~ Rapport de ZHPDiag v2015.3.19.31 - Nicolas Coolman  (19/03/2015)
~ Lancé par NIDTALEB (22/03/2015 18:27:25)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox v2.0.0.20 (fr)
GCIE: Google Chrome v41.0.2272.101

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2C9T3
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Avast Free Antivirus v10.0.2206
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.17

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 16 ActiveX
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (31% free)
System Restore: Activé (Enable)
System drive C: has 137 GB (57%) free of 237 GB

---\\ Mode de connexion au système
~ Computer Name: NIDTALEB-PC
~ User Name: NIDTALEB
~ All Users Names: NIDTALEB, HomeGroupUser$, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\NIDTALEB\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\NIDTALEB\AppData\Roaming\
~ %Desktop% : C:\Users\NIDTALEB\Desktop\
~ %Favorites% : C:\Users\NIDTALEB\Favorites\
~ %LocalAppData% : C:\Users\NIDTALEB\AppData\Local\
~ %StartMenu% : C:\Users\NIDTALEB\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 137 Go of 237 Go)
D: Hard drive, Flash drive, Thumb drive (Free 8 Go of 20 Go)
E: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 171 Go of 205 Go)
H: CD-ROM drive (Free 0 Go of 3 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 13:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.C4AA30C01694001B8374CC62BF9AE6FF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.09/12/2013 - 00:20:48.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 03:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 10:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/35
~ Mes musiques (My Musics) : 4/5
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 6/87
~ Mon Bureau (My Desktop) : 2/3547
~ Menu demarrer (Programs) : 1/43
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processus lancés
[MD5.3FAFBCCE3F066EDCC263E25A786FFD50] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [21650016] [PID.1884]
[MD5.46EDEE81DDD111FA2024AC77F2BE26A7] - (.Pay By Ads LTD - Pas de description.) -- C:\Users\NIDTALEB\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe   [514920] [PID.1912]  =>PUP.OnlySearch
[MD5.72DDAC9716A429425BD47619CD6B7C28] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe   [3858000] [PID.1920]
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe   [236384] [PID.2228]
[MD5.47C1DE0A890613FFCFF1D67648EEDF90] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [937920] [PID.1224]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe   [136488] [PID.2960]
[MD5.59069C831AB78064EBAA5270AB5EA7A8] - (.Pas de propriétaire - AutoDect.) -- C:\Program Files (x86)\Internet Haut Débit Mobile\AutoDect.exe   [129872] [PID.3136]
[MD5.03F7027B0AFB0155956B6C6282C9C4AD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [5223016] [PID.3792]
[MD5.6D4396985635E2E0F3B7F68750930DED] - (...) -- C:\Program Files (x86)\Between Lines\bin\BetweenLines.expext.exe   [101624] [PID.852]
[MD5.DFA4B9775BB8747E5A94718AC028CD3D] - (...) -- C:\Program Files (x86)\Between Lines\bin\BetweenLines.BOASHelper.exe   [1649912] [PID.2036]
[MD5.E3573EBDE923BB48AE1C8672988B5772] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe   [2630928] [PID.2740]
[MD5.FFF367CDBFC8EAD4CA1667AB87735207] - (...) -- C:\Program Files (x86)\Between Lines\bin\BetweenLines.BrowserAdapter.exe   [105720] [PID.2232]
[MD5.F217EF2EA31D8F73504B1CD2F9787D9D] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [809288] [PID.5904]
[MD5.ABF79579FEBC063F0950C549C61C44EF] - (.Pas de propriétaire - BetweenLines.BOASPRT.exe.) -- C:\Program Files (x86)\Between Lines\bin\BetweenLines.BOASPRT.exe   [1786616] [PID.5736]
