cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par Famille (04/06/2015 21:11:06)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801
MFIE: Mozilla Firefox 38.0.5 (Defaut)
GCIE: Google Chrome v35.0.1916.153

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2018
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.10

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI
Java 7 Update 67 (64-bit)

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6124 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 347 GB (37%) free of 914 GB

---\\ Mode de connexion au système
~ Computer Name: JASMAIN-HP
~ User Name: Famille
~ All Users Names: Jasmain, HomeGroupUser$, Famille, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Famille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Famille\AppData\Roaming\
~ %Desktop% : C:\Users\Famille\Desktop\
~ %Favorites% : C:\Users\Famille\Favorites\
~ %LocalAppData% : C:\Users\Famille\AppData\Local\
~ %StartMenu% : C:\Users\Famille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 347 Go of 914 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 18 Go)
E: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.04/05/2012 - 11:48:10.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2012 - 11:48:51.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04/05/2012 - 11:46:48.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/44
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/779
~ Mon Bureau (My Desktop) : 1/374
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.D19C99CF2938AEAE39805895D160E670] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe [2387440] [PID.2428]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4348]
[MD5.34BF2F6A776B3CA1B88902F0CE634D2E] - (.LOL Replay - LOL Replay Recorder.) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe [528896] [PID.4500]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208] [PID.4584]
[MD5.21B8FAAFA5CCD89663AAD5833ABF4B35] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.4752]
[MD5.308F2EE28005510DE616409148CF077B] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.4780]
[MD5.82F68EBA0FCEA46BA8919D6A264A833E] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.4872]
[MD5.E6C1D2F421AF7096D75D0735C7E64542] - (.Hewlett-Packard - HP TouchSmart Calendar Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe [20480] [PID.5528]
[MD5.A9CA1AAD4E4890826D3C2E2F74CDF8E1] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [511872] [PID.3616]
[MD5.245F0F6C80BFC4A09679C08BC21C5762] - (.Pas de propriétaire - Generic Setup Component.) -- C:\Users\Famille\AppData\Local\Temp\nsw23F7.tmp [287741] [PID.3300]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Famille\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.6184] =>PUP.SmartWeb
[MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\Famille\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.6276] =>PUP.SmartWeb
[MD5.27F31CB8B4AFE71EE08F876B69D8F2BC] - (...) -- C:\Users\Famille\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe [3297736] [PID.5156] =>PUP.CrossRider
[MD5.4B1B76B55E9C2A63B6E1F5CA5EB25A62] - (...) -- C:\Program Files (x86)\gmsd_fr_610\gmsd_fr_610.exe [3985064] [PID.5156] =>PUP.CrossRider
[MD5.C8544DC8645807556E026F047B3256CC] - (.SearchProtect - CmdShell.exe.) -- C:\Program Files (x86)\MiuiTab\cmdshell.exe [29312] [PID.5500] =>PUP.SearchProtect
[MD5.A67953DC6E7CFFF6A8F39A3CC54E48D7] - (.XTab system - SupHPNot.exe.) -- C:\Program Files (x86)\MiuiTab\HPNotify.exe [673920] [PID.7012]
[MD5.16AB3ADFFD7B06E1E6867BF9C0893A86] - (...) -- C:\Users\Famille\AppData\Local\Temp\nssB1E3.tmp [229130] [PID.6604]
[MD5.A36C9D94A63E668010E3243F0A111801] - (...) -- C:\Users\Famille\AppData\Local\Temp\isdkNKIOQnPv\ISightHost.exe [3072] [PID.5620]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.7780]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1340]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1656]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1784]
[MD5.C9DCE1CB628AEED3C0C30ABBF4F1E718] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.2092]
[MD5.6C85719A21B3F62C2C76280F4BD36C7B] - (.Intel Corporation - Intel IPT Host Interface Service.) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212944] [PID.2140]
[MD5.17446789EC803B4F2172AEA2BFA2D1D1] - (...) -- C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71\jnsy200D.tmp [206336] [PID.2164]
[MD5.8D20AE0D139C9D533C1122D7A6B14ADB] - (...) -- C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71\nsyF11B.tmpfs [169984] [PID.2192]
[MD5.E605F35F03C881DC46902E0E2F5985B3] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984] [PID.2216]
[MD5.20B5060889E5BB239AF87E3E57B97867] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.2264]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2404]
[MD5.CECFDE5D3701B2D914862F5E6C3DFE18] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [211104] [PID.2740]
[MD5.4E1BB8A9CCDB4BAF41F7F9A930EB121D] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [534184] [PID.2936]
[MD5.B4D1D62A09F09CB2DFD55628350CDAFB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822496] [PID.3264]
[MD5.A3AD13CA2747953DDD4C9AE4FB925BEC] - (.Hewlett-Packard - HP TouchSmart Calendar.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384] [PID.4224]
[MD5.BF22ACF4CF3734D61357E67F0521BC03] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.2608]
