~ Rapport de ZHPDiag v2013.11.30.64 - Nicolas Coolman  (30/11/2013)
~ Lancé par Steven (30/11/2013 18:45:58)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v31.0.1650.57 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit  (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 45

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2815 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 267 GB (58%) free of 457 GB

---\\ Mode de connexion au système
~ Computer Name: STEVEN-HP
~ User Name: Steven
~ All Users Names: Steven, HomeGroupUser$, fbwuser, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Steven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Steven\AppData\Roaming\
~ %Desktop% : C:\Users\Steven\Desktop\
~ %Favorites% : C:\Users\Steven\Favorites\
~ %LocalAppData% : C:\Users\Steven\AppData\Local\
~ %StartMenu% : C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 267 Go of 457 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1486
~ Mes musiques (My Musics) : 4/271
~ Mes Videos (My Videos) : 2/12
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/235
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/30
~ Hidden Files:  Scanned in 00mn 12s



---\\ Processus lancés
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe   [62768] [PID.2720]
[MD5.1C5A81304F4B3A24914E10E339E3D51A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe   [900440] [PID.2708]  =>P2P.BitTorrent
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe   [54576] [PID.2908]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2872]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe   [10376704] [PID.2564]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3568312] [PID.2560]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin   [10368512] [PID.1704]
[MD5.9AE135F6E76872786C321EF4C72FAEBD] - (.AnchorFree Inc. - Hotspot Shield 3.19.) -- C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe   [1795880] [PID.692]
[MD5.85AF4805A6E0512F523170AD228758D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8260608] [PID.832]
[MD5.4D41D30E2FAB3307967C7A0B045DC874] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1188]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe   [759048] [PID.1696]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [57008] [PID.1744]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe   [514232] [PID.1380]
[MD5.201835AEB325121872F5A48AA78B56CD] - (.AnchorFree Inc. - Hotspot Shield 3.19.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe   [906024] [PID.2092]
[MD5.01F174DF0F102955AD6A875E36C2939C] - (...) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe   [555304] [PID.2152]
[MD5.3503F257B3203F824B1567238EBE17E2] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.2224]
[MD5.BDF850D185B2344C7811B79E49050188] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe   [635416] [PID.2320]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [elhjaoldnkkbifioodjndkijecdeinld] BittorrentBar_FR v.10.13.20.29 (Désactivé) =>P2P.BitTorrent
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
~ Google Browser: 14 Legitimates Filtered in 10mn 54s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\gk3khrkk.default\prefs.js
~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>;*.local =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop [Public]: Hotspot Shield.lnk . (.AnchorFree Inc. - Hotspot Shield 3.19.)  -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe 
O4 - GS\Desktop [Public]: Pazera Free MP4 to AVI Converter.lnk . (.Jacek Pazera - Pazera Free MP4 to AVI Converter.)  -- C:\Program Files (x86)\pazera-software\MP4_to_AVI_Converter\mp4toavi.exe 
O4 - GS\Desktop [Public]: RomStation.lnk . (...)  -- C:\Program Files (x86)\RomStation\RomStation.exe
O4 - GS\Program [Public]: LabelPrint.lnk . (.CyberLink Corp. - LabelPrint.)  -- C:\Program Files (x86)\Cyberlink\LabelPrint\LabelPrint.exe 
O4 - GS\Program [Public]: Power2Go.lnk . (.CyberLink Corp. - Power2Go.)  -- C:\Program Files (x86)\Cyberlink\Power2Go\Power2Go.exe 
O4 - GS\QuickLaunch [Steven]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Steven]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Steven]: DVD Region+CSS Free.lnk . (.Fengtao Software Inc. - DVD Region-Free Application.)  -- C:\Program Files (x86)\DVD Region+CSS Free\DVDRegionFree.exe 
O4 - GS\TaskBar [Steven]: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar [Steven]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar [Steven]: Pazera Free MP4 to AVI Converter.lnk . (.Jacek Pazera - Pazera Free MP4 to AVI Converter.)  -- C:\Program Files (x86)\pazera-software\MP4_to_AVI_Converter\mp4toavi.exe 
O4 - GS\TaskBar [Steven]: RomStation.lnk . (...)  -- C:\Program Files (x86)\RomStation\RomStation.exe
O4 - GS\TaskBar [Steven]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Steven]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Steven]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Steven]: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Steven]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 79 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Steven]: OpenOffice.org 3.4.1.lnk . (...)  -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe  =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline 
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2120235688-1630840272-2243494843-1000\..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
O4 - HKUS\S-1-5-21-2120235688-1630840272-2243494843-1000\..\Run: [AdobeBridge] Clé orpheline 
O4 - HKUS\S-1-5-21-2120235688-1630840272-2243494843-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA790C57-7666-4E8A-B9D1-FC40F003F4EA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{DA790C57-7666-4E8A-B9D1-FC40F003F4EA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{DA790C57-7666-4E8A-B9D1-FC40F003F4EA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- 
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.01FAFBC45D49F31FB7CD79C74F749EE4] [APT] [{BB9E7145-89F0-4862-9B3D-69F8C5AF7AE2}] (...) -- C:\Program Files (x86)\Rockstar Games\GTA III\gta3.exe   [2441216]
[MD5.00000000000000000000000000000000] [APT] [{D71B74C2-7EEE-4CA6-850C-32D940904188}] (...) -- C:\Program Files (x86)\Hide IP\hideip.exe (.not file.)   [0]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 15s



