~ Rapport de ZHPDiag v2014.9.30.139 - Nicolas Coolman (28/09/2014) ~ Lancé par Black Dr House (02/10/2014 10:17:24) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.17088 MFIE: Mozilla Firefox 29.0.1 (Defaut) GCIE: Google Chrome v37.0.2062.124 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8 Pro N, 32-bit (Build 9200) Windows Server License Manager Script : OK ---\\ Logiciels de protection du système Kaspersky Anti-Virus 2013 v13.0.1.4190 Windows Defender W8 (Deactivate) ---\\ Logiciels d'optimisation du système CCleaner v4.04 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 15 Plugin Adobe Reader 7.0.8 - Français Java 7 Update 55 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1011 MB (34% free) System Restore: Activé (Enable) System drive C: has 17 GB (17%) free of 97 GB ---\\ Mode de connexion au système ~ Computer Name: SHIKAMARU ~ User Name: Black Dr House ~ All Users Names: HomeGroupUser$, Black Dr House, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Black Dr House\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Black Dr House\AppData\Roaming\ ~ %Desktop% : C:\Users\Black Dr House\Desktop\ ~ %Favorites% : C:\Users\Black Dr House\Favorites\ ~ %LocalAppData% : C:\Users\Black Dr House\AppData\Local\ ~ %StartMenu% : C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 97 Go) D: Hard drive, Flash drive, Thumb drive (Free 20 Go of 135 Go) G: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 10:24:46.) -- C:\Windows\Explorer.exe [2106176] [MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 03:21:01.) -- C:\Windows\System32\Wininit.exe [101376] [MD5.7D9284D509F8D17EEADE8A486BB3FC19] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/08/2014 - 07:37:20.) -- C:\Windows\System32\wininet.dll [1766400] [MD5.89D6AFD5B257049375008BAA512910EE] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 07:24:27.) -- C:\Windows\System32\Winlogon.exe [429056] [MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 03:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784] [MD5.B92C9A8C3CAE22129CC5B4A920B00608] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 22:22:46.) -- C:\Windows\system32\Drivers\AFD.sys [439296] [MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 03:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768] [MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 02:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088] [MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 02:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680] [MD5.E608E26B536A42B5ACC145D25CB9F2AC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 23:42:26.) -- C:\Windows\system32\Drivers\DfsC.sys [92160] [MD5.6BFEBBA25AD34E5922E60349C721B1DD] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 22:51:26.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464] [MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 02:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600] [MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 02:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976] [MD5.A4E929694C33BF82E22F2F85E9B1A9A8] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.26/02/2014 - 23:19:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128] [MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 02:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464] [MD5.6C816842AC5E2B0E033ED0BD1058E077] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 01:09:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1618264] [MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 02:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624] [MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 02:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064] [MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 02:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160] [MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 04:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792] [MD5.C9C8573006D7A8391AFE35D99036B6A0] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 09:41:30.) -- C:\Windows\system32\Drivers\volsnap.sys [281344] ~ Generic Processes: Scanned in 00mn 07s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/349 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/4 ~ Mes Documents (My Documents) : 3/832 ~ Mon Bureau (My Desktop) : 2/18 ~ Menu demarrer (Programs) : 1/37 ~ Hidden Files: Scanned in 00mn 07s ---\\ Processus lancés [MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [53760] [PID.4604] [MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.432] [MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.820] [MD5.2C637A38354C2395DBBAE2F592D9F922] - (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe [1240664] [PID.3008] =>P2P.BitTorrent [MD5.D62000CD97ABBECD67A7CEB2520BCFEC] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3565432] [PID.3664] [MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128] [PID.1700] [MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.4788] [MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [268248] [PID.1828] [MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\Windows\system32\wwahost.exe [333824] [PID.4540] [MD5.674E33892FCFC25DF29954D017325C8C] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe [138672] [PID.5036] [MD5.458D5355FA85F8BBC2B0FC814E7B9610] - (.AIMP DevTeam - AIMP3.) -- C:\Program Files\AIMP2\AIMP3.exe [1651144] [PID.5888] [MD5.8D7E5DFCF38847001D05003B8DFE9F44] - (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe [2655744] [PID.6268] =>Adware.AddLyrics [MD5.09252818AC12B2D32D6B4403C13BCF75] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8109568] [PID.8000] ~ Processes Running: Scanned in 00mn 07s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Black Dr House\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 20 Legitimates Filtered in 00mn 12s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) M0 - MFSP: prefs.js [Black Dr House - wpexg04t.default] http://www.qwant.com M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\anttoolbar@ant.com] [] Ant Video Downloader v2.4.7.26 (..) M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\mozilla_cc@internetdownloadmanager.com] [] IDM CC v7.3.87 (..) M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] [] Flash and Video Download v1.62 (..) M2 - MFEP: Extension [Black Dr House - wpexg04t.default] {73a6fe31-595d-460b-a920-fcc0f8843232} M2 - MFEP: Extension [Black Dr House - wpexg04t.default] {d9284e50-81fc-11da-a72b-0800200c9a66} ~ Firefox Browser: 17 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.8:5128 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: MiniLyrics.lnk . (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics O4 - GS\QuickLaunch [Black Dr House]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\QuickLaunch [Black Dr House]: MiniLyrics.lnk . (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics O4 - GS\Desktop [Black Dr House]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent ~ Global Startup: 4 Legitimates Filtered in 00mn 14s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.BlackBerry Limited - Launch Agent Service.) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [RIM PeerManager] . (.Research In Motion Limited - BlackBerry Link Peer Manager.) -- C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Black Dr House\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [iCall] . (...) -- C:\Program Files\iCall\iCall.exe O4 - HKCU\..\Run: [Connectify] . (.Connectify - Connectify.) -- C:\Program Files\Connectify\Connectify.exe O4 - HKCU\..\Run: [BlackBerryLink.exe] . (.Research In Motion - BlackBerry Link.) -- C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Black Dr House\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [iCall] . (...) -- C:\Program Files\iCall\iCall.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [Connectify] . (.Connectify - Connectify.) -- C:\Program Files\Connectify\Connectify.exe O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [BlackBerryLink.exe] . (.Research In Motion - BlackBerry Link.) -- C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{07ED0056-882C-4738-AC5B-476709AD9D35}: DhcpNameServer = 213.136.96.157 213.136.96.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{7D7B7226-F140-483C-93C1-58924E9179D8}: DhcpNameServer = 192.168.1.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{9E48220F-B071-4439-BF08-8371FA29D20B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B28EE18B-3581-4EE9-8942-5AA5D0F4A5BE}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFCB986E-B9E6-463B-8C6D-AC479B536AC0}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{07ED0056-882C-4738-AC5B-476709AD9D35}: DhcpNameServer = 213.136.96.157 213.136.96.37 O17 - HKLM\System\CS1\Services\Tcpip\..\{7D7B7226-F140-483C-93C1-58924E9179D8}: DhcpNameServer = 192.168.1.111 O17 - HKLM\System\CS1\Services\Tcpip\..\{9E48220F-B071-4439-BF08-8371FA29D20B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{B28EE18B-3581-4EE9-8942-5AA5D0F4A5BE}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{CFCB986E-B9E6-463B-8C6D-AC479B536AC0}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.111 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe ~ Services: 10 Legitimates Filtered in 00mn 43s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{0080C979-9C1C-4555-B1A4-AD03FF6C519F}] (...) -- C:\Program Files\AutoWebCam\AutoWebCam.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{93346090-6BAA-41F9-89CC-9D784B4060A5}] (...) -- D:\Softs\SAGE100W1501\SAGE100W1501\ACCUEIL.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.AutoKMS O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2848144295-4134200061-2399204276-1001Core [952] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2848144295-4134200061-2399204276-1001UA [974] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1088] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1092] ~ Scheduled Task: 15 Legitimates Filtered in 00mn 35s ---\\ Logiciels installés (O42) O42 - Logiciel: Learn to Speak English Deluxe 10 - (.eLanguage.) [HKLM] -- {F9D3C89A-76BE-4BC9-8F43-5707BE38AF3E} O42 - Logiciel: Stegano 1.3 - (...) [HKLM] -- Stegano O42 - Logiciel: iCall - (.iCall, Inc.) [HKLM] -- iCall 7.1.524 ~ Logic: 16 Legitimates Filtered in 00mn 04s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\WandouLabs] [HKCU\Software\eLanguage] [HKCU\Software\icall] [HKLM\Software\Conduit] =>Toolbar.Conduit [HKLM\Software\eLanguage] [HKLM\Software\iCall, Inc] ~ Key Software: 224 Legitimates Filtered in 00mn 04s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/08/2013 - 22:01:20 - [] ----D C:\Program Files\eLanguage O43 - CFD: 20/08/2013 - 08:46:59 - [] ----D C:\Program Files\iCall O43 - CFD: 16/07/2013 - 21:36:07 - [] ----D C:\Program Files\Revo O43 - CFD: 24/08/2013 - 10:50:16 - [] ----D C:\Program Files\Stegano O43 - CFD: 26/08/2013 - 22:02:37 - [] ----D C:\ProgramData\eLanguage O43 - CFD: 26/08/2013 - 22:16:24 - [] ----D C:\Users\Black Dr House\AppData\Roaming\eLanguage O43 - CFD: 19/08/2013 - 20:51:27 - [] ----D C:\Users\Black Dr House\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 06/05/2014 - 22:38:55 - [] ----D C:\Users\Black Dr House\AppData\Roaming\WandoujiaUsbDriver O43 - CFD: 19/08/2013 - 20:50:30 - [] ----D C:\Users\Black Dr House\AppData\Local\icall O43 - CFD: 06/05/2014 - 23:48:21 - [0] ----D C:\Users\Black Dr House\AppData\Local\Wandoujia2 O43 - CFD: 11/02/2014 - 12:41:17 - [] ----D C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup O43 - CFD: 24/08/2013 - 10:50:15 - [0] ----D C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stegano ~ Program Folder: 164 Legitimates Filtered in 00mn 03s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6FCAA36622C30B069EE63A0DA0AEC548] - 17/09/2014 - 21:11:44 ---A- . (...) -- C:\[www.Cpasbien.pe] The.Expendables.3.2014.FANSUB.VOSTFR.DVDSCR.XViD-ATN.avi [1469575168] ~ Files: 69 Legitimates Filtered in 05mn 14s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 04s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{14aae776-c719-11e3-a390-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.) O51 - MPSK:{22c7f627-ee12-11e2-a2c2-e89a8fdbd6f4}\AutoRun\command. (...) -- G:\index.html (.not file.) O51 - MPSK:{ba4aad03-2147-11e4-a3a1-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{c74a965c-5213-11e3-a346-74de2b38f976}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.) O51 - MPSK:{e384bf1a-d55d-11e3-a394-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\start.exe (.not file.) O51 - MPSK:{f636fd7c-0ca2-11e3-a2db-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.) O51 - MPSK:{f636fdac-0ca2-11e3-a2db-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.) ~ Keys: Scanned in 00mn 07s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:06/11/2013 - 14:13:08 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [27248] O58 - SDL:16/07/2013 - 21:48:54 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240] O58 - SDL:22/04/2014 - 00:07:23 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856] O58 - SDL:22/11/2012 - 00:43:14 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [100216] O58 - SDL:22/04/2014 - 00:07:27 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696] O58 - SDL:16/07/2013 - 23:25:10 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [138904] O58 - SDL:02/12/2013 - 12:34:48 ---A- . (.BlackBerry Limited - BlackBerry Device Driver.) -- C:\Windows\System32\Drivers\RimUsb.sys [68096] O58 - SDL:20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248] O58 - SDL:20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680] O58 - SDL:20/08/2013 - 07:02:16 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [182680] O58 - SDL:26/07/2012 - 03:42:15 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26352] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33968] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34688] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35552] O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34688] ~ Drivers: 89 Legitimates Filtered in 00mn 32s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.FD1EBD08B2D2EC34C1F528F59F3208D4] [SPRF][03/09/2013] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.475048300F9919381C60A3701430CFD7] [SPRF][16/07/2013] (...) -- C:\Users\Black Dr House\AppData\Roaming\PnkBstrK.sys [138904] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{BC7C9842-52FF-4B84-92BE-AC7CE7A690B8}C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{A92214CC-D7C9-446A-ADFA-6FEFA827B813}C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Legitimates Filtered in 00mn 11s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 10/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 02/05/2012 65536 | (Connectify) . (...) - C:\Program Files\Connectify\ConnectifyService.exe SS - | Auto 23/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 23/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe SR - | Demand 21/01/2014 585728 | (BlackBerry Device Manager) . (.BlackBerry Limited.) - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe SR - | Auto 02/02/2012 342984 | (InternetEverywhere_Service) . (...) - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe SR - | Auto 04/09/2012 233864 | (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe SR - | Auto 16/07/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 16/07/2013 189248 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe SR - | Auto 22/01/2014 389632 | (RIM MDNS) . (.Apple Inc..) - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe SR - | Auto 22/01/2014 1309696 | (RIM Tunnel Service) . (.Research In Motion Limited.) - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe SR - | Demand 28/03/2014 14480 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe ~ Services: Scanned in 01mn 58s ---\\ Scan Additionnel (O88) Database Version : 13026 - (28/09/2014) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 5 [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^ C:\Users\Black Dr House\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^ C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics^ C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Conduit] =>Toolbar.Conduit^ ~ Additionnel Scan: 314131 Items scanned in 09mn 12s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask ~ MSI: 6 link(s) detected in 00mn 00s ~ 659 Legitimates filtered by white list End of the scan (461 lines in 31mn 52s)(0)