Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.9.30.139 - Nicolas Coolman (28/09/2014)
~ Lancé par Black Dr House (02/10/2014 10:17:24)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17088
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v37.0.2062.124
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Pro N, 32-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
Kaspersky Anti-Virus 2013 v13.0.1.4190
Windows Defender W8 (Deactivate)
---\\ Logiciels d'optimisation du système
CCleaner v4.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader 7.0.8 - Français
Java 7 Update 55
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1011 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (17%) free of 97 GB
---\\ Mode de connexion au système
~ Computer Name: SHIKAMARU
~ User Name: Black Dr House
~ All Users Names: HomeGroupUser$, Black Dr House, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Black Dr House\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Black Dr House\AppData\Roaming\
~ %Desktop% : C:\Users\Black Dr House\Desktop\
~ %Favorites% : C:\Users\Black Dr House\Favorites\
~ %LocalAppData% : C:\Users\Black Dr House\AppData\Local\
~ %StartMenu% : C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 97 Go)
D: Hard drive, Flash drive, Thumb drive (Free 20 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 10:24:46.) -- C:\Windows\Explorer.exe [2106176]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 03:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.7D9284D509F8D17EEADE8A486BB3FC19] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/08/2014 - 07:37:20.) -- C:\Windows\System32\wininet.dll [1766400]
[MD5.89D6AFD5B257049375008BAA512910EE] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 07:24:27.) -- C:\Windows\System32\Winlogon.exe [429056]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 03:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.B92C9A8C3CAE22129CC5B4A920B00608] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 22:22:46.) -- C:\Windows\system32\Drivers\AFD.sys [439296]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 03:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 02:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 02:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.E608E26B536A42B5ACC145D25CB9F2AC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 23:42:26.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.6BFEBBA25AD34E5922E60349C721B1DD] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 22:51:26.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 02:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 02:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.A4E929694C33BF82E22F2F85E9B1A9A8] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.26/02/2014 - 23:19:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 02:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.6C816842AC5E2B0E033ED0BD1058E077] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 01:09:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1618264]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 02:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 02:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 02:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 04:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.C9C8573006D7A8391AFE35D99036B6A0] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 09:41:30.) -- C:\Windows\system32\Drivers\volsnap.sys [281344]
~ Generic Processes: Scanned in 00mn 07s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/349
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 3/832
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 07s
---\\ Processus lancés
[MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [53760] [PID.4604]
[MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.432]
[MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.820]
[MD5.2C637A38354C2395DBBAE2F592D9F922] - (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe [1240664] [PID.3008] =>P2P.BitTorrent
[MD5.D62000CD97ABBECD67A7CEB2520BCFEC] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3565432] [PID.3664]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128] [PID.1700]
[MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.4788]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [268248] [PID.1828]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\Windows\system32\wwahost.exe [333824] [PID.4540]
[MD5.674E33892FCFC25DF29954D017325C8C] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe [138672] [PID.5036]
[MD5.458D5355FA85F8BBC2B0FC814E7B9610] - (.AIMP DevTeam - AIMP3.) -- C:\Program Files\AIMP2\AIMP3.exe [1651144] [PID.5888]
[MD5.8D7E5DFCF38847001D05003B8DFE9F44] - (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe [2655744] [PID.6268] =>Adware.AddLyrics
[MD5.09252818AC12B2D32D6B4403C13BCF75] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8109568] [PID.8000]
~ Processes Running: Scanned in 00mn 07s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Black Dr House\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 12s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Black Dr House - wpexg04t.default] http://www.qwant.com
M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\anttoolbar@ant.com] [] Ant Video Downloader v2.4.7.26 (..)
M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\mozilla_cc@internetdownloadmanager.com] [] IDM CC v7.3.87 (..)
M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] [] Flash and Video Download v1.62 (..)
