~ Rapport de ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014) ~ Lancé par Freespirit (28/02/2014 20:58:45) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16466 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : 3PBQ6 Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.2.286 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.05 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader XI ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4047 MB (76% free) System Restore: Activé (Enable) System drive C: has 39 GB (19%) free of 195 GB ---\\ Mode de connexion au système ~ Computer Name: FREEAMELOVE ~ User Name: Freespirit ~ All Users Names: Freespirit, Administrateur, 2EEF92371CB040079C26, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Freespirit\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Freespirit\AppData\Roaming\ ~ %Desktop% : C:\Users\Freespirit\Desktop\ ~ %Favorites% : C:\Users\Freespirit\Favorites\ ~ %LocalAppData% : C:\Users\Freespirit\AppData\Local\ ~ %StartMenu% : C:\Users\Freespirit\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 39 Go of 195 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 74 Go of 265 Go) F: Hard drive, Flash drive, Thumb drive (Free 232 Go of 459 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 48 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.AAEF73606F58ADE710208F4B1B988FBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/11/2012 - 05:22:19.) -- C:\Windows\System32\wininet.dll [2246656] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.877D60D6E4156EC4A2E0B6871D41BED9] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/11/2012 - 04:52:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [366080] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.4A7EEA9C4AD5CBFDA3C0E5B821C99CAD] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.26/07/2012 - 06:26:46.) -- C:\Windows\system32\Drivers\ntfs.sys [1934064] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/111 ~ Mes Favoris (My Favorites) : 1/9 ~ Mes Documents (My Documents) : 1/577 ~ Mon Bureau (My Desktop) : 1/32 ~ Menu demarrer (Programs) : 1/42 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.1664] [MD5.518A2832214BAEB0B0FEF3FBF39DC5E9] - (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe [2124800] [PID.4084] [MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4492] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Freespirit\AppData\Roaming\Mozilla\Firefox\Profiles\6e9qhrjr.default\prefs.js P2 - FPN: [HKCU] [intel.com/AppUp] - (...) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (.not file.) P2 - FPN: [HKCU] [intel.com/AppUpx64] - (...) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (.not file.) ~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer64.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Dreamfall - The Longest Journey.lnk . (.Funcom Oslo A/S - Dreamfall game.) -- C:\Program Files (x86)\GOG.com\Dreamfall\dreamfall.exe O4 - GS\Desktop [Public]: Guitar Rig 5.lnk . (...) -- C:\Program Files (x86)\Native Instruments\Guitar Rig 5\Guitar Rig 5.exe (.not file.) O4 - GS\Desktop [Public]: Kontakt 5.lnk . (...) -- C:\Program Files (x86)\vst plugin\kontact\kontakt\Kontakt 5\Kontakt 5.exe (.not file.) O4 - GS\Desktop [Public]: Nuendo 4.lnk . (.Steinberg Media Technologies - Nuendo.) -- C:\Program Files (x86)\Steinberg\Nuendo 4\Nuendo4.exe O4 - GS\Desktop [Public]: Reason.lnk . (.Propellerhead Software AB - Reason program file.) -- C:\Program Files (x86)\Propellerhead\r5\Reason\Reason.exe O4 - GS\Desktop [Public]: WaveLab 6.lnk . (...) -- C:\Program Files (x86)\Steinberg\WaveLab 6\WaveLab.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe O4 - GS\QuickLaunch [Freespirit]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Freespirit]: Nightly.lnk . (.Mozilla Corporation - Nightly.) -- C:\Program Files\core\firefox.exe O4 - GS\Program [Freespirit]: Ableton Live 9 Suite.lnk . (.Ableton - Pas de description.) -- C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe O4 - GS\Program [Freespirit]: Corbeille.lnk - Clé orpheline O4 - GS\Program [Freespirit]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Freespirit]: Ableton Live 9 Suite 32.lnk . (.Ableton - Pas de description.) -- C:\ProgramData\Ableton\Live 9 Suite\Program\32\Program\Ableton Live 9 Suite.exe O4 - GS\Desktop [Freespirit]: Ableton Live 9.lnk . (.Ableton - Pas de description.) -- C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe O4 - GS\Desktop [Freespirit]: Addictive Keys.lnk . (...) -- C:\Program Files (x86)\XLN Audio\Addictive Keys\Addictive Keys.exe O4 - GS\Desktop [Freespirit]: Auslogics DiskDefrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe O4 - GS\Desktop [Freespirit]: BurnoutParadise.lnk . (.Electronic Arts - Burnout(TM) Paradise Application.) -- C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe O4 - GS\Desktop [Freespirit]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Freespirit]: KMPlayer.lnk . (.Pandora.TV - The KMPlayer.) -- C:\Program Files (x86)\The KMPlayer\KMPlayer.exe O4 - GS\Desktop [Freespirit]: Livres.lnk . (...) -- E:\videos, livres, musics\Livres O4 - GS\Desktop [Freespirit]: Naviextras Toolbox.lnk . (.NNG Kft. - Pas de description.) -- C:\Program Files (x86)\Naviextras\Toolbox\toolbox.exe O4 - GS\Desktop [Freespirit]: PC Health Monitor.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TPHM\TPCHViewer.exe (.not file.) O4 - GS\Desktop [Freespirit]: Reason.lnk . (.Propellerhead Software AB - Reason program file.) -- C:\Program Files (x86)\Propellerhead\Reason\Reason.exe O4 - GS\Desktop [Freespirit]: SRS Premium Sound HD.lnk . (...) -- C:\Program Files (x86)\SRS Labs\SRS Control Panel\SRSPanel_64.exe (.not file.) O4 - GS\Desktop [Freespirit]: Studio One 2.lnk . (.PreSonus - Studio One.) -- C:\Program Files\PreSonus\Studio One 2\Studio One.exe O4 - GS\Desktop [Freespirit]: TimeAdjuster.lnk . (...) -- C:\Program Files (x86)\TimeAdjuster\time_adjuster.exe O4 - GS\Desktop [Freespirit]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) -- E:\Freespirit\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe O4 - GS\Desktop [Freespirit]: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - GS\Desktop [Freespirit]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Freespirit\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 52 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe (.not file.) O4 - HKLM\..\Run: [TODDMain] . (.Pas de propriétaire - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.) O4 - HKLM\..\Run: [SRS Premium Sound HD] . (.SRS Labs, Inc. - SRS Control Panel.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Freespirit\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [HP ENVY 4500 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [TPUReg] . (.Pegatron Corporation - TOSHIBA Password Utility.) -- C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKUS\S-1-5-21-2968554027-131355321-3335405178-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Freespirit\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-2968554027-131355321-3335405178-1001\..\Run: [HP ENVY 4500 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: HP Smart Print [64Bits] - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrint.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{DA93FDB2-D82D-4E46-8EC8-CE4C8B9694DF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{04973476-B763-4EDB-9541-5AE37459B073}: DhcpDomain = ANCG02.com O17 - HKLM\System\CS1\Services\Tcpip\..\{DA93FDB2-D82D-4E46-8EC8-CE4C8B9694DF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{04973476-B763-4EDB-9541-5AE37459B073}: DhcpDomain = ANCG02.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk /m /P \Device\HarddiskVolume21) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: ASC2KML - (.WMLogistic.) [HKCU][64Bits] -- e9ce54fdfca6b912 O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Duuqu O42 - Logiciel: QL Voices of Passion - (.EastWest Sounds, Inc..) [HKLM][64Bits] -- {3AA35C1A-A4D5-43A2-A3C0-6632A4AF9557} ~ Logic: 27 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\FIR] [HKCU\Software\OB] [HKCU\Software\TPUKey] [HKCU\Software\XinYi Network] [HKLM\Software\Wow6432Node\Avalon Multimedia] [HKLM\Software\Wow6432Node\EastWest] [HKLM\Software\Wow6432Node\ND] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\ValueApps] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\XinYi Network] ~ Key Software: 337 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 16/10/2013 - 15:22:26 - [12,482] ----D C:\Program Files (x86)\EastWest O43 - CFD: 27/12/2013 - 02:44:07 - [0] ----D C:\Program Files (x86)\ShoppingChip =>Adware.ShoppingChip O43 - CFD: 14/01/2014 - 02:06:36 - [0,002] ----D C:\Program Files (x86)\Vir2 Instruments O43 - CFD: 23/02/2014 - 21:44:09 - [1538,908] ----D C:\Program Files (x86)\vst plugin O43 - CFD: 16/09/2013 - 20:27:24 - [4,223] ----D C:\Program Files (x86)\XLN Audio O43 - CFD: 23/02/2014 - 14:39:55 - [0] ----D C:\ProgramData\boost_interprocess O43 - CFD: 27/12/2013 - 02:44:07 - [0,018] ----D C:\ProgramData\f158e2f3a85a033a O43 - CFD: 30/01/2014 - 12:02:25 - [0,021] ----D C:\ProgramData\Intrasense O43 - CFD: 31/01/2014 - 18:58:00 - [0] ----D C:\ProgramData\PaceAP O43 - CFD: 27/12/2013 - 02:54:14 - [0] ----D C:\ProgramData\ShoppingChip =>Adware.ShoppingChip O43 - CFD: 16/09/2013 - 20:27:25 - [-553,951] ----D C:\ProgramData\XLN Audio O43 - CFD: 28/10/2013 - 01:40:14 - [0] --H-D C:\ProgramData\{2149AC3A-6876-48A5-8ACC-4DDA07B383D2} O43 - CFD: 19/02/2014 - 22:31:30 - [17,717] --H-D C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B} O43 - CFD: 11/10/2013 - 14:45:12 - [16,825] --H-D C:\ProgramData\{A6377726-7317-464A-87EB-693294E9F383} O43 - CFD: 22/10/2013 - 01:02:59 - [19,603] --H-D C:\ProgramData\{ACEB5C90-39F7-4044-91EF-FBD59A59D240} O43 - CFD: 13/10/2013 - 17:10:40 - [0] --H-D C:\ProgramData\{DBEFA5F7-5DDC-4898-B7C5-5032500685F4} O43 - CFD: 14/10/2013 - 18:51:13 - [0] --H-D C:\ProgramData\{E111793D-8CAA-4F62-B336-2EE50FB3D48E} O43 - CFD: 13/10/2013 - 23:34:13 - [0] ----D C:\ProgramData\{E8674DB2-4487-4238-A191-4DD8B190B0BC} O43 - CFD: 14/10/2013 - 01:00:57 - [16,874] --H-D C:\ProgramData\{F036CC43-6BE8-4CBD-91C3-76F4BC8FFD6F} O43 - CFD: 17/09/2013 - 00:12:29 - [0,036] ----D C:\Users\Freespirit\AppData\Roaming\Addictive Keys O43 - CFD: 08/12/2013 - 01:24:18 - [0,559] ----D C:\Users\Freespirit\AppData\Roaming\mgyun O43 - CFD: 23/10/2013 - 21:48:29 - [0,838] ----D C:\Users\Freespirit\AppData\Local\piratrax O43 - CFD: 16/09/2013 - 20:57:57 - [0] ----D C:\Users\Freespirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syntheway O43 - CFD: 29/10/2013 - 02:38:38 - [0] ----D C:\Users\Freespirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMLogistic O43 - CFD: 17/09/2013 - 21:58:58 - [0,002] ----D C:\Users\Freespirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio ~ Program Folder: 221 Legitimates Filtered in 00mn 17s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.E46C7CFD954273FB97B149BBE8A3139A] - 28/02/2014 - 18:41:32 R--A- . (...) -- C:\Pre_Scan_28_02_2014_18_41_32.txt [24108] O44 - LFC:[MD5.9B0006AC4D0E9DA1BB1D89A81D3FD09C] - 28/02/2014 - 18:54:05 R--A- . (...) -- C:\Pre_Scan_28_02_2014_18_54_05.txt [16794] ~ Files: 11 Legitimates Filtered in 00mn 44s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.5FB5693D924102CF283E1E2388913BC0] - 22/02/2014 - 00:00:27 ---A- - C:\Windows\Prefetch\RCPSETUP_BINSTALL22_BINSTALL2-BF5ABCCC.pf O45 - LFCP:[MD5.5AD1871C2385BF28497CA6A8D497F193] - 23/02/2014 - 12:25:38 ---A- - C:\Windows\Prefetch\CUBASE_LE_AI_ELEMENTS_7.0.7_U-3BA76447.pf O45 - LFCP:[MD5.A3552AFB765578C3DE0D2DA5CFF1B28D] - 27/02/2014 - 11:41:41 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.06FBB7B75CC6C236F9A889EC350B9E1C] - 27/02/2014 - 22:42:49 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-41BF3090.pf O45 - LFCP:[MD5.C171435E4D9AF86A53454CC651ACED82] - 28/02/2014 - 14:13:37 ---A- - C:\Windows\Prefetch\WINDOWS7-USB-DVD-DOWNLOAD-TOO-F57D2C01.pf ~ Prefetcher: 87 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.D6AB7C13FCDD2E4CAC35244D2C172D9A] - 14/10/2013 - 19:50:57 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824] O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:[MD5.16E745743BABAF480B7718442F38B076] - 31/07/2012 - 20:28:54 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [28632] O58 - SDL:[MD5.6DAD398D60B9F6BAF0D3C53184C3CA4D] - 01/07/2013 - 09:25:12 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19032] O58 - SDL:[MD5.FE194DD23B549C1C397EB1102EC84EDC] - 01/07/2013 - 09:25:10 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12384] O58 - SDL:[MD5.992BE8C20CA4FA92EB08104E798647F9] - 13/09/2013 - 14:52:24 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MoborobAssDriver64.sys [12072] O58 - SDL:[MD5.BCD11E954B84BA4F1AC8C3D58A74F6AE] - 23/02/2014 - 13:56:47 ---A- . (...) -- C:\Windows\SysWOW64\audcon.sys [2892] ~ Drivers: 17 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\Extensions\Extensions.settings [142] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\Sampler.settings [351] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\Studio One.settings [10874] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\WindowState.settings [1162] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\WindowsMidi.settings [262] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\rewireservice.settings [139] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\studioeffects.settings [139] O61 - LFC: 27/02/2014 - 21:00:08 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\x86\AudioEngine.settings [510] O61 - LFC: 27/02/2014 - 21:00:09 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\x86\Plugins-en.settings [68659] O61 - LFC: 27/02/2014 - 21:00:09 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\x86\Services.settings [3000] O61 - LFC: 27/02/2014 - 21:00:09 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\PreSonus\Studio One 2\x86\Vstplugins.settings [7020] O61 - LFC: 27/02/2014 - 21:00:20 ---A- . (...) -- C:\Users\Freespirit\Documents\a.oxps [610199] O61 - LFC: 28/02/2014 - 21:00:20 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\ZHP\Log.txt [35511] =>.Nicolas Coolman O61 - LFC: 28/02/2014 - 21:00:20 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\ZHP\TestsZHPDiag.txt [2955] =>.Nicolas Coolman O61 - LFC: 28/02/2014 - 21:00:20 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 28/02/2014 - 21:00:20 ---A- . (...) -- C:\Users\Freespirit\AppData\Roaming\ZHP\ZHPDiag.txt [41200] =>.Nicolas Coolman O61 - LFC: 28/02/2014 - 21:00:20 ---A- . (...) -- C:\Users\Freespirit\defogger_reenable [188] ~ Files: 61 Legitimates Filtered in 00mn 15s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Users\Freespirit\AppData\Roaming\uTorrent\Propellerhead Reason 6.0.1 KeyGen.rar.torrent =>P2P.µTorrent C:\Users\Freespirit\AppData\Roaming\uTorrent\Propellerhead Reason 6.0.1 KeyGen.rar.torrent =>P2P.µTorrent E:\a trier\gps\Nouveau dossier (2)\Easy Map Activation Tools\Progs\keygen6.exe E:\a trier\gps\Nouveau dossier (2)\Easy Map Activation Tools\Progs\tt7_keygen.exe E:\a trier\gps\Nouveau dossier (2)\Easy Map Activation Tools\Progs\tt8_keygen.exe E:\a trier\rec usb\logs music etc\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\Wavpack4Wlab6 Setup.msi E:\a trier\rec usb\logs music etc\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Setup.exe E:\a trier\rec usb\logs music etc\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\wl6emu.exe E:\a trier\rec usb\logs music etc\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Setup.exe ~ Files: Scanned in 00mn 44s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.2558D89DA53630ABFFC78604E6DC79E6] [SPRF][28/02/2014] (.Pas de propriétaire - Pre_Scan.) -- C:\Users\Freespirit\Desktop\Pre_Scan.exe [2918400] [MD5.B5C3EE680C4C84BE91E1AAAF3C76761D] [SPRF][15/09/2013] (.SpeedyFox - SpeedyFox program.) -- C:\Users\Freespirit\Desktop\speedyfox_2-0-4_fr_308620.exe [607704] ~ Files: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{4FCF44E3-9694-4112-AF7D-3953ADEDC477}G:\fir.exe" |In - Public - P6 - TRUE | .(...) -- G:\fir.exe (.not file.) O87 - FAEL: "UDP Query User{876F88BF-1B56-4268-BC5E-76678AC4A840}G:\fir.exe" |In - Public - P17 - TRUE | .(...) -- G:\fir.exe (.not file.) ~ Firewall: 238 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "A2AD0FEF16B8B6B43A2D05E8FDB73667" . (.BOM eLicenser.) -- C:\windows\Installer\{FEF0DA2A-8B61-4B6B-A3D2-508EDF7B6376}\Bom_Icon_2.exe ~ Update Products: 91 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.F4D25E12E542E89E58E7D029D6DCB1E5] [WIS][03/06/2007] (.EastWest - Voices of Passion Installer.) -- C:\Windows\Installer\7bd35a4.msi [41257984] [MD5.C13388A1D0EB8A495C7014805AE236EF] [WIS][27/12/2013] (.Duuqu Group - Duuqu Update Helper.) -- C:\Windows\Installer\de072.msi [45056] =>PUP.Duuqu ~ WIS: 97 Legitimates Filtered in 00mn 26s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 19/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 27/07/2012 53384 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation SS - | Demand 20/09/2012 29696 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 28/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 29/06/2013 68608 | (ClassicShellService) . (.IvoSoft.) - C:\Program Files\Classic Shell\ClassicShellService.exe SR - | Auto 06/07/2011 2304912 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe SR - | Auto 13/10/2011 156672 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 21/10/2010 2646528 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe SR - | Auto 05/12/2012 201872 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe SR - | Auto 25/08/2012 291240 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation SR - | Demand 28/07/2012 458152 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ~ Services: Scanned in 00mn 28s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Freespirit at 28/02/2014 21:02:24 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Freespirit at 28/02/2014 21:02:26 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Liste des émulateurs de CD/DVD (MBR Hook) O58 - SDL:[MD5.D6AB7C13FCDD2E4CAC35244D2C172D9A] - 14/10/2013 - 19:50:57 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824] ~ Emulateurs: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13031 - (23/02/2014) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>PUP.Duuqu^ [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^ C:\Program Files (x86)\ShoppingChip =>Adware.ShoppingChip^ C:\ProgramData\ShoppingChip =>Adware.ShoppingChip^ [HKLM\Software\Wow6432Node\ValueApps] =>Toolbar.Conduit^ C:\Windows\Installer\de072.msi =>PUP.Duuqu^ ~ Additionnel Scan: 617395 Items scanned in 00mn 14s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/35808715-adware-shoppingchip =>Adware.ShoppingChip ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ MSI: 5 link(s) detected in 00mn 15s ~ 1215 Legitimates filtered by white list End of the scan (505 lines in 03mn 56s)(9)