[MD5.761EC6B1303B310D9A080461D037E354] - (.Pas de propriétaire - BetweenLines.BOAS.exe.) -- C:\Program Files (x86)\Between Lines\bin\BetweenLines.BOAS.exe   [1791224] [PID.5976]
[MD5.6577E0208F612DAF5DE5AD4081BE7696] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8187904] [PID.1188]
[MD5.5CE4F1E7D1BF789919DC7F2E7603C638] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1580]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [64952] [PID.1720]
[MD5.3817558D8D5BBC8B0F190CF0D7C4720F] - (.Autodesk, Inc. - Content Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe   [12288] [PID.2276]
[MD5.6227D8C06F94D4C59623AC661947CCD1] - (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe   [244448] [PID.2992]
[MD5.F9BD48630768BD3413972F2AEB49974F] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\system32\hasplms.exe   [4609928] [PID.3044]
[MD5.66AAE701A787E4BDF73116B79274DC86] - (...) -- C:\ProgramData\Internet Mobile\OnlineUpdate\ouc.exe   [655744] [PID.2732]
[MD5.8F5C858C3A28CA6E500D06AEAA93B476] - (...) -- C:\Program Files (x86)\Between Lines\bin\utilBetweenLines.exe   [411384] [PID.4312]
[MD5.8F5C858C3A28CA6E500D06AEAA93B476] - (...) -- C:\Program Files (x86)\Between Lines\updateBetweenLines.exe   [411384] [PID.4956]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\NIDTALEB\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\NIDTALEB\AppData\Roaming\Mozilla\Firefox\Profiles\cc6wgnbg.default\prefs.js
M3 - MFPP: Plugins - [NIDTALEB] -- C:\Users\NIDTALEB\AppData\Roaming\Mozilla\Firefox\Profiles\cc6wgnbg.default\searchplugins\default-search.xml  =>Hijacker.Browsers
M3 - MFPP: Plugins - [NIDTALEB] -- C:\Users\NIDTALEB\AppData\Roaming\Mozilla\Firefox\Profiles\cc6wgnbg.default\searchplugins\onlysearchkms.xml  =>PUP.OnlySearch
M3 - MFPP: Plugins - [NIDTALEB] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\default-search.xml  =>Hijacker.Browsers
M3 - MFPP: Plugins - [NIDTALEB] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\MediaDICO-fr.xml
M0 - MFSP: prefs.js [NIDTALEB - cc6wgnbg.default] http://www.only-search.com  =>Hijacker.OnlySearch
M2 - MFEP: prefs.js [NIDTALEB - cc6wgnbg.default\extension@linkeyproject.com] [] Linkey for Firefox v1.0 (..)  =>PUP.LinkeySearch
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.only-search.com  =>Hijacker.OnlySearch
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.19.1:3128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File:  Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Between Lines 1.0.0.7 [64Bits] - {ed66005b-3c60-469c-a11b-211b53e83d9e} . (.Between Lines - Between Lines.) -- C:\Program Files (x86)\Between Lines\BetweenLinesbho.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [NIDTALEB]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\NIDTALEB\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [NIDTALEB]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\NIDTALEB\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 05s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [NIDTALEB]: TornTvDownloader.lnk . (...)  -- C:\Users\NIDTALEB\AppData\Roaming\TornTV.com\Torntv Downloader.exe (.not file.)  =>Hijacker.TornTV
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe   =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\NIDTALEB\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe   =>P2P.BitTorrent
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [TornTv Downloader] C:\Users\NIDTALEB\AppData\Roaming\TornTV.com\Torntv Downloader.exe (.not file.)   =>Hijacker.TornTV
O4 - HKCU\..\Run: [Only-search] . (.Pay By Ads LTD - Pas de description.) -- C:\Users\NIDTALEB\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe   =>PUP.OnlySearch
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe 
