cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.17.49 - Nicolas Coolman (17/05/2015)
~ Lancé par Jerome (21/05/2015 20:50:12)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
GCIE: Google Chrome v42.0.2311.152

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : Q698K
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.1.6.1022
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v5.05

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 ActiveX
Adobe Acrobat Reader DC - Français

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3969 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 251 GB (68%) free of 368 GB

---\\ Mode de connexion au système
~ Computer Name: JEROME-PC
~ User Name: Jerome
~ All Users Names: Jerome, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jerome\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jerome\AppData\Roaming\
~ %Desktop% : C:\Users\Jerome\Desktop\
~ %Favorites% : C:\Users\Jerome\Favorites\
~ %LocalAppData% : C:\Users\Jerome\AppData\Local\
~ %StartMenu% : C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 251 Go of 368 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
W: Hard drive, Flash drive, Thumb drive (Free 98 Go of 98 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/04/2015 - 15:26:49.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/8034
~ Mes musiques (My Musics) : 1/1310
~ Mes Videos (My Videos) : 1/49
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.B76756198468FDC616B3EBAFD5268496] - (.SearchProtect - CmdShell.exe.) -- C:\Program Files (x86)\XTab\cmdshell.exe [29312] [PID.2440] =>PUP.SearchProtect
[MD5.DA7D56A0035EB4EBECC148B6CA9B7BED] - (.XTab system - SupHPNot.exe.) -- C:\Program Files (x86)\XTab\HPNotify.exe [674432] [PID.2456]
[MD5.A602E1479E1FE7C022B0B692A185336A] - (...) -- C:\Program Files (x86)\MaxComputerCleaner_v27.474\MaxComputerCleaner_Maintenance.exe [31432] [PID.3560] =>PUP.MaxComputerCleaner
[MD5.B8CC867BFEBD5CCF4CD86936D99D4BAA] - (.Samsung Electronics CO., LTD. - Settings.) -- C:\Program Files (x86)\Samsung\Easy Settings\sSettings.exe [2623808] [PID.2644]
[MD5.55D9D5D626A1E30D286FDA5A58F9AF98] - (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440] [PID.880] =>PUP.CrossBrowser
[MD5.AAC6952B6D883251AA9AD9EEB5384B86] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815312] [PID.5756]
[MD5.A55FB42F0642DBF4817543A58E97721F] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232] [PID.3924]
[MD5.51CFFD7BBFEA2F7316C560DCC4479759] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8209408] [PID.3820]
[MD5.8A8F5EBE2FD9C2E6325723209B9CDF32] - (.SysTool PasSame LIMITED - Windows SysTool Svr.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064] [PID.1480] =>PUP.Fuyu
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1856]
[MD5.929593D76589294BA3F74540298D1B3E] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2104]
[MD5.ED93AB018182B715CAF9C6D11CE4F354] - (...) -- C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\jnsh8812.tmp [212992] [PID.2184]
[MD5.A604C61AEE0A1567ED8691FAE43E38BF] - (.Samsung Electronics CO., LTD. - EasyLauncher.) -- C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\EasyLauncher.exe [1593152] [PID.2260]
[MD5.F4643638A5661D4A0290176DC0CFF387] - (...) -- C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\EasySettingsCmdServer.exe [84800] [PID.2304]
[MD5.8C4D3F22D27FCEF90DB885C7E85642FB] - (...) -- C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\nsu76DF.tmp [179712] [PID.2316]
[MD5.D167D7075524F721D8D2211A563591FB] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\XTab\ProtectService.exe [157824] [PID.2360]
[MD5.FA92AFD59F7A16D8F4BB94CBA8061F47] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144] [PID.2528]
[MD5.EADC0B3CB4797272C50762A1141F8CB0] - (...) -- C:\Users\Jerome\AppData\Local\2F40EB1E-1431944232-1A88-90CB-6F056F2B552C\snst79C3.tmp [126464] [PID.2560]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2880]
[MD5.10B0268A87885D7865A797F3E9B92230] - (.Samsung Electronics CO., LTD. - SW Update Agent.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3014488] [PID.2952]
[MD5.6CA83C69643E7BF144A428B7BDC7D630] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976] [PID.2996]
[MD5.5316AB97FD1A97A2C591F9E7CFCD37DD] - (...) -- C:\Users\Jerome\AppData\Local\2F40EB1E-1431944215-1A88-90CB-6F056F2B552C\cnsd3B8D.tmp [230912] [PID.3056]
[MD5.A6A0A1862AB5E07D47761C9AF8871FA7] - (...) -- C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [691200] [PID.2028]
[MD5.E6A92379A7455DF13662BEAEBE0140AD] - (...) -- C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\hnsm9DD5.tmp [160768] [PID.2156]
[MD5.AC198357C5F32560AA533D3FB6343AFD] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296] [PID.1836]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2148]
[MD5.AD3B3A8523118FB0537854FC740551DD] - (.Pas de propriétaire - DBYYOE.) -- C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe [274944] [PID.3132]
[MD5.B4D1D62A09F09CB2DFD55628350CDAFB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822496] [PID.3672]
[MD5.6CF7DAB9FB7642FB0F869BFDFD12D761] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.5712]
[MD5.B9491EDBF782744DAB4F6C00AFCD4820] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.3796]
[MD5.9BB79402604111EEEC64950345FB32CC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.1128]
[MD5.83FF82FE209E7997067B375DAD6CF23D] - (.Intel Corporation - Intel(R) Integrated Clock Controller Servic.) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752] [PID.2848]
~ Processes Running: Scanned in 00mn 03s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com =>Hijacker.OurSurfing
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53842;https=127.0.0.1:53842 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: LuckyTab Class [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.LuckyTab
~ BHO: 4 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Jerome]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
~ Global Startup: 2 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Jerome]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files (x86)\Bluetooth Suite\btvstack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files (x86)\Bluetooth Suite\athbttray.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_728BB3EFF3D6698330CFD99AFAB7CF5D] . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - HKCU\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.)
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.92\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
O4 - HKLM\..\Wow6432Node\RunOnce: [MaxComputerCleaner_v27.474] . (...) -- C:\Program Files (x86)\MaxComputerCleaner_v27.474\MaxComputerCleaner_Maintenance.exe =>PUP.MaxComputerCleaner
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3747368704-2864633124-1960403962-1000\..\Run: [GoogleChromeAutoLaunch_728BB3EFF3D6698330CFD99AFAB7CF5D] . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - HKUS\S-1-5-21-3747368704-2864633124-1960403962-1000\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.)
O4 - HKUS\S-1-5-21-3747368704-2864633124-1960403962-1000\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.92\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{21AAC03F-B5CE-450B-8B83-EE0F843A8750}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{A71D0672-6775-471F-825C-48E13C4D6522}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{21AAC03F-B5CE-450B-8B83-EE0F843A8750}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{A71D0672-6775-471F-825C-48E13C4D6522}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{21AAC03F-B5CE-450B-8B83-EE0F843A8750}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{A71D0672-6775-471F-825C-48E13C4D6522}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: OptimizerPro Monitoring (54cc00c0) . (...) - c:\Program Files (x86)\Optimizer Pro 3.92\OptProMon.dll =>PUP.OptimizerPro
O23 - Service: Back-up Copy Dial (difihify) . (...) - C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\jnsh8812.tmp
O23 - Service: Crash Portal (fegukygy) . (...) - C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\nsu76DF.tmp
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Infonaut 1.10.0.14 Client Service (insvc_1.10.0.14) . (...) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe (.not file.) =>PUP.Infonaut
O23 - Service: Symbol Normal (lusecixo) . (...) - C:\Users\Jerome\AppData\Local\2F40EB1E-1431944232-1A88-90CB-6F056F2B552C\snst79C3.tmp
O23 - Service: Lock Collate (tykucihu) . (...) - C:\Users\Jerome\AppData\Local\2F40EB1E-1431944215-1A88-90CB-6F056F2B552C\cnsd3B8D.tmp
O23 - Service: WajaWebEnhance Service (WajaWebEnhance Service) . (...) - C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
O23 - Service: Online Designer (wyhesete) . (...) - C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\hnsm9DD5.tmp