[MD5.F211E659AAF2D82E4DBD6EA4A8178829] - (.Symantec Corporation - Symantec VIPAppService.) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544] [PID.456]
[MD5.B097EBA0E3FEB020BB65FE43AF5ECCFF] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.2256]
[MD5.D1AFCCBC2BC504F9F0C70B058EBE344B] - (.Infonaut - Infonaut Client Service.) -- C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600] [PID.4372] =>PUP.Infonaut
[MD5.42088EF271CA8F06A0C9B14D9F3F63AA] - (.DTools LIMITED - Windows DTools.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [695976] [PID.3688] =>PUP.Fuyu
[MD5.FA7749A8291FF27507E53B804839A38A] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056] [PID.4060]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Famille\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.mystartsearch.com =>PUP.StartSearch
G0 - GCSP: Preference [User Data\Default][StartupURLs] http://www.mystartsearch.com/?type=hp&ts=1433444617&z=8492aa83e5760acfb6ef4f6g6z2cdc7zez4zcq3g2o&from=cmi&uid=HitachiXHDS721010DLE630_MSE5235V1X68SU1X68SUX =>PUP.StartSearch
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 310 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Famille\AppData\Roaming\Mozilla\Firefox\Profiles\dejldft5.default\prefs.js
C:\Users\Famille\AppData\Roaming\Mozilla\Firefox\Profiles\dejldft5.default\user.js
M3 - MFPP: Plugins - [Famille] -- C:\Users\Famille\AppData\Roaming\Mozilla\Firefox\Profiles\dejldft5.default\searchplugins\mystartsearch.xml =>PUP.StartSearch
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M0 - MFSP: prefs.js [Famille - dejldft5.default] http://www.mystartsearch.com =>PUP.StartSearch
M2 - MFEP: prefs.js [Famille - dejldft5.default\sweetsearch@gmail.com] [] Search Enginer v1.0.0.1031 (..) =>PUP.SearchEngine
M2 - MFEP: Extension [Famille - dejldft5.default] firefox@corobizar.com.xpi
M2 - MFEP: Extension [Famille - dejldft5.default] searchffv2@gmail.com
M2 - MFEP: Extension [Famille - dejldft5.default] sweetsearch@gmail.com =>PUP.SweetSearch
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: e-Carte Bleue Browser Helper Object [64Bits] - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} . (.Orbiscom Ltd. All rights reserved. - FTO CMB.) -- C:\Windows\SysWow64\BhoECart.dll
O2 - BHO: LuckyTab Class [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\MiuiTab\SupTab.dll =>PUP.LuckyTab
~ BHO: 15 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com =>PUP.StartSearch
O4 - GS\QuickLaunch [Famille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
O4 - GS\TaskBar [Famille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
O4 - GS\TaskBar [Famille]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com =>PUP.StartSearch
O4 - GS\Program [Famille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
O4 - GS\SystemTools [Famille]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
~ Global Startup: 7 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Famille]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Famille\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILGE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FBDEB55C4A6819E9DC3FA5FA9B6D0778] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_92] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [YourFile DownloaderInstaller Starter] C:\Users\Jasmain\AppData\Local\Temp\install1293575.exe (.not file.) =>PUP.YourFileDownloader
O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Famille\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_610] . (...) -- C:\Program Files (x86)\gmsd_fr_610\gmsd_fr_610.exe =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_fr_610.exe] . (...) -- C:\Users\Famille\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe =>PUP.CrossRider
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4014001360-1395451200-2295529589-1003\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILGE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-4014001360-1395451200-2295529589-1003\..\Run: [GoogleChromeAutoLaunch_FBDEB55C4A6819E9DC3FA5FA9B6D0778] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{384EB891-C929-478A-8C9B-E684C9C91B47}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{384EB891-C929-478A-8C9B-E684C9C91B47}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{384EB891-C929-478A-8C9B-E684C9C91B47}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Infonaut 1.10.0.14 Client Service (insvc_1.10.0.14) . (.Infonaut - Infonaut Client Service.) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut
O23 - Service: Drag And Drop Pull Down (jodekezu) . (...) - C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71\jnsy200D.tmp
O23 - Service: Pixel Subject Line (johopycu) . (...) - C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71\nsyF11B.tmpfs
O23 - Service: Update Fragile Fixer (Update Fragile Fixer) . (...) - C:\Program Files (x86)\Fragile Fixer\updateFragileFixer.exe (.not file.) =>PUP.FragileFixer
O23 - Service: Util ClearThink (Util ClearThink) . (...) - C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe (.not file.) =>PUP.ClearThink
O23 - Service: Util Fragile Fixer (Util Fragile Fixer) . (...) - C:\Program Files (x86)\Fragile Fixer\bin\utilFragileFixer.exe (.not file.) =>PUP.FragileFixer
O23 - Service: Web Bar Service (wbsvc) (wbsvc) . (.Web Bar Media - Web Bar Service.) - C:\Program Files\WebBar\wbsvc.exe =>PUP.WebBar
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED - Windows DTools.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 24 Legitimates Filtered in 00mn 04s



---\\ Tâches planifiées en automatique (O39)
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] [APT] [SmartWeb Upgrade Trigger Task] (.SoftBrain Technologies Ltd..) -- C:\Users\Famille\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] =>PUP.SmartWeb
[MD5.998C279948759C00A4277C49141E3049] [APT] [WebBarLaunchTask] (.Web Bar Media.) -- C:\Program Files\WebBar\wbsvc.exe [37144] =>PUP.WebBar
[MD5.998C279948759C00A4277C49141E3049] [APT] [WebBarUpdateTask] (.Web Bar Media.) -- C:\Program Files\WebBar\wbsvc.exe [37144] =>PUP.WebBar
[MD5.00000000000000000000000000000000] [APT] [{42F0AD4A-9B44-498E-B3D2-AA13E2C20665}] (...) -- G:\INSTALL.exe (.not file.) [0]
[MD5.C016D49E0D0D6D11EEE2C5FC74ADA3D2] [APT] [{8D32F10F-8D73-4934-911F-B26BCBA383E5}] (...) -- C:\Program Files (x86)\Steam\SteamApps\common\sonic adventure DX\unsetup.exe [634880]
[MD5.00000000000000000000000000000000] [APT] [{C62DFCFE-DA2E-497D-954A-737CAA110490}] (...) -- G:\autorun.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {7F54C1F5-3EAB-40E6-8848-E5D52DFC7DA0}.job [727]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-215 217 Series Invitation {7F54C1F5-3EAB-40E6-8848-E5D52DFC7DA0} [727]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-215 217 Series Update {7F54C1F5-3EAB-40E6-8848-E5D52DFC7DA0}.job [913]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-215 217 Series Update {7F54C1F5-3EAB-40E6-8848-E5D52DFC7DA0} [913]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForFamille [340]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (innfd_1_10_0_14) . (.Infonaut - Infonaut Driver x64.) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys =>PUP.Infonaut
~ Drivers: 71 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Infonaut 1.10.0.14 - (.Infonaut.) [HKLM][64Bits] -- Infonaut_1.10.0.14 =>PUP.Infonaut
O42 - Logiciel: Loadout - (.Edge of Reality.) [HKLM][64Bits] -- Steam App 208090
O42 - Logiciel: SmartWeb - (.SoftBrain Technologies Ltd..) [HKLM][64Bits] -- SmartWeb =>PUP.SmartWeb
O42 - Logiciel: Southpark Stick of Truth - (...) [HKLM][64Bits] -- U291dGhwYXJrU3RpY2tvZlRydXRo_is1
O42 - Logiciel: Unturned - (.Nelson Sexton.) [HKLM][64Bits] -- Steam App 304930
O42 - Logiciel: Web Bar 2.0.5574.22315 - (.Web Bar Media.) [HKLM][64Bits] -- {0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1 =>PUP.WebBar
O42 - Logiciel: mystartsearch uninstall - (.mystartsearch.) [HKLM][64Bits] -- mystartsearch uninstall =>PUP.StartSearch
~ Logic: 61 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\IncrediMail]
[HKCU\Software\Kromtech]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\esties]
[HKLM\Software\WebBar] =>PUP.WebBar
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Highlightly]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 440 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2015 - 21:04:09 - [] ----D C:\Program Files (x86)\gmsd_fr_610 =>PUP.CrossRider
O43 - CFD: 04/06/2015 - 21:03:28 - [] ----D C:\Program Files (x86)\Infonaut_1.10.0.14 =>PUP.Infonaut
O43 - CFD: 04/06/2015 - 21:04:36 - [] ----D C:\Program Files (x86)\MiuiTab
O43 - CFD: 04/06/2015 - 19:10:13 - [0] ----D C:\Program Files (x86)\Supraball
O43 - CFD: 27/04/2014 - 19:49:32 - [] ----D C:\ProgramData\IM
O43 - CFD: 27/04/2014 - 19:49:06 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 17/06/2014 - 22:23:06 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 04/06/2015 - 21:04:19 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 07/02/2014 - 19:01:54 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 29/01/2014 - 13:47:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
O43 - CFD: 27/04/2014 - 20:03:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 29/01/2014 - 13:47:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 04/06/2015 - 19:09:12 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 29/01/2014 - 13:47:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 29/01/2014 - 13:47:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
O43 - CFD: 21/11/2010 - 09:16:41 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 04/06/2015 - 19:06:41 - [] ----D C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71
O43 - CFD: 04/06/2015 - 21:04:10 - [] ----D C:\Users\Famille\AppData\Roaming\mystartsearch =>PUP.StartSearch
O43 - CFD: 16/03/2015 - 21:45:54 - [] -SH-D C:\Users\Famille\AppData\Local\EmieBrowserModeList
O43 - CFD: 04/06/2015 - 21:09:02 - [] ----D C:\Users\Famille\AppData\Local\gmsd_fr_610 =>PUP.CrossRider
O43 - CFD: 01/06/2015 - 07:11:56 - [] ----D C:\Users\Famille\AppData\Local\GWX
O43 - CFD: 23/04/2015 - 19:06:34 - [] ----D C:\Users\Famille\AppData\Local\openvr
O43 - CFD: 04/06/2015 - 21:03:46 - [] ----D C:\Users\Famille\AppData\Local\SmartWeb =>PUP.SmartWeb
O43 - CFD: 04/06/2015 - 21:09:20 - [] ----D C:\Users\Famille\AppData\Local\WebBar =>PUP.WebBar
~ Program Folder: 264 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.E53E45CB748DD857361654606C62DC4A] - 04/06/2015 - 18:04:58 ---A- . (...) -- C:\Windows\win.ini [505]
~ Files: 10 Legitimates Filtered in 00mn 17s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{6b56aac2-8925-11e3-b30f-806e6f6e6963}\AutoRun\command. (...) -- E:\InstallNavi.exe (.not file.)
O51 - MPSK:{7ba69fa5-9620-11e3-b625-80c16edf71d4}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
~ TDSD: 5 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:02/05/2014 - 16:57:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:02/05/2014 - 16:57:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:02/05/2014 - 16:57:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:01/03/2010 - 23:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:10/04/2015 - 20:56:56 ---A- . (.Infonaut - Infonaut Driver x64.) -- C:\Windows\System32\Drivers\innfd_1_10_0_14.sys [58224] =>PUP.Infonaut
O58 - SDL:04/05/2012 - 12:24:12 ---A- . (...) -- C:\Windows\System32\Drivers\pmxdrv.sys [31152]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 67 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 02/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 10/04/2015 - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (innfd_1_10_0_14) .(.Infonaut - Infonaut Driver x64.) - LEGACY_INNFD_1_10_0_14 =>PUP.Infonaut
~ Legacy: 84 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com =>PUP.StartSearch
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.mystartsearch.com =>PUP.StartSearch
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (mystartsearch) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Bing (by Mircosoft)) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F28C19973BD82EE50BB16A5A39C1BA83] [SPRF][02/05/2015] (.Mojang - Minecraft launcher.) -- C:\Users\Famille\Desktop\Minecraft.exe [1294088]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{E0517DBF-F3C6-4923-8084-AEDDC582FDFD}C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{3EDAD638-2A6A-4016-86C5-BC5C30AB8245}C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{904C1647-9569-4084-AAFB-DA6C54D97E75}C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{0C5CFB61-6742-495E-9875-D01E9283BE32}C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\jasmain\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 20/11/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 15/11/2014 259664 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 22/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 02/06/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/04/2015 836288 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 22/07/1658 0 | (Update Fragile Fixer) . (...) - C:\Program Files (x86)\Fragile Fixer\updateFragileFixer.exe =>PUP.FragileFixer
SS - | Auto 22/07/1658 0 | (Util ClearThink) . (...) - C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe =>PUP.ClearThink
SS - | Auto 22/07/1658 0 | (Util Fragile Fixer) . (...) - C:\Program Files (x86)\Fragile Fixer\bin\utilFragileFixer.exe =>PUP.FragileFixer
SS - | Auto 06/04/2015 37144 | (wbsvc) . (.Web Bar Media.) - C:\Program Files\WebBar\wbsvc.exe =>PUP.WebBar
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/02/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 02/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/08/2011 16384 | (CalendarSynchService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
SR - | Auto 17/05/2012 144560 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 22/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Auto 12/03/2015 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SR - | Auto 19/05/2015 99128 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Auto 03/06/2015 125056 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 10/04/2015 278600 | (insvc_1.10.0.14) . (.Infonaut.) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut
SR - | Auto 09/12/2011 607456 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 16/12/2011 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 24/02/2011 212944 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
SR - | Auto 04/06/2015 206336 | (jodekezu) . (...) - C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71\jnsy200D.tmp
SR - | Auto 04/06/2015 169984 | (johopycu) . (...) - C:\Users\Famille\AppData\Roaming\23301CF4-1433406205-5879-D9E5-F4C35B05DB71\nsyF11B.tmpfs
SR - | Auto 16/12/2011 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 22/09/2014 703984 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 12/08/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 16/12/2011 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2011 82544 | (VIPAppService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/06/2015 695976 | (WindowsMangerProtect) . (.DTools LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 10
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 16

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] =>PUP.LuckyTab^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\insvc_1.10.0.14] =>PUP.Infonaut^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Fragile Fixer] =>PUP.FragileFixer^
[HKLM\SYSTEM\CurrentControlSet\Services\Util ClearThink] =>PUP.ClearThink^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Fragile Fixer] =>PUP.FragileFixer^
[HKLM\SYSTEM\CurrentControlSet\Services\wbsvc) (wbsvc] =>PUP.WebBar^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb] =>PUP.SmartWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1] =>PUP.WebBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall] =>PUP.StartSearch^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:GoogleChromeAutoLaunch_FBDEB55C4A6819E9DC3FA5FA9B6D0778 =>PUP.CrossBrowser^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_92 =>Adware.FreeSoftToday^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upgmsd_fr_610.exe =>PUP.CrossRider^
C:\Users\Famille\AppData\Roaming\Mozilla\Firefox\Profiles\dejldft5.default\extensions\sweetsearch@gmail.com =>PUP.SearchEngine^
C:\Program Files (x86)\gmsd_fr_610 =>PUP.CrossRider^
C:\Program Files (x86)\Infonaut_1.10.0.14 =>PUP.Infonaut^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Famille\AppData\Roaming\mystartsearch =>PUP.StartSearch^
C:\Users\Famille\AppData\Local\gmsd_fr_610 =>PUP.CrossRider^
C:\Users\Famille\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Users\Famille\AppData\Local\WebBar =>PUP.WebBar^
C:\Users\Famille\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb^
C:\Users\Famille\AppData\Local\SmartWeb\SmartWebApp.exe =>PUP.SmartWeb^
C:\Users\Famille\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_610\gmsd_fr_610.exe =>PUP.CrossRider^
C:\Program Files (x86)\MiuiTab\cmdshell.exe =>PUP.SearchProtect^
C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut^
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu^
C:\Users\Famille\AppData\Roaming\Mozilla\Firefox\Profiles\dejldft5.default\Extensions\sweetsearch@gmail.com =>PUP.SweetSearch^
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect^
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect^
C:\Program Files\WebBar\wbsvc.exe =>PUP.WebBar^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKLM\Software\WebBar] =>PUP.WebBar^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
~ Additionnel Scan: 319238 Items scanned in 00mn 37s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SearchEngine
http://www.nicolascoolman.fr/blog/ =>PUP.SweetSearch
http://www.nicolascoolman.fr/blog/ =>PUP.LuckyTab
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.fr/pup-yourfiledownloader =>PUP.YourFileDownloader
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.FragileFixer
http://www.nicolascoolman.fr/blog/ =>PUP.ClearThink
http://www.nicolascoolman.fr/blog/ =>PUP.WebBar
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
~ MSI: 27 link(s) detected in 00mn 00s



~ 999 Legitimates filtered by white list
End of the scan (660 lines in 01mn 41s)(0.11)

Publicité


Signaler le contenu de ce document

Publicité