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe   =>.Microsoft Corporation
O4 - HKCU\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (.not file.)   =>PUP.SearchProtect
O4 - HKLM\..\Wow6432Node\Run: [autodetect] . (.Pas de propriétaire - AutoDect.) -- C:\Program Files (x86)\Internet Haut Débit Mobile\AutoDect.exe 
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe 
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\NIDTALEB\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe   =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [TornTv Downloader] C:\Users\NIDTALEB\AppData\Roaming\TornTV.com\Torntv Downloader.exe (.not file.)   =>Hijacker.TornTV
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [Only-search] . (.Pay By Ads LTD - Pas de description.) -- C:\Users\NIDTALEB\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe   =>PUP.OnlySearch
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe 
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-887702475-2095873223-1482034817-1000\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
~ Application:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4D46F7C-217B-4AFC-AF53-7352BA0363EF}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4D46F7C-217B-4AFC-AF53-7352BA0363EF}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4D46F7C-217B-4AFC-AF53-7352BA0363EF}: NameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Update Between Lines (Update Between Lines) . (...) - C:\Program Files (x86)\Between Lines\updateBetweenLines.exe
O23 - Service: Util Between Lines (Util Between Lines) . (...) - C:\Program Files (x86)\Between Lines\bin\utilBetweenLines.exe
~ Services: 14 Legitimates Filtered in 00mn 11s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [1002]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1066]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1070]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 21s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver:  ({06146dd6-a059-4c4d-9840-35b694aad4ae}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{06146dd6-a059-4c4d-9840-35b694aad4ae}Gw64.sys  =>PUP.LinkiDoo
O41 - Driver:  ({38c95e98-da81-4038-a23a-50d0e098cff8}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}Gw64.sys  =>PUP.LinkiDoo
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: ARC-FLASH-ANALYTICS - (.Mykhaylo Furtak.) [HKLM][64Bits] -- {C25404BB-E001-4794-9FF7-5B7870FD5F10}
O42 - Logiciel: Arc Flash Analytic version 5.0.4 - (.ARCAD INC..) [HKLM][64Bits] -- {7DE62A56-1EC5-4575-BBC8-81F7243A7818}_is1
O42 - Logiciel: Between Lines - (.Between Lines.) [HKLM][64Bits] -- Between Lines
O42 - Logiciel: CYMDIST 4.5 Rev 12 (Français) - (.CYME.) [HKLM][64Bits] -- InstallShield_{672BF505-55F5-45D9-9CF8-3A585754E8A6}
O42 - Logiciel: CYMTCC 4.5 Rev 7 (Français) - (.CYME.) [HKLM][64Bits] -- InstallShield_{49034DD2-90D4-4DBF-A390-6287DB4D1B7F}
O42 - Logiciel: Ecodial 3.38 - (...) [HKLM][64Bits] -- {5BB9966E-D03D-41FC-8AC1-06D30B651F9C}
O42 - Logiciel: ÇáÏÑÑ ÇáÓäíÉ - (...) [HKLM][64Bits] -- ÇáÏÑÑ ÇáÓäíÉ
~ Logic: 25 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]  =>PUP.1ClickDownloader
[HKCU\Software\Between Lines]
[HKCU\Software\CYME]
[HKCU\Software\Clubic]
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\Linkey]  =>PUP.LinkeySearch
[HKCU\Software\OverPDF]
[HKCU\Software\PC Optimizer]
[HKCU\Software\PowerWorld]
[HKCU\Software\ProductSetup]  =>Adware.InstallCore
[HKCU\Software\SmdmF]  =>PUP.SystemK
[HKCU\Software\TornTv Downloader]  =>Hijacker.TornTV
[HKLM\Software\Linkey]  =>PUP.LinkeySearch
[HKLM\Software\Wow6432Node\Between Lines]
[HKLM\Software\Wow6432Node\CYME]
[HKLM\Software\Wow6432Node\Linkey]  =>PUP.LinkeySearch
[HKLM\Software\Wow6432Node\SmdmF]  =>PUP.SystemK