~ Services: 22 Legitimates Filtered in 00mn 17s



---\\ Tâches planifiées en automatique (O39)
[MD5.A775C5BD25A2BCFC1EBF6EBFEF1AF07C] [APT] [Crossbrowse] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [1818200] =>PUP.CrossBrowser
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [APT] [DfIY3fIAyD] (...) -- C:\Users\Jerome\AppData\Roaming\DfIY3fIAyD.exe [1246720]
[MD5.00000000000000000000000000000000] [APT] [Dregol dara] (...) -- C:\ProgramData\{1CC9F40A-4C4B-258C-FDCD-550E2D4F8680}\1.17.0.1\fiber.js" "433a2f50726f6772616d446174612f7b31434339463430412d344334422d323538432d464443442d3535304532443446383638307d2f312e31372e302e312f646172612e646c6c" "687474703a2f2f73616f2e72657164726 (.not file.) [0] =>Hijacker.Browser
[MD5.0C7CF368F3C810C4982DDE08D3C50C45] [APT] [NetEngine] (...) -- C:\ProgramData\NetEngine\bin\D10\netengine.exe [75776] =>PUP.NetEngine
[MD5.3A1D89B89C9D62951957F0839578DD9B] [APT] [nZei0pzKsTYFApRc29Dxt] (...) -- C:\Users\Jerome\AppData\Roaming\nZei0pzKsTYFApRc29Dxt.exe [1579520]
[MD5.00000000000000000000000000000000] [APT] [Optimizer Pro Schedule] (...) -- C:\Program Files (x86)\Optimizer Pro 3.92\OptProLauncher.exe (.not file.) [0] =>PUP.OptimizerPro
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [APT] [VSYaJyOPQJ0mCEUMDOEbfv0GX] (...) -- C:\Users\Jerome\AppData\Roaming\VSYaJyOPQJ0mCEUMDOEbfv0GX.exe [1246720]
[MD5.00000000000000000000000000000000] [APT] [{19A8AD77-7F05-4A5C-9382-6C6BDB332110}] (...) -- C:\Users\Jerome\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.) [0] =>Hijacker.OurSurfing
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: Crossbrowse - (...) -- C:\Windows\Tasks\Crossbrowse.job [1058] =>PUP.CrossBrowser
O39 - APT: Crossbrowse - (...) -- C:\Windows\System32\Tasks\Crossbrowse [1058] =>PUP.CrossBrowser
O39 - APT: DfIY3fIAyD - (...) -- C:\Windows\Tasks\DfIY3fIAyD.job [996]
O39 - APT: DfIY3fIAyD - (...) -- C:\Windows\System32\Tasks\DfIY3fIAyD [996]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [830]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [830] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [832]
O39 - APT: nZei0pzKsTYFApRc29Dxt - (...) -- C:\Windows\Tasks\nZei0pzKsTYFApRc29Dxt.job [1018]
O39 - APT: nZei0pzKsTYFApRc29Dxt - (...) -- C:\Windows\System32\Tasks\nZei0pzKsTYFApRc29Dxt [1018]
O39 - APT: - (..) -- C:\Windows\Tasks\Periodic Synchronize Task.job [342]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Periodic Synchronize Task [342]
O39 - APT: VSYaJyOPQJ0mCEUMDOEbfv0GX - (...) -- C:\Windows\Tasks\VSYaJyOPQJ0mCEUMDOEbfv0GX.job [1026]
O39 - APT: VSYaJyOPQJ0mCEUMDOEbfv0GX - (...) -- C:\Windows\System32\Tasks\VSYaJyOPQJ0mCEUMDOEbfv0GX [1026]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 17s



---\\ Logiciels installés (O42)
O42 - Logiciel: Crossbrowse - (.The Crossbrowse Authors.) [HKLM][64Bits] -- Crossbrowse =>PUP.CrossBrowser
~ Logic: 36 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Clubic]
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowser
[HKCU\Software\DfIY3fIAyD]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\ICSW1.8]
[HKCU\Software\Kromtech]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\VSYaJyOPQJ0mCEUMDOEbfv0GX]
[HKCU\Software\WajaWebEnhance]
[HKCU\Software\maxcomputerclenner]
[HKCU\Software\nZei0pzKsTYFApRc29Dxt]
[HKLM\Software\WebBar] =>PUP.WebBar
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut
[HKLM\Software\Wow6432Node\MOBILEPCSTARTERKIT]
[HKLM\Software\Wow6432Node\MaxComputerCleaner] =>PUP.MaxComputerCleaner
[HKLM\Software\Wow6432Node\SaleCharger]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\WajaWebEnhance]
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 205 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2015 - 10:45:37 - [] ----D C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 18/05/2015 - 19:54:32 - [] ----D C:\Program Files (x86)\MaxComputerCleaner_v27.474 =>PUP.MaxComputerCleaner
O43 - CFD: 18/05/2015 - 10:06:38 - [] ----D C:\Program Files (x86)\WajaWebEnhance =>PUP.Wajam
O43 - CFD: 18/05/2015 - 19:55:03 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 20/05/2015 - 16:09:03 - [] ----D C:\ProgramData\NetEngine =>PUP.NetEngine
O43 - CFD: 18/05/2015 - 19:53:48 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 18/05/2015 - 09:58:16 - [] ----D C:\ProgramData\{1CC9F40A-4C4B-258C-FDCD-550E2D4F8680}
O43 - CFD: 21/05/2015 - 10:45:44 - [] ----D C:\ProgramData\{8e77c5b4-c222-42c0-8e77-7c5b4c2216d3}
O43 - CFD: 30/04/2015 - 09:48:24 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
O43 - CFD: 21/05/2015 - 10:45:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 18/05/2015 - 10:11:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILEPCSTARTERKIT
O43 - CFD: 12/04/2011 - 11:27:52 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 18/05/2015 - 10:06:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance
O43 - CFD: 18/05/2015 - 09:58:22 - [] ----D C:\Users\Jerome\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z =>Adware.InstallCore
O43 - CFD: 20/05/2015 - 18:16:36 - [] ----D C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C
O43 - CFD: 18/05/2015 - 19:57:09 - [] ----D C:\Users\Jerome\AppData\Local\2F40EB1E-1431944215-1A88-90CB-6F056F2B552C
O43 - CFD: 21/05/2015 - 20:50:07 - [] ----D C:\Users\Jerome\AppData\Local\2F40EB1E-1431944232-1A88-90CB-6F056F2B552C
O43 - CFD: 21/05/2015 - 10:45:57 - [] ----D C:\Users\Jerome\AppData\Local\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 20/05/2015 - 16:16:59 - [] -SH-D C:\Users\Jerome\AppData\Local\EmieBrowserModeList
~ Program Folder: 129 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 63 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/11/2012 - C:\Windows\system32\Drivers\SABI.sys (SABI) .(.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - LEGACY_SABI
~ Legacy: 74 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (oursurfing) - http://www.oursurfing.com =>Hijacker.OurSurfing
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.oursurfing.com =>Hijacker.OurSurfing
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Jerome\AppData\Roaming\DfIY3fIAyD.exe [1246720]
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Jerome\AppData\Roaming\nZei0pzKsTYFApRc29Dxt.exe [1579520]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Jerome\AppData\Roaming\VSYaJyOPQJ0mCEUMDOEbfv0GX.exe [1246720]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{852C653F-9270-4670-AECF-B8F65FBC7E94}" | In - None - P17 - TRUE | .(.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
~ Firewall: 1 Legitimates Filtered in 00mn 01s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:060df2cd="alAl/YP/b/Af/X6/bxAu/Y//alAf/YP/HPAj/Xb/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:1c311243="b/Af/X6/alAl/YP/HPAi/Yq/GPAf/Yb/GPAz/B2/FlAk/Xh////%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:51d2f2ea="IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/C
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:6185d035="VP/h/CP/V//l////"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:65114b36="VP/+////"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:c24899a6="VP/g/CV/Vl/1/CF////%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:d94388d2="b/Af/X6/alAl/YP/HPAi/Yq/GPAf/Yb/GPAz/B2/FlAk/Xh////%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538\25288494285902400\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F3E0BCAC0A50EA3B7571407A7DA325C7] [WIS][18/05/2015] (.globalupdate - globalupdate.) -- C:\Windows\Installer\41154.msi [32768] =>PUP.GlobalUpdate
[MD5.1C51364B5F46E1A1CC63664CAF91B8DF] [WIS][09/02/2015] (.Max Computer Cleaner - Max Computer Cleaner.) -- C:\Windows\Installer\4115b.msi [1280512] =>PUP.MaxComputerCleaner
~ WIS: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_Maintenance_RASAPI32 =>PUP.MaxComputerCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_Maintenance_RASMANCS =>PUP.MaxComputerCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32 =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASMANCS =>PUP.NetEngine
~ BTK: 13 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 30/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/03/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 30/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 22/07/1658 0 | (insvc_1.10.0.14) . (...) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut
SS - | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/05/2015 1827368 | (54cc00c0) . (...) - c:\Program Files (x86)\Optimizer Pro 3.92\OptProMon.dll =>PUP.OptimizerPro
SR - | Auto 06/03/2015 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/10/2012 219776 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 18/05/2015 212992 | (difihify) . (...) - C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\jnsh8812.tmp
SR - | Auto 10/07/2014 1593152 | (Easy Launcher) . (.Samsung Electronics CO., LTD..) - C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\EasyLauncher.exe
