 - 15:06:46 ---A- . (...) -- C:\Windows\wininit.ini [2378]
~ Files: 22 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.766F689564BC30E5A91F8621CE65AD68] - 05/03/2007 - 09:55:48 ---A- . (.EyePower Games Pte. Ltd. - Advanced Video FX Filter Driver (x64).) -- C:\Windows\System32\Drivers\OEM07Vfx.sys [12288]
O58 - SDL:[MD5.E31960692CBB3A8BCDF300BC1D889E1F] - 19/03/2007 - 11:09:36 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmpx64.sys [55808]
O58 - SDL:[MD5.82356915157AB59064A24993AE5BE8AA] - 27/02/2007 - 15:10:38 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspx64.sys [53760]
O58 - SDL:[MD5.C01A92A546854A3E34103B642F0F94A1] - 26/03/2007 - 18:48:24 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [55808]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 03s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.SmartbarDisabled", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageCapacity", 3); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageCounter", 0); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageDay", 18); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageLastEvent", "1397642755953"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.backPageMinInterval", 15); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.barcodeid", "126634"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.countryiso", "fr"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.downloadprovider", "somotoch"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"Http[...] =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.fromautoupdate", "false"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.installationid", "22052eee-6f37-7664-68b7-b45edc6f60f9"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.installdate", "18/04/2014"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.keepAliveLastevent", "1397815556"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1397930590025"); =>PUP.HelperBar
O69 - SBI: prefs.js [S - dbw1j4j0.default] user_pref("extensions.helperbar.publisher", "somoto"); =>PUP.HelperBar
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C9B89BA9B23CFB6E319A984493B0F9D7] [SPRF][07/06/2011] (...) -- C:\Users\S\Desktop\dap96.exe [12956872]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C89BA091-DCE9-46A0-A353-02D71D12AB9E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SnugTV\SnugTV Station\ConfigWizard.exe (.not file.)
O87 - FAEL: "{9333CE4A-4B03-4DD4-8D80-934DB550A144}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SnugTV\SnugTV Station\ConfigWizard.exe (.not file.)
O87 - FAEL: "TCP Query User{5EAE40A6-6488-464E-81A0-3B0185F3ACC2}C:\infoserv\infoserv.exe" | In - Public - P6 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "UDP Query User{44D6FA5C-B94F-4DBE-8D2F-A6BBFC0BDB6F}C:\infoserv\infoserv.exe" | In - Public - P17 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "TCP Query User{7E43C9FD-3179-423D-966C-1AAD962F6DE9}C:\infoserv\infoserv.exe" | In - Private - P6 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "UDP Query User{EA534685-6EA7-4579-9862-8FF70B7C027F}C:\infoserv\infoserv.exe" | In - Private - P17 - TRUE | .(...) -- C:\infoserv\infoserv.exe
O87 - FAEL: "{DC3B8DF2-67D6-4797-A7F8-3108B19A32E1}" |In - Private - P6 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS04C4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{39302104-5600-43D3-8B4D-A1D37F2A859E}" |In - Private - P17 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS04C4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{7216685A-8633-4DCA-94D4-62EE8EF7A32B}" |In - Private - P6 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS5EA9\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{A11F40AE-E83A-4AD7-859A-C3D1377E72FA}" |In - Private - P17 - TRUE | .(...) -- C:\Users\S\AppData\Local\Temp\7zS5EA9\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 231 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "008994F1F8081704484B265069060E65" . (.PCXTools OMC 800 22.1a.) -- C:\Windows\Installer\{1F499800-808F-4071-84B4-62059660E056}\ArpProductIcon
O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "C89768CF90B26814BBEFE77173BE7879" . (.OHL Driver.) -- C:\Windows\Installer\{FC86798C-2B09-4186-BBFE-7E1737EB8797}\ARPPRODUCTICON.exe
O90 - PUC: "D1BA600022B9FD34D841E6DB81ED4DEE" . (..) -- C:\Windows\Installer\{0006AB1D-9B22-43DF-8D14-6EBD18DED4EE}\ARPPRODUCTICON.exe
~ Update Products: 74 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.09D232ED38DC5023D3E61A6B890144EC] [WIS][18/04/2014] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\141648d1.msi [10108928] =>Hijacker.SmartBar
[MD5.0018C0854FB76747B5FCECD34856186D] [WIS][08/04/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\141648d8.msi [1892352] =>Adware.IncrediBar
[MD5.41B7BC792AC8BB1C9BE06D62FAC2A718] [WIS][08/12/2012] (.Trimble Navigation Limited - SketchUp Pro 8 Installer.) -- C:\Windows\Installer\15cfefdd.msi [80236544]
~ WIS: 80 Legitimates Filtered in 00mn 13s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BI_RunOnce_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BI_RunOnce_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_C8CBFED7F00D3A8C_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_C8CBFED7F00D3A8C_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASMANCS =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\supreme savings-bg_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\supreme savings-bg_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Supreme Savings_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Supreme Savings_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASMANCS =>PUP.VAFPlayer
~ BTK: 384 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 10/02/2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe =>Toolbar.Bing
SS - | Auto 02/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/09/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SS - | Auto 10/07/1658 0 | (LMS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 13/08/2010 259440 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SS - | Demand 19/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (OHL Driver Service) . (...) - C:\Program Files (x86)\Alcatel\OHL Driver\OHLService.exe
SS - | Auto 04/07/2012 1188896 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Auto 04/07/2012 1395736 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 08/12/2010 63488 | (ServiceOMC) . (.Alcatel-Lucent.) - C:\Windows\SysWOW64\ServiceOMC.exe
SS - | Auto 10/07/1658 0 | (TeamViewer5) . (...) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Auto 10/07/1658 0 | (UNS) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Auto 18/04/2014 350496 | (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf
SS - | Auto 26/02/2014 501904 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 04/05/2011 24645 | (Apache_Infoserv) . (.Apache Software Foundation.) - C:\Infoserv\Apache2\bin\apache.exe
SR - | Auto 12/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 23/09/2010 67584 | (cbVSCService) . (.CobianSoft, Luis Cobian.) - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
SR - | Auto 06/12/2010 164008 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 08/04/2014 37920 | (LPTSystemUpdater) . (...) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar
SR - | Auto 14/04/2010 1052328 | (lxea_device) . (...) - C:\Windows\system32\lxeacoms.exe
SR - | Auto 22/03/2012 166528 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 18/04/2014 350496 | (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf
SR - | Auto 04/09/2009 116224 | (WDDMService.exe) . (.WDC.) - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
SR - | Auto 16/06/2009 20480 | (WDSmartWareBackgroundService) . (.Memeo.) - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/02/2014 425104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13044 - (19/04/2014)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 15
Fichiers trouvés (Files found) : 11
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc] =>Toolbar.iPumper^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo] =>PUP.ExtendedProtection^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B805E37-6319-485E-92E2-A6E8DB73EE9E}] =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A61C899F-1166-4586-BE97-3226EA8872FC}] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\BBSvc] =>Toolbar.Bing^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater] =>Adware.Incredibar^
[HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseMark] =>PUP.BrowseMark^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer] =>PUP.VAFPlayer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\407e23f0-1879-41be-ac02-198a55ce6751] =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SupTab] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_77_is1] =>PUP.FreeSoftToday^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_77 =>PUP.FreeSoftToday^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc =>Toolbar.iPumper^
C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo =>PUP.ExtendedProtection^
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\extensions\quick_start@gmail.com =>PUP.QuickStart^
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\dbw1j4j0.default\extensions\{22052eee-6f37-7664-68b7-b45edc6f60f9} =>Hijacker.SmartBar^
C:\Program Files (x86)\BrowseMark =>PUP.BrowseMark^
C:\Program Files (x86)\fst_fr_77 =>PUP.FreeSoftToday^
C:\Program Files (x86)\LPT =>Adware.Incredibar^
C:\Program Files (x86)\RightSurf =>PUP.RightSurf^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\S\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\S\AppData\Local\fst_fr_77 =>PUP.FreeSoftToday^
C:\Users\S\AppData\Local\LPT =>Adware.Incredibar^
C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar^
C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf^
[HKCU\Software\BrowseMark] =>PUP.BrowseMark^
[HKCU\Software\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\BrowseMark] =>PUP.BrowseMark^
[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Windows\Installer\141648d1.msi =>Hijacker.SmartBar^
C:\Windows\Installer\141648d8.msi =>Adware.IncrediBar^
~ Additionnel Scan: 317761 Items scanned in 00mn 35s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf =>PUP.RightSurf
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex =>PUP.Elex
http://nicolascoolman.webs.com/apps/blog/show/30840517-toolbar-ipumper =>Toolbar.iPumper
http://nicolascoolman.webs.com/apps/blog/show/41817737-pup-extendedprotection =>PUP.ExtendedProtection
http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi =>Parasite.Pugi
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart =>PUP.QuickStart
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/36657231-pup-remarkit =>PUP.ReMarkIt
http://nicolascoolman.webs.com/apps/blog/show/30392620-pup-vafplayer =>PUP.VAFPlayer
http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/42099886-pup-browsemark =>PUP.BrowseMark
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>AgenceExclusive
http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq =>Adware.DomaIQ
http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 29 link(s) detected in 00mn 00s
~ 1207 Legitimates filtered by white list
End of the scan (718 lines in 01mn 56s)(0)