M2 - MFEP: Extension [Black Dr House - wpexg04t.default] {73a6fe31-595d-460b-a920-fcc0f8843232}
M2 - MFEP: Extension [Black Dr House - wpexg04t.default] {d9284e50-81fc-11da-a72b-0800200c9a66}
~ Firefox Browser: 17 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.8:5128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 01s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: MiniLyrics.lnk . (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics
O4 - GS\QuickLaunch [Black Dr House]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Black Dr House]: MiniLyrics.lnk . (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics
O4 - GS\Desktop [Black Dr House]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 14s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.BlackBerry Limited - Launch Agent Service.) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [RIM PeerManager] . (.Research In Motion Limited - BlackBerry Link Peer Manager.) -- C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Black Dr House\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [iCall] . (...) -- C:\Program Files\iCall\iCall.exe
O4 - HKCU\..\Run: [Connectify] . (.Connectify - Connectify.) -- C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [BlackBerryLink.exe] . (.Research In Motion - BlackBerry Link.) -- C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Black Dr House\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [iCall] . (...) -- C:\Program Files\iCall\iCall.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [Connectify] . (.Connectify - Connectify.) -- C:\Program Files\Connectify\Connectify.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [BlackBerryLink.exe] . (.Research In Motion - BlackBerry Link.) -- C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ED0056-882C-4738-AC5B-476709AD9D35}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D7B7226-F140-483C-93C1-58924E9179D8}: DhcpNameServer = 192.168.1.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E48220F-B071-4439-BF08-8371FA29D20B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B28EE18B-3581-4EE9-8942-5AA5D0F4A5BE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFCB986E-B9E6-463B-8C6D-AC479B536AC0}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{07ED0056-882C-4738-AC5B-476709AD9D35}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D7B7226-F140-483C-93C1-58924E9179D8}: DhcpNameServer = 192.168.1.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{9E48220F-B071-4439-BF08-8371FA29D20B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B28EE18B-3581-4EE9-8942-5AA5D0F4A5BE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CFCB986E-B9E6-463B-8C6D-AC479B536AC0}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.111
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
~ Services: 10 Legitimates Filtered in 00mn 43s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0080C979-9C1C-4555-B1A4-AD03FF6C519F}] (...) -- C:\Program Files\AutoWebCam\AutoWebCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{93346090-6BAA-41F9-89CC-9D784B4060A5}] (...) -- D:\Softs\SAGE100W1501\SAGE100W1501\ACCUEIL.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.AutoKMS
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2848144295-4134200061-2399204276-1001Core [952]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2848144295-4134200061-2399204276-1001UA [974]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1088]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1092]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 35s
---\\ Logiciels installés (O42)
O42 - Logiciel: Learn to Speak English Deluxe 10 - (.eLanguage.) [HKLM] -- {F9D3C89A-76BE-4BC9-8F43-5707BE38AF3E}
O42 - Logiciel: Stegano 1.3 - (...) [HKLM] -- Stegano
O42 - Logiciel: iCall - (.iCall, Inc.) [HKLM] -- iCall 7.1.524
~ Logic: 16 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\WandouLabs]
[HKCU\Software\eLanguage]
[HKCU\Software\icall]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\eLanguage]
[HKLM\Software\iCall, Inc]
~ Key Software: 224 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/08/2013 - 22:01:20 - [] ----D C:\Program Files\eLanguage
O43 - CFD: 20/08/2013 - 08:46:59 - [] ----D C:\Program Files\iCall
O43 - CFD: 16/07/2013 - 21:36:07 - [] ----D C:\Program Files\Revo
O43 - CFD: 24/08/2013 - 10:50:16 - [] ----D C:\Program Files\Stegano
O43 - CFD: 26/08/2013 - 22:02:37 - [] ----D C:\ProgramData\eLanguage
O43 - CFD: 26/08/2013 - 22:16:24 - [] ----D C:\Users\Black Dr House\AppData\Roaming\eLanguage
O43 - CFD: 19/08/2013 - 20:51:27 - [] ----D C:\Users\Black Dr House\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 06/05/2014 - 22:38:55 - [] ----D C:\Users\Black Dr House\AppData\Roaming\WandoujiaUsbDriver
O43 - CFD: 19/08/2013 - 20:50:30 - [] ----D C:\Users\Black Dr House\AppData\Local\icall
O43 - CFD: 06/05/2014 - 23:48:21 - [0] ----D C:\Users\Black Dr House\AppData\Local\Wandoujia2
O43 - CFD: 11/02/2014 - 12:41:17 - [] ----D C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 24/08/2013 - 10:50:15 - [0] ----D C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stegano
~ Program Folder: 164 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6FCAA36622C30B069EE63A0DA0AEC548] - 17/09/2014 - 21:11:44 ---A- . (...) -- C:\[www.Cpasbien.pe] The.Expendables.3.2014.FANSUB.VOSTFR.DVDSCR.XViD-ATN.avi [1469575168]
~ Files: 69 Legitimates Filtered in 05mn 14s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 04s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{14aae776-c719-11e3-a390-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
O51 - MPSK:{22c7f627-ee12-11e2-a2c2-e89a8fdbd6f4}\AutoRun\command. (...) -- G:\index.html (.not file.)
O51 - MPSK:{ba4aad03-2147-11e4-a3a1-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{c74a965c-5213-11e3-a346-74de2b38f976}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
O51 - MPSK:{e384bf1a-d55d-11e3-a394-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\start.exe (.not file.)
O51 - MPSK:{f636fd7c-0ca2-11e3-a2db-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
O51 - MPSK:{f636fdac-0ca2-11e3-a2db-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 07s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/11/2013 - 14:13:08 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [27248]
O58 - SDL:16/07/2013 - 21:48:54 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240]
O58 - SDL:22/04/2014 - 00:07:23 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:22/11/2012 - 00:43:14 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [100216]
O58 - SDL:22/04/2014 - 00:07:27 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:16/07/2013 - 23:25:10 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [138904]
O58 - SDL:02/12/2013 - 12:34:48 ---A- . (.BlackBerry Limited - BlackBerry Device Driver.) -- C:\Windows\System32\Drivers\RimUsb.sys [68096]
O58 - SDL:20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:20/08/2013 - 07:02:16 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [182680]
O58 - SDL:26/07/2012 - 03:42:15 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26352]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
~ Drivers: 89 Legitimates Filtered in 00mn 32s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FD1EBD08B2D2EC34C1F528F59F3208D4] [SPRF][03/09/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.475048300F9919381C60A3701430CFD7] [SPRF][16/07/2013] (...) -- C:\Users\Black Dr House\AppData\Roaming\PnkBstrK.sys [138904]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{BC7C9842-52FF-4B84-92BE-AC7CE7A690B8}C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{A92214CC-D7C9-446A-ADFA-6FEFA827B813}C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 11s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/05/2012 65536 | (Connectify) . (...) - C:\Program Files\Connectify\ConnectifyService.exe
SS - | Auto 23/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SR - | Demand 21/01/2014 585728 | (BlackBerry Device Manager) . (.BlackBerry Limited.) - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Auto 02/02/2012 342984 | (InternetEverywhere_Service) . (...) - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
SR - | Auto 04/09/2012 233864 | (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 16/07/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 16/07/2013 189248 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe
SR - | Auto 22/01/2014 389632 | (RIM MDNS) . (.Apple Inc..) - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
SR - | Auto 22/01/2014 1309696 | (RIM Tunnel Service) . (.Research In Motion Limited.) - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
SR - | Demand 28/03/2014 14480 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
~ Services: Scanned in 01mn 58s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/09/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^
C:\Users\Black Dr House\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^
C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics^
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 314131 Items scanned in 09mn 12s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 6 link(s) detected in 00mn 00s
~ 659 Legitimates filtered by white list
End of the scan (461 lines in 31mn 52s)(0)
~ Lancé par Black Dr House (02/10/2014 10:17:24)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17088
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v37.0.2062.124
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Pro N, 32-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
Kaspersky Anti-Virus 2013 v13.0.1.4190
Windows Defender W8 (Deactivate)
---\\ Logiciels d'optimisation du système
CCleaner v4.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader 7.0.8 - Français
Java 7 Update 55
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1011 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (17%) free of 97 GB
---\\ Mode de connexion au système
~ Computer Name: SHIKAMARU
~ User Name: Black Dr House
~ All Users Names: HomeGroupUser$, Black Dr House, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Black Dr House\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Black Dr House\AppData\Roaming\
~ %Desktop% : C:\Users\Black Dr House\Desktop\