SR - | Auto 20/05/2015 179712 | (fegukygy) . (...) - C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\nsu76DF.tmp
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 18/05/2015 157824 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/07/2012 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 06/07/2012 165144 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 06/07/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 18/05/2015 126464 | (lusecixo) . (...) - C:\Users\Jerome\AppData\Local\2F40EB1E-1431944232-1A88-90CB-6F056F2B552C\snst79C3.tmp
SR - | Auto 30/01/2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 24/03/2015 3014488 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
SR - | Auto 17/04/2015 5448976 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 18/05/2015 230912 | (tykucihu) . (...) - C:\Users\Jerome\AppData\Local\2F40EB1E-1431944215-1A88-90CB-6F056F2B552C\cnsd3B8D.tmp
SR - | Auto 06/07/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 06/05/2015 691200 | (WajaWebEnhance Service) . (...) - C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe
SR - | Auto 18/05/2015 337064 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/05/2015 160768 | (wyhesete) . (...) - C:\Users\Jerome\AppData\Roaming\2F40EB1E-1431936821-1A88-90CB-6F056F2B552C\hnsm9DD5.tmp
SR - | Auto 15/10/2012 327296 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 12s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (17/05/2015)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 20

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] =>PUP.LuckyTab^
[HKLM\SYSTEM\CurrentControlSet\Services\54cc00c0] =>PUP.OptimizerPro^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\insvc_1.10.0.14] =>PUP.Infonaut^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse] =>PUP.CrossBrowser^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:GoogleChromeAutoLaunch_728BB3EFF3D6698330CFD99AFAB7CF5D =>PUP.CrossBrowser^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:MaxComputerCleaner_v27.474 =>PUP.MaxComputerCleaner^
C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowser^
C:\Program Files (x86)\MaxComputerCleaner_v27.474 =>PUP.MaxComputerCleaner^
C:\Program Files (x86)\WajaWebEnhance =>PUP.Wajam^
C:\ProgramData\NetEngine =>PUP.NetEngine^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowser^
C:\Users\Jerome\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z =>Adware.InstallCore^
C:\Users\Jerome\AppData\Local\Crossbrowse =>PUP.CrossBrowser^
C:\Users\Jerome\AppData\Roaming\Optimizer Pro =>PUP.OptimizerPro
C:\Program Files (x86)\XTab\cmdshell.exe =>PUP.SearchProtect^
C:\Program Files (x86)\MaxComputerCleaner_v27.474\MaxComputerCleaner_Maintenance.exe =>PUP.MaxComputerCleaner^
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser^
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu^
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe =>PUP.CrossBrowser^
C:\ProgramData\NetEngine\bin\D10\netengine.exe =>PUP.NetEngine^
C:\Windows\Tasks\Crossbrowse.job =>PUP.CrossBrowser^
C:\Windows\System32\Tasks\Crossbrowse =>PUP.CrossBrowser^
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser^
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowser^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKLM\Software\WebBar] =>PUP.WebBar^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Wow6432Node\MaxComputerCleaner] =>PUP.MaxComputerCleaner^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\de35116d-7ab4-3793-0765-d3ef28611538] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Windows\Installer\41154.msi =>PUP.GlobalUpdate^
C:\Windows\Installer\4115b.msi =>PUP.MaxComputerCleaner^
~ Additionnel Scan: 178891 Items scanned in 00mn 39s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog/ =>PUP.MaxComputerCleaner
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>Hijacker.OurSurfing
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://www.nicolascoolman.fr/blog/ =>PUP.LuckyTab
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browser
http://www.nicolascoolman.fr/blog/ =>PUP.NetEngine
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.WebBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
~ MSI: 25 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

~ 683 Legitimates filtered by white list
End of the scan (630 lines in 02mn 16s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité