~ Rapport de ZHPDiag v2014.9.18.135 - Nicolas Coolman (18/09/2014) ~ Lancé par ACER (20/09/2014 11:52:33) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.17089 (Defaut) MFIE: Mozilla Firefox 31.0 GCIE: Google Chrome v37.0.2062.120 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Kaspersky PURE 3.0 v13.0.2.558 Malwarebytes Anti-Malware version 2.0.2.1012 Windows Defender W7 (Activate) ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 15 Plugin Adobe Reader XI ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3956 MB (57% free) System Restore: Activé (Enable) System drive C: has 146 GB (51%) free of 286 GB ---\\ Mode de connexion au système ~ Computer Name: ACER-PC ~ User Name: ACER ~ All Users Names: HomeGroupUser$, Administrateur, ACER, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\ACER\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\ACER\AppData\Roaming\ ~ %Desktop% : C:\Users\ACER\Desktop\ ~ %Favorites% : C:\Users\ACER\Favorites\ ~ %LocalAppData% : C:\Users\ACER\AppData\Local\ ~ %StartMenu% : C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 146 Go of 286 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.EC5D850ED17252AD109CCFC8F700247C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/08/2014 - 05:00:04.) -- C:\Windows\System32\wininet.dll [2239488] [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/6835 ~ Mes musiques (My Musics) : 1/427 ~ Mes Videos (My Videos) : 2/54 ~ Mes Favoris (My Favorites) : 1/155 ~ Mes Documents (My Documents) : 1/167 ~ Mon Bureau (My Desktop) : 2/332 ~ Menu demarrer (Programs) : 1/40 ~ Hidden Files: Scanned in 00mn 10s ---\\ Processus lancés [MD5.9D0D3169E49DA30FC1127014BC8E646F] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349480] [PID.2432] [MD5.42DA6FC848254888958B6B133930FA3C] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208] [PID.2660] [MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.2800] [MD5.DD7DAE4E8F169D1FF4511FC292FF6FF6] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2884] [MD5.03E67031447658969763EC4503883912] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984] [PID.2892] [MD5.DC7E6A090D7F394949F077AE1234465A] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [200488] [PID.2900] [MD5.26F2D8A2F56D7DDB2CBC17EBA36E73BA] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192] [PID.2908] [MD5.C295CAE30793E9B8A96E689CE3B8CFA4] - (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1288784] [PID.2184] [MD5.BED38B0ADFF5F5CC6E988A6491017E83] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792] [PID.2348] [MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1876] [MD5.3DE977CF6CC11F9B1C1C12D59BBA96D0] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [288336] [PID.3132] [MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3300] [MD5.308F2EE28005510DE616409148CF077B] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.3552] [MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3684] [MD5.A346FB12BDBF1E0B68E92E48D81FB061] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8105984] [PID.1128] [MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1716] [MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1800] [MD5.0F9FE82E229C039F0AC1996E44059653] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040] [PID.1092] [MD5.04CDA9CD1074BFD304CAC5DBDBEFC4E2] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [325200] [PID.1268] [MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.2120] [MD5.7485FBCEF9136F530953575E2977859D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2160] [MD5.E556FE51AF531E1B75D6198929D8A4AF] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744] [PID.2248] [MD5.B5071E15D4C3F5EF5018AFF7E85A85E5] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 SchedulerSvc NT Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.2316] [MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.2984] [MD5.48362E5DB5CB2C000C514EE1F3890ACD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.1676] [MD5.686045905787B68D829CE647A6DFAD2B] - (.Research In Motion Limited - BlackBerry Device Manager.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536] [PID.4056] [MD5.765F2DD351BA064F657751D8D75E58C0] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.4620] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Web v.0.2 (Activé) G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Web v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5023, (Désactivé) G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Web v.13.0.2.558 (Désactivé) G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.2.0 (Activé) G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Web v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Web v.0.2 (Activé) G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Web v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [kghamnbhbbnkpeiillkabmpdefbleane] IPCAM v.2.0.1.4 (Désactivé) G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [lpoimibckejjdjcfbdnajaicnklhfplh] Web v.2.3.0.43, (Activé) G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Web v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Web v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Web v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Web v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Web v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Web v.1.2.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Web v.7 (Activé) G2 - GCE: Preference [User Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Web v.13.0.2.558 (Désactivé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 23 Legitimates Filtered in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\ysvmdu9w.default\prefs.js ~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr ~ IE Browser: 27 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: BitComet ClickCapture [64Bits] - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll =>P2P.BitComet ~ BHO: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: BitComet.lnk . (.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files (x86)\BitComet\BitComet.exe =>P2P.BitComet O4 - GS\QuickLaunch [ACER]: BitTorrent.lnk . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\Program [ACER]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://feed.helperbar.com =>PUP.HelperBar ~ Global Startup: 3 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\ACER\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [EPSON SX230 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2657179059-1983806374-3649987409-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\ACER\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2657179059-1983806374-3649987409-1000\..\Run: [EPSON SX230 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-2657179059-1983806374-3649987409-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{05F5C9FB-F1EF-4EC2-854E-F89080E690A9}: DhcpNameServer = 85.95.208.3 213.166.201.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{A86B3159-9013-4CE6-8719-2C6C3A5E8427}: DhcpNameServer = 85.95.208.3 213.166.201.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA3753C3-620A-41E4-A713-F8A170BED1E5}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{05F5C9FB-F1EF-4EC2-854E-F89080E690A9}: DhcpNameServer = 85.95.208.3 213.166.201.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{A86B3159-9013-4CE6-8719-2C6C3A5E8427}: DhcpNameServer = 85.95.208.3 213.166.201.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{DA3753C3-620A-41E4-A713-F8A170BED1E5}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{05F5C9FB-F1EF-4EC2-854E-F89080E690A9}: DhcpNameServer = 85.95.208.3 213.166.201.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{A86B3159-9013-4CE6-8719-2C6C3A5E8427}: DhcpNameServer = 85.95.208.3 213.166.201.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{DA3753C3-620A-41E4-A713-F8A170BED1E5}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.95.208.3 213.166.201.3 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2657179059-1983806374-3649987409-1000Core [902] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2657179059-1983806374-3649987409-1000UA [924] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s ---\\ Logiciels installés (O42) O42 - Logiciel: BitComet 1.35 - (.CometNetwork.) [HKLM][64Bits] -- BitComet =>P2P.BitComet O42 - Logiciel: Cumulus 1.9.4 - (.Sandaysoft.) [HKLM][64Bits] -- Cumulus_is1 O42 - Logiciel: GraphWeather Version 3.0.15 - (.Antoine Guilmard.) [HKLM][64Bits] -- GraphWeather_is1 O42 - Logiciel: MeteoReportWL - (...) [HKLM][64Bits] -- MeteoReportWL O42 - Logiciel: WeatherLink 6.0.3 - (.Davis Instruments Corp..) [HKLM][64Bits] -- {E344C807-7DE0-4CC2-81BB-1F895CF8CBDF} ~ Logic: 29 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AdsFix] [HKCU\Software\BitComet] =>P2P.BitComet [HKCU\Software\Davis Instruments Corp.] [HKCU\Software\GraphWeather] [HKCU\Software\Maxim Integrated Products] [HKCU\Software\MeteoReportWL] [HKCU\Software\Roupe] [HKCU\Software\SHAPE Services] [HKLM\Software\AdsFix] [HKLM\Software\Wow6432Node\AdsFix] [HKLM\Software\Wow6432Node\SHAPE Services] ~ Key Software: 403 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 19/03/2013 - 19:51:18 - [] ----D C:\Program Files (x86)\BitComet =>P2P.BitComet O43 - CFD: 03/04/2014 - 13:36:08 - [0] ----D C:\Program Files (x86)\Blaasoft O43 - CFD: 07/03/2014 - 10:36:39 - [] ----D C:\Program Files (x86)\GraphWeather O43 - CFD: 26/11/2013 - 11:15:41 - [] ----D C:\Program Files (x86)\MeteoReportWL O43 - CFD: 15/10/2013 - 10:23:40 - [] ----D C:\Program Files (x86)\VWS Installer O43 - CFD: 05/10/2013 - 10:56:41 - [] ----D C:\Program Files (x86)\Common Files\iSpirit O43 - CFD: 19/08/2014 - 11:19:45 - [] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} O43 - CFD: 19/09/2014 - 18:42:58 - [] ----D C:\Users\ACER\AppData\Roaming\BitComet =>P2P.BitComet O43 - CFD: 03/04/2014 - 13:35:10 - [0] ----D C:\Users\ACER\AppData\Roaming\weatherobserverair O43 - CFD: 26/11/2013 - 11:15:41 - [] ----D C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeteoReportWL ~ Program Folder: 229 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/09/2014 - 07:49:54 ---A- . (...) -- C:\autoexec.bat [0] O44 - LFC:[MD5.5A2B175910D02AFE0CD774E717EA2F28] - 15/09/2014 - 09:09:24 ---A- . (...) -- C:\AdsFix_15_09_2014_10_09_25.txt [50009] O44 - LFC:[MD5.F4A081CA604E968A80508B21352E701C] - 16/09/2014 - 07:30:12 R--A- . (...) -- C:\QuickDiag_16_09_2014_08_30_12.txt [152184] ~ Files: 46 Legitimates Filtered in 00mn 01s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("browser.search.defaultenginename", "Web Search"); O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("browser.search.selectedEngine", "Web Search"); O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.SmartbarDisabled", false); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.backPageCapacity", 3); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.backPageCounter", 0); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.backPageDay", 24); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.backPageLastEvent", "1408697030421"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.backPageMinInterval", 15); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.barcodeid", "1262"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.countryiso", "fr"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.downloadprovider", "yahoooc"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".sear[...] =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.fromautoupdate", "false"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.installationid", "da811d90-6d61-118c-da7f-06c05a2c668e"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.installdate", "19/08/2014"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.keepAliveLastevent", "1408869827"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1410680807027"); =>PUP.HelperBar O69 - SBI: prefs.js [ACER - ysvmdu9w.default] user_pref("extensions.helperbar.publisher", "yahoooc"); =>PUP.HelperBar ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.00A39E8C566C8D9B698B2A006B74E05B] [SPRF][12/12/2013] (...) -- C:\Users\ACER\AppData\Roaming\wklnhst.dat [528] [MD5.269FB3CE61CA4018F6E549A05E75D9C1] [SPRF][23/06/2011] (.Pas de propriétaire - iSpirit.) -- C:\Users\ACER\Desktop\iSpirit.exe [4482048] [MD5.A65C8E5867AB5B4362A6F6ACECFBA040] [SPRF][07/09/2014] (...) -- C:\Users\ACER\Desktop\WeatherLinkIP Network Information Utility v1_0.exe [204800] [MD5.F040B76E554D248A7E4EA051108878AE] [SPRF][22/07/2013] (...) -- C:\Windows\Downloaded Program Files\avcodec-54.dll [1210894] [MD5.0E011C96273EAD139A1B5AABABABEE46] [SPRF][26/03/2013] (...) -- C:\Windows\Downloaded Program Files\avutil-52.dll [146446] [MD5.C537CD198181A21FD46A8DA97D63812E] [SPRF][02/04/2013] (.Pas de propriétaire - Audio 動態連結程式庫.) -- C:\Windows\Downloaded Program Files\fsAudio.dll [52224] [MD5.7C9934E6E3C9BE6728784D42124E4DEA] [SPRF][24/07/2013] (...) -- C:\Windows\Downloaded Program Files\fsnet_2.dll [136704] [MD5.91E2DD0096E2F7D9AE6E6AA455C54FC2] [SPRF][24/07/2013] (...) -- C:\Windows\Downloaded Program Files\fs_udt.dll [428032] [MD5.106C8B87EECE59A6E555FEC5CDAF1056] [SPRF][13/09/2014] (.Pas de propriétaire - IPCWebComponents Setup.) -- C:\Windows\Downloaded Program Files\IPCWebComponents.exe [1147024] [MD5.DF9DC1DA59B0149329762A4497EEC4ED] [SPRF][22/07/2013] (...) -- C:\Windows\Downloaded Program Files\swscale-2.dll [305166] ~ Files: 12 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{5AE9F19E-41BB-4862-A035-22F51E60731B}" | In - Private - P6 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files (x86)\BitComet\BitComet.exe =>P2P.BitComet O87 - FAEL: "{F0E50082-3F5B-43F5-839E-12F5A75E2402}" | In - Private - P17 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files (x86)\BitComet\BitComet.exe =>P2P.BitComet O87 - FAEL: "{AB0A8134-67DE-4481-9EA4-1554359EAFD0}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{B0D37621-7C04-4E52-88C2-0093AB493625}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O87 - FAEL: "TCP Query User{AC983881-D779-4A6D-B208-0ADCFC92D309}C:\program files (x86)\bitcomet\bitcomet.exe" | In - Public - P6 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\program files (x86)\bitcomet\bitcomet.exe =>P2P.BitComet O87 - FAEL: "UDP Query User{82A48AC2-E30D-4C8A-BED0-A93BF177C05F}C:\program files (x86)\bitcomet\bitcomet.exe" | In - Public - P17 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\program files (x86)\bitcomet\bitcomet.exe =>P2P.BitComet ~ Firewall: 6 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "7FD91B0E7C1B7394284CE0B4E1439656" . (.eBay Worldwide.) -- C:\Windows\Installer\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}\_6FEFF9B68218417F98F549.exe =>Toolbar.eBay ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASAPI32 =>P2P.BitComet HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASMANCS =>P2P.BitComet HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tuto4PC_widget_RASAPI32 =>PUP.AgenceExclusive HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upt4pcpt4_RASAPI32 =>PUP.Eorezo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upt4pcpt4_RASMANCS =>PUP.Eorezo ~ BTK: 259 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Yahoo Community Smartbar (by Linkury)) =>Hijacker.SmartBar ~ BCK: 4397 Legitimates Filtered in 00mn 07s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 28/12/2010 1296728 | (BITCOMET_HELPER_SERVICE) . (.www.BitComet.com.) - C:\Program Files (x86)\BitComet\tools\BitCometService.exe =>P2P.BitComet SS - | Auto 18/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 18/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/12/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 11/09/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 02/12/2009 305448 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe SS - | Demand 06/11/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 16/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe SR - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 21/12/2012 819040 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe SR - | Auto 24/02/2010 325200 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SR - | Auto 05/02/2010 865824 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SR - | Auto 11/01/2011 168448 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe SR - | Auto 11/01/2011 131072 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe SR - | Auto 24/12/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 01/10/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 07/01/2010 255744 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe SR - | Auto 06/11/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SR - | Auto 05/02/2014 0 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe SR - | Auto 01/10/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 10s ---\\ Scan Additionnel (O88) Database Version : 13026 - (18/09/2014) Clés trouvées (Keys found) : 12 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] =>P2P.BitComet^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitComet] =>P2P.BitComet^ [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon C:\Program Files (x86)\BitComet =>P2P.BitComet^ C:\Users\ACER\AppData\Roaming\BitComet =>P2P.BitComet^ [HKCU\Software\BitComet] =>P2P.BitComet^ [HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Yahoo Community Smartbar (by Linkury)) =>Hijacker.SmartBar^ ~ Additionnel Scan: 339227 Items scanned in 00mn 49s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ AMI: 5 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/pup-helperbar =>PUP.HelperBar http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar http://nicolascoolman.fr/pup-imesh =>PUP.iMesh http://nicolascoolman.fr/pup-babylon =>PUP.Babylon ~ MSI: 7 link(s) detected in 00mn 00s ~ 973 Legitimates filtered by white list End of the scan (556 lines in 02mn 01s)(0)