---\\ Logiciels installés (O42)
O42 - Logiciel: DVD Region+CSS Free 5.9.8.3 - (.Fengtao Software Inc..) [HKLM][64Bits] -- DVD Region+CSS Free_is1
~ Logic: 45 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\DVD Region-Free]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 308 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/06/2013 - 22:25:40 - [1,854] ----D C:\Program Files (x86)\DVD Region+CSS Free
O43 - CFD: 09/03/2012 - 02:36:15 - [11,407] ----D C:\Program Files (x86)\Shareaza
O43 - CFD: 04/12/2012 - 19:25:35 - [23,027] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 20/09/2011 - 16:46:10 - [45,266] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 27/12/2012 - 22:59:05 - [0,304] ----D C:\Users\Steven\AppData\Roaming\BitComet =>P2P.BitComet
O43 - CFD: 16/07/2011 - 13:01:26 - [0,001] ----D C:\Users\Steven\AppData\Local\Shareaza
~ Program Folder: 206 Legitimates Filtered in 01mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.AA2A20BD0132796670BCFD388EA45FE4] - 16/11/2013 - 15:02:28 ---A- . (...) -- C:\Windows\ntbtlog.txt   [151346]
O44 - LFC:[MD5.6E19039008098FAAD43F416B3F2F1291] - 30/11/2013 - 18:51:09 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [18736]
O44 - LFC:[MD5.6E19039008098FAAD43F416B3F2F1291] - 30/11/2013 - 18:51:09 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [18736]
O44 - LFC:[MD5.6E19039008098FAAD43F416B3F2F1291] - 30/11/2013 - 18:51:09 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [18736]
O44 - LFC:[MD5.6E19039008098FAAD43F416B3F2F1291] - 30/11/2013 - 18:51:09 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [18736]
~ Files: 30 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.23F55BD972E0425F79A14FF75EDA0267] - 24/11/2013 - 16:21:22 ---A- - C:\Windows\Prefetch\CDCREATOR.EXE-547CBAE3.pf
O45 - LFCP:[MD5.1438787A72B403433A5A2237C3C1E5B4] - 28/11/2013 - 19:49:40 ---A- - C:\Windows\Prefetch\DCEAF3A1-10B7-453F-80DE-5B213-8DB99A17.pf
O45 - LFCP:[MD5.462DE9EB4AF8E911A6312EE707F4CE41] - 30/11/2013 - 10:55:40 ---A- - C:\Windows\Prefetch\AF377227-9CC3-4E18-B4EA-ED940-20B00862.pf
O45 - LFCP:[MD5.4FC58BDCC9FA35081207224EEE599A39] - 30/11/2013 - 12:30:38 ---A- - C:\Windows\Prefetch\NETSTAT.EXE-5A5A908F.pf
O45 - LFCP:[MD5.B35FDBC2446A72F09B36792CABD3947E] - 30/11/2013 - 18:44:15 ---A- - C:\Windows\Prefetch\HSSCP.EXE-860554D9.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 30/11/2013 - 18:02:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 30/11/2013 - 18:02:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [205320]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.A60C877E1CD3AA2E4E5CCD8AF305C0F1] - 05/01/2012 - 00:01:58 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv.sys   [56832]
O58 - SDL:[MD5.36F7DA9504BAD75FD8D799E8A89496CF] - 02/11/2013 - 00:31:28 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys   [44744]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.4EF44915E522F3ECD1A3FF540AA64126] - 25/02/2010 - 17:51:02 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys   [29696]
O58 - SDL:[MD5.F33FDC72298DF4BF9813A55D21F4EB31] - 12/11/2009 - 22:42:18 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys   [37888]
O58 - SDL:[MD5.83C57F165F0216E5CE40D7E4E00DC76D] - 24/04/2013 - 20:28:08 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys   [42184]
~ Drivers: 19 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 28/11/2013 - 18:59:42 ---A- . (...) -- C:\Users\Steven\Downloads\LLCE_WEB_150dpi.pdf   [1905816]
O61 - LFC: 30/11/2013 - 18:59:17 ---A- . (...) -- C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [269398]
O61 - LFC: 30/11/2013 - 18:59:23 ---A- . (...) -- C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Local State   [59236]
O61 - LFC: 30/11/2013 - 18:59:25 ---A- . (...) -- C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences   [13666]
O61 - LFC: 30/11/2013 - 18:59:25 ---A- . (...) -- C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data   [313344]
O61 - LFC: 30/11/2013 - 18:59:27 ---A- . (...) -- C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences   [41313]
O61 - LFC: 30/11/2013 - 18:59:27 ---A- . (...) -- C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data   [83968]
O61 - LFC: 30/11/2013 - 18:59:38 ---A- . (...) -- C:\Users\Steven\AppData\Roaming\ZHP\Log.txt   [18929]  =>.Nicolas Coolman
O61 - LFC: 30/11/2013 - 18:59:38 ---A- . (...) -- C:\Users\Steven\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2877]  =>.Nicolas Coolman
~ 12 Fichiers temporaires (Temporary files)
~ Files: 224 Legitimates Filtered in 00mn 47s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E6E1EBCC-FC9E-4153-8677-483EF260CE3C} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {711522A6-C073-4F5F-8B6D-B009A421E49C} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {711522A6-C073-4F5F-8B6D-B009A421E49C} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7E89844169E755775F09AA4724680281] [SPRF][16/11/2013] (...) -- C:\Users\Steven\AppData\Local\Temp\vlc-2.1.1-win32.exe   [24489269]
[MD5.698F337F24D5E686BCDAA6C85A39A3A6] [SPRF][14/11/2013] (...) -- C:\Users\Steven\AppData\Roaming\wklnhst.dat   [660]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{A91A1514-CE54-4701-AA29-EE2B54EB4BCB}C:\program files (x86)\shareaza\shareaza.exe" | In - Public - P6 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "UDP Query User{9A6A46E3-228B-40AE-8CB5-5D99E487B4C4}C:\program files (x86)\shareaza\shareaza.exe" | In - Public - P17 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "{7812CEA8-F9C2-4C7B-BD14-28846E4579D8}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{30BBC91D-BA9A-473C-9489-FD9B728B8B54}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{BD516272-5FED-4726-91A8-6F703B41872A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
O87 - FAEL: "{C6BD26DC-A6FF-4874-80BC-34EECB94144F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
O87 - FAEL: "{6DD36699-EF5F-4F01-85FA-A8C4F9CC1596}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{87890C0E-B294-4378-B50D-CAE3FDA8C5B0}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
~ Firewall: 220 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 08/10/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 26/02/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/02/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 78512 |  (HssTrayService) . (...) - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe
SS - | Demand 25/06/2012 129976 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 14/05/2009 759048 |  (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 02/02/2010 202752 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 21/12/2012 57008 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 14/09/2009 166400 |  (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe
SR - | Auto 14/09/2009 128512 |  (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 10/07/1658 0 |  (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe  =>.EasyBits Software AS
SR - | Auto 02/11/2013 906024 |  (hshld) . (.AnchorFree Inc..) - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
SR - | Auto 02/11/2013 555304 |  (HssWd) . (...) - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
SR - | Auto 22/01/2010 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 14/10/2009 635416 |  (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 12s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Steven at 30/11/2013 19:00:50
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Steven at 30/11/2013 19:00:52

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13004 - (30/11/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 4
Dossiers trouvés  (Folders found) : 2
Fichiers trouvés  (Files found) : 2

[HKLM\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld]   =>P2P.BitTorrent^
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}]   =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}]   =>PUP.iMesh
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL]   =>PUP.BearShare
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\SweetIM]   =>PUP.SweetIM
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitComet   =>P2P.BitComet^
C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhjaoldnkkbifioodjndkijecdeinld   =>P2P.BitTorrent^
C:\Users\Steven\AppData\Roaming\BitComet   =>P2P.BitComet^
C:\Users\Steven\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent^
[HKCU\Software\BitComet]   =>P2P.BitComet^
~ Additionnel Scan: 287940 Items scanned in 00mn 45s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy    =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim   =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh   =>PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare   =>PUP.BearShare
~ MSI: 5 link(s) detected in 00mn 45s



~ 1515 Legitimates filtered by white list
End of the scan (469 lines in 15mn 39s)(0)