~ %Favorites% : C:\Users\Black Dr House\Favorites\
~ %LocalAppData% : C:\Users\Black Dr House\AppData\Local\
~ %StartMenu% : C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 97 Go)
D: Hard drive, Flash drive, Thumb drive (Free 20 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 10:24:46.) -- C:\Windows\Explorer.exe [2106176]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 03:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.7D9284D509F8D17EEADE8A486BB3FC19] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/08/2014 - 07:37:20.) -- C:\Windows\System32\wininet.dll [1766400]
[MD5.89D6AFD5B257049375008BAA512910EE] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 07:24:27.) -- C:\Windows\System32\Winlogon.exe [429056]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 03:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.B92C9A8C3CAE22129CC5B4A920B00608] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 22:22:46.) -- C:\Windows\system32\Drivers\AFD.sys [439296]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 03:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 02:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 02:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.E608E26B536A42B5ACC145D25CB9F2AC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 23:42:26.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.6BFEBBA25AD34E5922E60349C721B1DD] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 22:51:26.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 02:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 02:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.A4E929694C33BF82E22F2F85E9B1A9A8] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.26/02/2014 - 23:19:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 02:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.6C816842AC5E2B0E033ED0BD1058E077] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 01:09:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1618264]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 02:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 02:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 02:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 04:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.C9C8573006D7A8391AFE35D99036B6A0] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 09:41:30.) -- C:\Windows\system32\Drivers\volsnap.sys [281344]
~ Generic Processes: Scanned in 00mn 07s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/349
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 3/832
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 07s
---\\ Processus lancés
[MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [53760] [PID.4604]
[MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.432]
[MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.820]
[MD5.2C637A38354C2395DBBAE2F592D9F922] - (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe [1240664] [PID.3008] =>P2P.BitTorrent
[MD5.D62000CD97ABBECD67A7CEB2520BCFEC] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3565432] [PID.3664]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128] [PID.1700]
[MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.4788]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [268248] [PID.1828]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\Windows\system32\wwahost.exe [333824] [PID.4540]
[MD5.674E33892FCFC25DF29954D017325C8C] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe [138672] [PID.5036]
[MD5.458D5355FA85F8BBC2B0FC814E7B9610] - (.AIMP DevTeam - AIMP3.) -- C:\Program Files\AIMP2\AIMP3.exe [1651144] [PID.5888]
[MD5.8D7E5DFCF38847001D05003B8DFE9F44] - (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe [2655744] [PID.6268] =>Adware.AddLyrics
[MD5.09252818AC12B2D32D6B4403C13BCF75] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8109568] [PID.8000]
~ Processes Running: Scanned in 00mn 07s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Black Dr House\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 12s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Black Dr House - wpexg04t.default] http://www.qwant.com
M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\anttoolbar@ant.com] [] Ant Video Downloader v2.4.7.26 (..)
M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\mozilla_cc@internetdownloadmanager.com] [] IDM CC v7.3.87 (..)
M2 - MFEP: prefs.js [Black Dr House - wpexg04t.default\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] [] Flash and Video Download v1.62 (..)
M2 - MFEP: Extension [Black Dr House - wpexg04t.default] {73a6fe31-595d-460b-a920-fcc0f8843232}
M2 - MFEP: Extension [Black Dr House - wpexg04t.default] {d9284e50-81fc-11da-a72b-0800200c9a66}
~ Firefox Browser: 17 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.8:5128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 01s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: MiniLyrics.lnk . (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics
O4 - GS\QuickLaunch [Black Dr House]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Black Dr House]: MiniLyrics.lnk . (.Crintsoft - Pas de description.) -- C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics
O4 - GS\Desktop [Black Dr House]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 14s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.BlackBerry Limited - Launch Agent Service.) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [RIM PeerManager] . (.Research In Motion Limited - BlackBerry Link Peer Manager.) -- C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Black Dr House\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [iCall] . (...) -- C:\Program Files\iCall\iCall.exe
O4 - HKCU\..\Run: [Connectify] . (.Connectify - Connectify.) -- C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [BlackBerryLink.exe] . (.Research In Motion - BlackBerry Link.) -- C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Black Dr House\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [iCall] . (...) -- C:\Program Files\iCall\iCall.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [Connectify] . (.Connectify - Connectify.) -- C:\Program Files\Connectify\Connectify.exe
O4 - HKUS\S-1-5-21-2848144295-4134200061-2399204276-1001\..\Run: [BlackBerryLink.exe] . (.Research In Motion - BlackBerry Link.) -- C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ED0056-882C-4738-AC5B-476709AD9D35}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D7B7226-F140-483C-93C1-58924E9179D8}: DhcpNameServer = 192.168.1.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E48220F-B071-4439-BF08-8371FA29D20B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B28EE18B-3581-4EE9-8942-5AA5D0F4A5BE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFCB986E-B9E6-463B-8C6D-AC479B536AC0}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{07ED0056-882C-4738-AC5B-476709AD9D35}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D7B7226-F140-483C-93C1-58924E9179D8}: DhcpNameServer = 192.168.1.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{9E48220F-B071-4439-BF08-8371FA29D20B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B28EE18B-3581-4EE9-8942-5AA5D0F4A5BE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CFCB986E-B9E6-463B-8C6D-AC479B536AC0}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.111
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
~ Services: 10 Legitimates Filtered in 00mn 43s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0080C979-9C1C-4555-B1A4-AD03FF6C519F}] (...) -- C:\Program Files\AutoWebCam\AutoWebCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{93346090-6BAA-41F9-89CC-9D784B4060A5}] (...) -- D:\Softs\SAGE100W1501\SAGE100W1501\ACCUEIL.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.AutoKMS
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2848144295-4134200061-2399204276-1001Core [952]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2848144295-4134200061-2399204276-1001UA [974]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1088]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1092]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 35s
---\\ Logiciels installés (O42)
O42 - Logiciel: Learn to Speak English Deluxe 10 - (.eLanguage.) [HKLM] -- {F9D3C89A-76BE-4BC9-8F43-5707BE38AF3E}
O42 - Logiciel: Stegano 1.3 - (...) [HKLM] -- Stegano
O42 - Logiciel: iCall - (.iCall, Inc.) [HKLM] -- iCall 7.1.524
~ Logic: 16 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\WandouLabs]
[HKCU\Software\eLanguage]
[HKCU\Software\icall]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\eLanguage]
[HKLM\Software\iCall, Inc]
~ Key Software: 224 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/08/2013 - 22:01:20 - [] ----D C:\Program Files\eLanguage
O43 - CFD: 20/08/2013 - 08:46:59 - [] ----D C:\Program Files\iCall
O43 - CFD: 16/07/2013 - 21:36:07 - [] ----D C:\Program Files\Revo
O43 - CFD: 24/08/2013 - 10:50:16 - [] ----D C:\Program Files\Stegano
O43 - CFD: 26/08/2013 - 22:02:37 - [] ----D C:\ProgramData\eLanguage
O43 - CFD: 26/08/2013 - 22:16:24 - [] ----D C:\Users\Black Dr House\AppData\Roaming\eLanguage
O43 - CFD: 19/08/2013 - 20:51:27 - [] ----D C:\Users\Black Dr House\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 06/05/2014 - 22:38:55 - [] ----D C:\Users\Black Dr House\AppData\Roaming\WandoujiaUsbDriver
O43 - CFD: 19/08/2013 - 20:50:30 - [] ----D C:\Users\Black Dr House\AppData\Local\icall
O43 - CFD: 06/05/2014 - 23:48:21 - [0] ----D C:\Users\Black Dr House\AppData\Local\Wandoujia2
O43 - CFD: 11/02/2014 - 12:41:17 - [] ----D C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 24/08/2013 - 10:50:15 - [0] ----D C:\Users\Black Dr House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stegano
~ Program Folder: 164 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6FCAA36622C30B069EE63A0DA0AEC548] - 17/09/2014 - 21:11:44 ---A- . (...) -- C:\[www.Cpasbien.pe] The.Expendables.3.2014.FANSUB.VOSTFR.DVDSCR.XViD-ATN.avi [1469575168]
~ Files: 69 Legitimates Filtered in 05mn 14s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 04s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{14aae776-c719-11e3-a390-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
O51 - MPSK:{22c7f627-ee12-11e2-a2c2-e89a8fdbd6f4}\AutoRun\command. (...) -- G:\index.html (.not file.)
O51 - MPSK:{ba4aad03-2147-11e4-a3a1-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{c74a965c-5213-11e3-a346-74de2b38f976}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
O51 - MPSK:{e384bf1a-d55d-11e3-a394-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\start.exe (.not file.)
O51 - MPSK:{f636fd7c-0ca2-11e3-a2db-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
O51 - MPSK:{f636fdac-0ca2-11e3-a2db-e89a8fdbd6f4}\AutoRun\command. (...) -- E:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 07s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/11/2013 - 14:13:08 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [27248]
O58 - SDL:16/07/2013 - 21:48:54 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240]
O58 - SDL:22/04/2014 - 00:07:23 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:22/11/2012 - 00:43:14 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [100216]
O58 - SDL:22/04/2014 - 00:07:27 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:16/07/2013 - 23:25:10 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [138904]
O58 - SDL:02/12/2013 - 12:34:48 ---A- . (.BlackBerry Limited - BlackBerry Device Driver.) -- C:\Windows\System32\Drivers\RimUsb.sys [68096]
O58 - SDL:20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:20/08/2013 - 07:02:16 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [182680]
O58 - SDL:26/07/2012 - 03:42:15 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26352]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
~ Drivers: 89 Legitimates Filtered in 00mn 32s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FD1EBD08B2D2EC34C1F528F59F3208D4] [SPRF][03/09/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.475048300F9919381C60A3701430CFD7] [SPRF][16/07/2013] (...) -- C:\Users\Black Dr House\AppData\Roaming\PnkBstrK.sys [138904]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{BC7C9842-52FF-4B84-92BE-AC7CE7A690B8}C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{A92214CC-D7C9-446A-ADFA-6FEFA827B813}C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\black dr house\appdata\roaming\bittorrent\bittorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 11s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/05/2012 65536 | (Connectify) . (...) - C:\Program Files\Connectify\ConnectifyService.exe
SS - | Auto 23/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SR - | Demand 21/01/2014 585728 | (BlackBerry Device Manager) . (.BlackBerry Limited.) - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Auto 02/02/2012 342984 | (InternetEverywhere_Service) . (...) - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
SR - | Auto 04/09/2012 233864 | (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 16/07/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 16/07/2013 189248 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe
SR - | Auto 22/01/2014 389632 | (RIM MDNS) . (.Apple Inc..) - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
SR - | Auto 22/01/2014 1309696 | (RIM Tunnel Service) . (.Research In Motion Limited.) - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
SR - | Demand 28/03/2014 14480 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
~ Services: Scanned in 01mn 58s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/09/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^
C:\Users\Black Dr House\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Black Dr House\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^
C:\Program Files\Minilyrics\MiniLyrics.exe =>Adware.AddLyrics^
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 314131 Items scanned in 09mn 12s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 6 link(s) detected in 00mn 00s
~ 659 Legitimates filtered by white list
End of the scan (461 lines in 31mn 52s)(0)