~ ZHPDiag v2015.8.19.121 Par Nicolas Coolman (2015/08/19) ~ Démarré par hop (Administrator) (2015/08/21 08:56:44) ~ Site: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ Etat de la version: New Version Available ~ Mode: Scanner ~ Rapport: C:\Users\hop\Desktop\ZHPDiag.txt ~ Rapport: C:\Users\hop\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Deactivate ~ Démarrage du système: Normal (Normal boot) Windows Seven Black Edition, 32-bit Service Pack 1 (Build 7601) ---\\ Navigateurs Internet (4) - 0s GCIE: Google Chrome v44.0.2403.155 MFIE: Mozilla Firefox 37.0.1 (x86 fr) v37.0.1 OPIE: Opera 12.6 v12.6 MSIE: Internet Explorer v11.0.9600.17959 ---\\ Informations sur les produits Windows (8) - 1s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : HYRR2 ~ Windows Remaining Initializations Number : 4 Windows Automatic Updates : OK (Auto) Windows Activation Technologies : OK ---\\ Logiciels de protection (1) - 1s Windows Defender W7 (Deactivate) ---\\ Logiciels d'optimisation (1) - 1s CCleaner v4.07 ---\\ Informations sur le système (6) - 0s ~ Operating System: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 2056.812 MB (36% free) ~ System Restore: Activé (Enable) ~ System drive C: has 17 GB free of 99 GB ---\\ Mode de connexion au système (3) - 0s ~ Computer Name: HOP-PC ~ User Name: hop ~ Logged in as Administrator ---\\ Enumération des unités disques (2) - 0s ~ Drive C: has 17 GB free of 99 GB (System) ~ Drive D: has 93 GB free of 99 GB ---\\ Etat du Centre de Sécurité Windows (14) - 0s [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Recherche particulière de fichiers génériques (24) - 0s [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) () -- C:\Windows\Explorer.exe [2616320] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) () -- C:\Windows\System32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) () -- C:\Windows\System32\Wininit.exe [96256] [MD5.0AC8CD2138FD10C4A0E2FF08F892359C] - (.Microsoft Corporation - Extensions Internet pour Win32.) () -- C:\Windows\System32\wininet.dll [1951232] [MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) () -- C:\Windows\System32\Winlogon.exe [304128] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) () -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) () -- C:\Windows\System32\fr-FR\user32.dll.mui [20480] [MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) () -- C:\Windows\System32\drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [101888] [MD5.FEDAAB6716B44DE8B9EFC14DD9A26215] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [124416] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [187904] [MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) () -- C:\Windows\System32\drivers\ntfs.sys [1212352] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) () -- C:\Windows\System32\drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [71168] [MD5.7FE680A3DFA421C4A8E4879AE4C5AAB0] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) () -- C:\Windows\System32\drivers\volsnap.sys [245632] ---\\ Processus lancés (30) - 2s [MD5.FC4A9F237444993FC2E732C3E20C2787] - (.Copyright (C) 2015 - WtuSyste Application.) -- C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1195920] [PID.808] =>Toolbar.AVGSafeGuard [MD5.59E94810343F06F1FFD718EEFB509263] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656] [PID.408] [MD5.900B4FDE4A19F867122F2D7F2ABAB5C2] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824] [PID.484] [MD5.B00773539CBE0322991C4E3C6F67099A] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2015\avgcsrvx.exe [825768] [PID.528] [MD5.51A2C358BE912D65D8FFB65104EBE664] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328] [PID.1976] [MD5.F665EE65E60513C59E2ADBEF33989AB1] - (.ClaraLabs - ClaraUpdater.) -- C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe [926832] [PID.2256] =>PUP.Optional.SupTab [MD5.38E739B52CBAEFE78CC31DAACA541DBF] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1874320] [PID.2720] =>Toolbar.AVGSearch [MD5.0ACCB81916A1C1A1925A7FAFFE77275D] - (.Copyright (C) 2013 - loggings Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe [168336] [PID.2848] =>Toolbar.AVGSearch [MD5.7139E7EEA74966995148B16B8559819D] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [138008] [PID.3892] [MD5.356A26CB1A7FA81BE22CDDBE77067B76] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171288] [PID.3876] [MD5.57EE515BD3E9C76EDD7D4414C95104A5] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172824] [PID.3904] [MD5.DA730213087848FFAD75AA5BBAC3BBBF] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2015\avgui.exe [3780520] [PID.3908] [MD5.C57C7863343F47C6A4E786DEB5AF13B6] - (.Copyright (C) 2012 - VProtect Application.) -- C:\Program Files\AVG Web TuneUp\vprot.exe [3175312] [PID.1728] =>Toolbar.AVGSafeGuard [MD5.D0E3509E52CC8F6B3A98293FBE06EC45] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe [847576] [PID.2368] [MD5.3E58126EB9B288EBD1F638978BCA358A] - (.AVG Secure Search - avgcefrend.) -- C:\Program Files\AVG Web TuneUp\avgcefrend.exe [1402768] [PID.5520] =>Toolbar.AVGSafeGuard [MD5.ADE3D7AD36CA238C6D58E5E93392D2F8] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3903056] [PID.4748] [MD5.F97961FD74E83E3E96DB45B69B33B157] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144] [PID.5188] [MD5.176F353BC9B478D2CE689BE174EAC62B] - (.Piriform Ltd - Recuva.) -- C:\Program Files\Recuva\recuva.exe [3888920] [PID.1340] [MD5.2EC814B3AADB2B17765F4A63F5104679] - (...) -- C:\Program Files\Wondershare\Dr.Fone pour Android\adb.exe [825744] [PID.3548] [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.1972] =>PUP.Optional.UnicoBrowser [MD5.E0A3E3BC4E710FEB0AE037475BD7A4CF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\hop\AppData\Roaming\ZHP\ZHPDiag3.exe [1894400] [PID.2064] [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.5676] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.5992] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.5636] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.5456] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.1620] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.5132] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.6648] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.6636] =>PUP.Optional.UnicoBrowser [MD5.D2AB8A23E6154E11EC9B921702BA977C] - (.The Unico Browser Authors - Unico Browser.) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224] [PID.3172] =>PUP.Optional.UnicoBrowser ---\\ Google Chrome, Démarrage,Recherche,Extensions (15) - 0s G0 - GCSP: Preferences [User Data\Default][HomePage] http://accounts.google.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh6.googleusercontent.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://play.google.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://plus.google.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.dz/ G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com/ G2 - GCE: Preference [User Data\Default] [addibmjelefaholbfacfnekmojekodaf] Photo Zoomer For Facebook G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. ---\\ Firefox, Plugins,Demarrage,Recherche,Extensions (27) - 3s M0 - MFSP: prefs.js [hop - 5rep6kvv.default] https://mysearch.avg.com?pid=wtu&sg=&cid=%7B84da1ccd-b6ee-459d-9cda-2795bd7cfe97%7D&mid=c6d3f4bb3ddb47cd899ad16d12148a4e-1a7874fe714d566b078977d30fa4477111eacc24&cmpid=0215pit&ds=AVG&v=4.1.0.411&lang=fr&pr=fr&d=2015-06-06%2023%3A52%3A38&sap=hp P2 - EXT FILE: (...) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\{3aba10bc-af2b-4490-a846-67258f4bf417}.xpi P2 - EXT FILE: (...) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\searchplugins\avg-secure-search.xml P2 - EXT FILE: (...) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\searchplugins\default-search.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazon-france.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\cnrtl-tlfi-fr.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay-france.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-fr.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-france.xml P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} P2 - EXT: (.AVG Technologies - AVG Web TuneUp.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\avg@toolbar P2 - EXT: (. - Linkey for Firefox.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\extension@linkeyproject.com =>PUP.Optional.LinkeySearch P2 - EXT: (.DiscountFrenzy - I - Cinema.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\MGKN37049485@ACPSC11936960.com P2 - EXT: (...) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\staged P2 - EXT: (. - Mozilla Firefox Hotfixer.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\veggy@veggyAddon.com =>PUP.Optional.VeggyAddon P2 - EXT: (. - Zoom It.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\zzoomit@zoom.com =>PUP.Optional.ZoomIt P2 - EXT: (. - Zoom It.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\{13ccd001-0f59-f5ca-296a-1e7e42baa754} P2 - EXT: (. - Zoom It.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\{63e49437-9e75-2217-5084-fbc788807882} P2 - EXT: (. - Zoom It.) -- C:\Users\hop\AppData\Roaming\Mozilla\Firefox\Profiles\5rep6kvv.default\extensions\{97cb01e0-770a-d01d-00b5-e58dbd263e62} P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (...) -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll =>Toolbar.AVGSearch P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate ---\\ Opera, Démarrage,Recherche,Plugins (1) - 0s B2 - EXT: [Glass Bottle] C:\Users\hop\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjnfffadddalhgdjnfamfnfabihbaijo ---\\ Internet Explorer,Démarrage,Recherche,URLSearchHook (10) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ---\\ Internet Explorer,Proxy Management (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Internet Explorer,IniFiles, Autoloading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,,C:\Program Files\kchlwyhy\sfybhyqp.exe F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ---\\ Etude du fichier hosts (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (1) ---\\ Browser Helper Object de navigateur (BHO) (2) - 0s O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG - AVG Web TuneUp.dll.) -- C:\Program Files\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll =>Toolbar.AVGSafeGuard ---\\ Applications lancées au démarrage du système (20) - 1s O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2015\avgui.exe O4 - HKLM\..