~ Key Software: 275 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/09/2014 - 15:00:51 - [] ----D C:\Program Files (x86)\ARC FLASH ANALYTIC V5.0
O43 - CFD: 18/09/2014 - 20:57:29 - [] ----D C:\Program Files (x86)\ARC-FLASH-ANALYTIC
O43 - CFD: 22/03/2015 - 17:51:13 - [] ----D C:\Program Files (x86)\Between Lines
O43 - CFD: 26/03/2014 - 21:35:08 - [] ----D C:\Program Files (x86)\Dorar
O43 - CFD: 20/03/2015 - 17:08:06 - [] ----D C:\Program Files (x86)\OverCAD PDF to DWG Converter
O43 - CFD: 18/08/2014 - 19:50:24 - [] ----D C:\Program Files (x86)\PowerWorld
O43 - CFD: 15/05/2014 - 22:16:26 - [] ----D C:\Program Files (x86)\Settings Manager  =>PUP.SystemK
O43 - CFD: 13/09/2014 - 09:31:05 - [] ----D C:\ProgramData\DSearchLink  =>Toolbar.DeltaSearch
O43 - CFD: 17/03/2015 - 10:57:56 - [] ----D C:\ProgramData\FARO
O43 - CFD: 15/05/2014 - 22:16:25 - [0] ----D C:\ProgramData\smdmf  =>PUP.SystemK
O43 - CFD: 29/09/2014 - 15:00:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arc Flash Analytic V5.0
O43 - CFD: 18/09/2014 - 20:57:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARC-FLASH-ANALYTIC
O43 - CFD: 02/09/2014 - 14:40:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CYME
O43 - CFD: 10/01/2014 - 20:15:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ecodial338
O43 - CFD: 20/03/2015 - 16:57:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverCAD PDF to DWG Converter
O43 - CFD: 18/08/2014 - 19:50:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerWorld
O43 - CFD: 20/05/2014 - 14:00:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSIM 9.0.3 (softkey time-limited)
O43 - CFD: 14/07/2009 - 15:35:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 26/03/2014 - 21:34:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÇáÏÑÑ ÇáÓäíÉ
O43 - CFD: 29/09/2014 - 15:02:11 - [] ----D C:\Users\NIDTALEB\AppData\Roaming\afav50
O43 - CFD: 15/05/2014 - 22:16:29 - [] ----D C:\Users\NIDTALEB\AppData\Roaming\FirefoxToolbar
O43 - CFD: 12/09/2014 - 21:20:49 - [] ----D C:\Users\NIDTALEB\AppData\Roaming\OpenCandy  =>Adware.OpenCandy
O43 - CFD: 05/12/2014 - 20:28:48 - [] ----D C:\Users\NIDTALEB\AppData\Roaming\Prodiance
O43 - CFD: 06/07/2014 - 13:42:02 - [] ----D C:\Users\NIDTALEB\AppData\Roaming\SecureSearch
O43 - CFD: 15/05/2014 - 22:25:47 - [] ----D C:\Users\NIDTALEB\AppData\Local\Linkey  =>PUP.LinkeySearch
O43 - CFD: 13/09/2014 - 09:31:09 - [] ----D C:\Users\NIDTALEB\AppData\Local\onlysearch  =>PUP.OnlySearch
O43 - CFD: 10/02/2014 - 12:55:29 - [] ----D C:\Users\NIDTALEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ãßÊÈÉ ÇáÔíÎ ÕÇáÍ Âá ÇáÔíÎ
O43 - CFD: 26/03/2014 - 21:34:05 - [0] ----D C:\Users\NIDTALEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÇáÏÑÑ ÇáÓäíÉ
~ Program Folder: 207 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8DC787B9300563A699A17A45373FAD7C] - 17/03/2015 - 10:33:32 ---A- . (...) -- C:\Windows\DirectX.log   [683]
O44 - LFC:[MD5.022AB9356EFD19AE2814E6168BD1A04F] - 17/03/2015 - 11:43:25 ---A- . (...) -- C:\Windows\DIALux Setup Setup Log.txt   [13855]
O44 - LFC:[MD5.396D6B1835CA95007C3D067D80ACE9DC] - 17/03/2015 - 11:49:25 ---A- . (.Amyuni Technologies  http://www.amyuni.com - Common Driver Interface DLL.) -- C:\Windows\System32\cdintf450_64.dll   [6525440]
O44 - LFC:[MD5.35C8F4BDC2356FDB70E4ECC479307D9E] - 17/03/2015 - 11:49:52 ---A- . (...) -- C:\DIAL Communication Framework Setup Log.txt   [6283]
O44 - LFC:[MD5.AD1241A215D46C28602A9EF4651879BA] - 17/03/2015 - 11:49:57 ---A- . (...) -- C:\Windows\Dialux.ini   [102]
O44 - LFC:[MD5.D358A734EFD24A4E2A042801C888048A] - 17/03/2015 - 11:50:10 ---A- . (...) -- C:\DIALux Setup Information.txt   [29402]
O44 - LFC:[MD5.32021B25FE84A03CADCB4CF917DAE607] - 17/03/2015 - 12:29:49 ---A- . (...) -- C:\DIALux Setup Log.txt   [226827]
O44 - LFC:[MD5.F6EA004BC8A3798CBDC1F380AB9188FA] - 20/03/2015 - 00:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}Gw64.sys   [48784]  =>PUP.LinkiDoo
O44 - LFC:[MD5.38526AD0C25E71CB2072B9913552E154] - 20/03/2015 - 16:59:26 ---A- . (...) -- C:\2921-171 Plan d'équipements PET12__Rév D_.dwg   [20399008]
O44 - LFC:[MD5.270097DE73B49A471F775731E68334BC] - 21/03/2015 - 02:07:40 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{06146dd6-a059-4c4d-9840-35b694aad4ae}Gw64.sys   [48784]  =>PUP.LinkiDoo
O44 - LFC:[MD5.48BDA689A701C73767470CEC9204A54E] - 22/03/2015 - 16:51:11 ---A- . (...) -- C:\Windows\win.ini   [543]
~ Files: 34 Legitimates Filtered in 00mn 54s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{0f5e9763-5c76-11e3-8f4d-74de2bda6ebc}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
O51 - MPSK:{0f5e976f-5c76-11e3-8f4d-74de2bda6ebc}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{14c0e6b8-3350-11e4-ba2c-74de2bda6ebc}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{1736fc38-70e3-11e4-8e2b-74de2bda6ebc}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{3fec7168-5cca-11e3-bdd5-001e101f859f}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{9d4ee230-336a-11e4-918d-74de2bda6ebc}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{ff59a223-cc7d-11e4-8b86-74de2bda6ebc}\AutoRun\command. (.Autodesk, Inc. - Autodesk component.) -- H:\Setup.exe
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:01/03/2015 - 17:21:44 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [29208]  =>.ALWIL Software
O58 - SDL:01/03/2015 - 17:21:44 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]  =>.ALWIL Software
O58 - SDL:01/03/2015 - 17:21:44 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [267632]  =>.ALWIL Software
O58 - SDL:14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:09/06/2014 - 08:41:00 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys   [180136]
O58 - SDL:26/03/2011 - 10:37:12 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys   [11776]
O58 - SDL:14/07/2009 - 01:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:21/03/2015 - 02:07:40 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{06146dd6-a059-4c4d-9840-35b694aad4ae}Gw64.sys   [48784]  =>PUP.LinkiDoo
O58 - SDL:20/03/2015 - 00:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}Gw64.sys   [48784]  =>PUP.LinkiDoo
~ Drivers: 95 Legitimates Filtered in 00mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/08/2013 - C:\Windows\system32\drivers\aksfridge.sys (aksfridge)  .(.SafeNet Inc. - Ancillary Function Driver.) - LEGACY_AKSFRIDGE
O64 - Services: CurCS - 01/03/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21/03/2015 - C:\Windows\System32\drivers\{06146dd6-a059-4c4d-9840-35b694aad4ae}Gw64.sys ({06146dd6-a059-4c4d-9840-35b694aad4ae}Gw64)  .(.StdLib - StdLib.) - LEGACY_{06146DD6-A059-4C4D-9840-35B694AAD4AE}GW64  =>PUP.LinkiDoo
O64 - Services: CurCS - 20/03/2015 - C:\Windows\System32\drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}Gw64.sys ({38c95e98-da81-4038-a23a-50d0e098cff8}Gw64)  .(.StdLib - StdLib.) - LEGACY_{38C95E98-DA81-4038-A23A-50D0E098CFF8}GW64  =>PUP.LinkiDoo
~ Legacy: 176 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <OperaStable>[HKCU\..\open\Command] (...) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Only Search) - http://www.only-search.com  =>Hijacker.OnlySearch
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (SecureSearch) - http://securedsearch2.lavasoft.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} - (default-search.net) - http://www.default-search.net  =>Hijacker.Browsers
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.733319E8380BADDE759CD8462331D21F] [SPRF][21/08/2014] (...) -- C:\ProgramData\ntuser.dat   [262144]
[MD5.32B7EC928EE68B9E70B0F2D01034BE59] [SPRF][24/01/2011] (...) -- C:\Users\NIDTALEB\Desktop\UsbFix.exe   [524141]
[MD5.F02E53B18532DD9DF02034C6205C9E91] [SPRF][27/03/2013] (...) -- C:\Users\NIDTALEB\Desktop\xf-adsk64.exe   [312832]
~ Files: 11 Legitimates Filtered in 00mn 09s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{E6AD2CA4-DAFC-48DF-BC05-0F65A7519BC0}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\NIDTALEB\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{A53518DD-1366-47A3-B087-98E72B2B2B7C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\NIDTALEB\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\TornTvUpdater_RASAPI32  =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\TornTvUpdater_RASMANCS  =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup36378_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup36378_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\onlysearch_RASAPI32  =>PUP.OnlySearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\onlysearch_RASMANCS  =>PUP.OnlySearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_windows-xp-service-pack-3-iso_RASAPI32  =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_windows-xp-service-pack-3-iso_RASMANCS  =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Toolbar Cleaner uninstall_RASAPI32  =>PUP.ToolbarCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Toolbar Cleaner uninstall_RASMANCS  =>PUP.ToolbarCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TornTV_RASAPI32  =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TornTV_RASMANCS  =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent-3_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent-3_RASMANCS  =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS  =>P2P.µTorrent
~ BTK: 336 Legitimates Filtered in 00mn 01s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] (Linkey)  =>PUP.LinkeySearch
~ BCK: 5375 Legitimates Filtered in 00mn 19s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 05/02/2015 267440 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/12/2013 1934608 |  (DialComService) . (.DIAL GmbH.) - C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe
SS - | Demand 17/03/2015 1471352 |  (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 04/12/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/12/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/12/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 10/09/2012 655744 |  (Internet Mobile. RunOuc) . (...) - C:\Program Files (x86)\Internet Mobile\UpdateDog\ouc.exe
SS - | Demand 26/06/2014 1771560 |  (PDF Architect 2) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\ws.exe
SS - | Demand 26/06/2014 861736 |  (pdfforge CrashHandler) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
SS - | Auto 03/04/2014 315008 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 06/06/2011 64952 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/11/2009 98208 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 13/12/2012 12288 |  (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 01/03/2015 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/10/2014 244448 |  (FoxitCloudUpdateService) . (.Foxit Software Inc..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
SR - | Auto 01/08/2013 4609928 |  (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe
SR - | Auto 14/03/2011 346976 |  (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 25/10/2013 2768208 |  (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 16/10/2013 289496 |  (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 22/03/2015 411384 |  (Update Between Lines) . (...) - C:\Program Files (x86)\Between Lines\updateBetweenLines.exe
SR - | Auto 22/03/2015 411384 |  (Util Between Lines) . (...) - C:\Program Files (x86)\Between Lines\bin\utilBetweenLines.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 21s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (19/03/2015)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 5
Dossiers trouvés  (Folders found) : 7
Fichiers trouvés  (Files found) : 9

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]   =>PUP.ToolbarCleaner
[HKLM\Software\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]   =>Toolbar.AdAware
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]   =>Toolbar.AdAware
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]   =>Toolbar.AdAware
[HKLM\Software\Classes\protector_dll.protectorbho.1]   =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho]   =>PUP.BProtector
[HKCU\Software\1ClickDownload]   =>PUP.1ClickDownloader
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKCU\Software\Classes\keepmysearch]   =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}]   =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Search Protection   =>PUP.SearchProtect^
C:\Users\NIDTALEB\AppData\Roaming\Mozilla\Firefox\Profiles\cc6wgnbg.default\extensions\extension@linkeyproject.com   =>PUP.LinkeySearch^
C:\Program Files (x86)\Settings Manager   =>PUP.SystemK^
C:\ProgramData\DSearchLink   =>Toolbar.DeltaSearch^
C:\ProgramData\smdmf   =>PUP.SystemK^
C:\Users\NIDTALEB\AppData\Roaming\OpenCandy   =>Adware.OpenCandy^
C:\Users\NIDTALEB\AppData\Local\Linkey   =>PUP.LinkeySearch^
C:\Users\NIDTALEB\AppData\Local\onlysearch   =>PUP.OnlySearch^
C:\Users\NIDTALEB\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe   =>PUP.OnlySearch^
[HKCU\Software\Linkey]   =>PUP.LinkeySearch^
[HKCU\Software\ProductSetup]   =>Adware.InstallCore^
[HKCU\Software\SmdmF]   =>PUP.SystemK^
[HKCU\Software\TornTv Downloader]   =>Hijacker.TornTV^
[HKLM\Software\Linkey]   =>PUP.LinkeySearch^
[HKLM\Software\Wow6432Node\Linkey]   =>PUP.LinkeySearch^
[HKLM\Software\Wow6432Node\SmdmF]   =>PUP.SystemK^
[HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] (Linkey)   =>PUP.LinkeySearch^
~ Additionnel Scan: 344386 Items scanned in 00mn 48s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/  =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/  =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/  =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/  =>PUP.OnlySearch
http://nicolascoolman.fr/hijacker-browsers  =>Hijacker.Browsers
http://www.nicolascoolman.fr/blog/  =>Hijacker.OnlySearch
http://nicolascoolman.fr/pup-linkeysearch  =>PUP.LinkeySearch
http://nicolascoolman.fr/hijacker-torntv  =>Hijacker.TornTV
http://nicolascoolman.fr/pup-searchprotect  =>PUP.SearchProtect
http://nicolascoolman.fr/pup-linkidoo  =>PUP.LinkiDoo
http://nicolascoolman.fr/pup-1clickdownloader  =>PUP.1ClickDownloader
http://nicolascoolman.fr/adware-installcore  =>Adware.InstallCore
http://nicolascoolman.fr/pup-systemk  =>PUP.SystemK
http://nicolascoolman.fr/toolbar-deltasearch  =>Toolbar.DeltaSearch
http://nicolascoolman.fr/adware-opencandy  =>Adware.OpenCandy
http://nicolascoolman.fr/adware-megasearch  =>Adware.MegaSearch
http://nicolascoolman.fr/toolbar-conduit  =>Toolbar.Conduit
http://nicolascoolman.fr/pup-toolbarcleaner  =>PUP.ToolbarCleaner
http://nicolascoolman.fr/pup-babylon  =>PUP.Babylon
http://www.nicolascoolman.fr/blog/  =>Toolbar.AdAware
http://nicolascoolman.fr/pup-bprotector  =>PUP.BProtector
http://nicolascoolman.fr/adware-mywebsearch  =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-bandoo  =>Adware.Bandoo
~ MSI: 20 link(s) detected in 00mn 00s



~ 940 Legitimates filtered by white list
End of the scan (616 lines in 03mn 46s)(0.11)