\Run: [vProt] . (.Copyright (C) 2012 - VProtect Application.) -- C:\Program Files\AVG Web TuneUp\vprot.exe =>Toolbar.AVGSafeGuard O4 - HKLM\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\hop\AppData\Roaming\uTorrent\uTorrent.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_120C4CE0C40EFC7C36FAC4387F7C06DE] . (.Torch Media Inc. - Torch.) -- C:\Users\hop\AppData\Local\Torch\Application\torch.exe =>PUP.Optional.Torch O4 - HKCU\..\Run: [CrashService] . (...) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\crash_service.exe =>PUP.Optional.UnicoBrowser O4 - HKUS\.DEFAULT\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\spreview.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\spreview.exe O4 - HKUS\S-1-5-21-722897642-3001306927-3999419580-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-722897642-3001306927-3999419580-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\hop\AppData\Roaming\uTorrent\uTorrent.exe O4 - HKUS\S-1-5-21-722897642-3001306927-3999419580-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-722897642-3001306927-3999419580-1000\..\Run: [GoogleChromeAutoLaunch_120C4CE0C40EFC7C36FAC4387F7C06DE] . (.Torch Media Inc. - Torch.) -- C:\Users\hop\AppData\Local\Torch\Application\torch.exe =>PUP.Optional.Torch O4 - HKUS\S-1-5-21-722897642-3001306927-3999419580-1000\..\Run: [CrashService] . (...) -- C:\Users\hop\AppData\Local\UnicoBrowser\Application\crash_service.exe =>PUP.Optional.UnicoBrowser O4 - GS\Quicklaunch [hop]: Unico Browser.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\TaskBar [hop]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar O4 - GS\TaskBar [hop]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\hop\AppData\Local\Torch\Application\torch.exe =>PUP.Optional.Torch O4 - GS\Desktop [Invité]: Amazon.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\Desktop [Invité]: Facebook.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\Desktop [Invité]: Hotmail.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\Desktop [Invité]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar O4 - GS\Desktop [Invité]: Wikipedia.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\Desktop [Invité]: Youtube.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\Quicklaunch [Invité]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar O4 - GS\Quicklaunch [Invité]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\hop\AppData\Local\Torch\Application\torch.exe =>PUP.Optional.Torch O4 - GS\Quicklaunch [Invité]: Unico Browser.lnk . (.The Unico Browser Authors - Unico Browser.) C:\Users\hop\AppData\Local\UnicoBrowser\Application\unicobrowser.exe =>PUP.Optional.UnicoBrowser O4 - GS\TaskBar [Invité]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar O4 - GS\TaskBar [Invité]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\hop\AppData\Local\Torch\Application\torch.exe =>PUP.Optional.Torch O4 - GS\Programs [Public]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\hop\AppData\Local\Torch\Application\torch.exe =>PUP.Optional.Torch ---\\Winsock hijacker (Layered Service Provider): O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' O10 - Broken Internet access because of LSP provider 'rsvp322.dll' ---\\ Modification Domaine/Adresses DNS (6) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =223.0.4.888 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer =223.0.4.888 ---\\ Valeurs de sous-clés Winlogon Notify (autorun) : O20 - Winlogon Notify: 3434daef969 . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\deployJava132.dll => Infection BT ---\\ Liste des services NT non Microsoft et non désactivés (13) - 1s O23 - Service: AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - C:\Program Files\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\AVG2015\avgwdsvc.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc. - BlueStacks Service.) - C:\Program Files\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc. - BlueStacks Updater Service.) - C:\Program Files\BlueStacks\HD-UpdaterService.exe O23 - Service: ClaraUpdater (ClaraUpdater) . (.ClaraLabs - ClaraUpdater.) - C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe =>PUP.Optional.BoBrowser O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (.Copyright (C) 2014 - .) - C:\ProgramData\MobileBrServ\mbbservice.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Torch Crash Handler (TorchCrashHandler) . (.TorchMedia Inc. - TorchCrashHandler.) - C:\Users\hop\AppData\Local\Torch\Update\TorchCrashHandler.exe =>PUP.Optional.Torch O23 - Service: (vToolbarUpdater18.8.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe =>Toolbar.AVGSearch O23 - Service: WtuSystemSupport (WtuSystemSupport) . (.Copyright (C) 2015 - WtuSyste Application.) - C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard