~ ZHPDiag v2016.12.24.251 Par Nicolas Coolman (2016/12/24)
~ Démarré par BOB (Administrator)  (2017/03/01 14:08:22)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Etat de la version:  
~ Mode: Scanner
~ Rapport: C:\Users\BOB\Desktop\ZHPDiag.txt
~ Rapport: C:\Users\BOB\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ Démarrage du système: Normal (Normal boot)
Windows 7 Professional, 64-bit  (Build 7600)  =>.Microsoft Corporation

---\\ Informations sur les produits Windows (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ Logiciels de partage P2P (1) - 3s
~ µTorrent v3.4.9.43085 (P2P)

---\\ Informations sur le système (6) - 0s
~ Operating System: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System:  64-bit 
~ Boot mode: Normal (Normal boot)
Total RAM: 3988.156 MB (43% free) : OK  =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 44 GB (28%) free of 155 GB : OK  =>.Disk Space

---\\ Mode de connexion au système (3) - 0s
~ Computer Name: BOB-PC
~ User Name: BOB
~ Logged in as Administrator

---\\ Etat du Centre de Sécurité Windows (12) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] AutoConfigUrl: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Recherche particulière de fichiers génériques (26) - 2s
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - 14/07/2009 - (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\Explorer.exe [2868224]  =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568]  =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Application de démarrage de Windows.) -- C:\Windows\System32\Wininit.exe [129024]  =>.Microsoft Corporation
[MD5.B1037F0131C9A010D611F6914E03CD92] - 14/07/2009 - (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\System32\wininet.dll [1193472]  =>.Microsoft Corporation
[MD5.132328DF455B0028F13BF0ABEE51A63A] - 14/07/2009 - (.Microsoft Corporation - Application d’ouverture de session Windows.) -- C:\Windows\System32\Winlogon.exe [389120]  =>.Microsoft Corporation
[MD5.75341574F21E766748732BDF530C74BD] - 14/07/2009 - (.Microsoft Corporation - Bibliothèque de licences.) -- C:\Windows\System32\sppcomapi.dll [231936]  =>.Microsoft Corporation
[MD5.05A2D26ACF0939A4E97160315F1FA12E] - 14/07/2009 - (.Microsoft Corporation - DNS DLL de l’API Client.) -- C:\Windows\System32\dnsapi.dll [356352]  =>.Microsoft Corporation
[MD5.6D5A49D6479EB753C7879F73A4C35E0F] - 14/07/2009 - (.Microsoft Corporation - DNS DLL de l’API Client.) -- C:\Windows\Syswow64\dnsapi.dll [269824]  =>.Microsoft Corporation
[MD5.F2521C3173E6027B3FBD5E44272BDF6C] - 14/07/2009 - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) -- C:\Windows\System32\fr-FR\user32.dll.mui [19968]  =>.Microsoft Corporation
[MD5.B9384E03479D2506BC924C16A3DB87BC] - 14/07/2009 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [500224]  =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128]  =>.Microsoft Corporation
[MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160]  =>.Microsoft Corporation
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - 14/07/2009 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456]  =>.Microsoft Corporation
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - 14/07/2009 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400]  =>.Microsoft Corporation
[MD5.0A49913402747A0B67DE940FB42CBDBB] - 14/07/2009 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368]  =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 0 - (.Microsoft Corporation - Pilote de port i8042.) -- C:\Windows\System32\drivers\i8042prt.sys [0]  =>.Microsoft Corporation
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\IpNat.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\MRxSmb.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\netBT.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\ntfs.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\Parport.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\Rasl2tp.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\rdpdr.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\smb.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\tdx.sys [0]
[MD5.00000000000000000000000000000000] - 0 - (.Auteurs - .) -- C:\Windows\System32\drivers\volsnap.sys [0]

---\\ Google Chrome, Démarrage,Recherche,Extensions (19) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://222.186.50.25:7055
G0 - GCSP: Preferences [User Data\Default][HomePage] http://pagead2.googlesyndication.com  =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://qtipr.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://cm.g.doubleclick.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://googleads.g.doubleclick.net  =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://tpc.googlesyndication.com  =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com  =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com  =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com  =>.Google Inc.
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest  =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router  =>.Google Inc.

---\\ Firefox, Plugins,Demarrage,Recherche,Extensions (14) - 4s
P2 - EXT FILE: (.Firefox Hello Beta - Web sharing for Firefox.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\loop@mozilla.org.xpi  =>.Firefox Hello Beta
P2 - EXT FILE: (.Aaron Boodman; http://youngpup.net/ - A User Script Manager for Firefox.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi  =>.Aaron Boodman; http://youngpup.net/
P2 - EXT FILE: (.findit - findit description.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\searchplugins\findit.xml  =>PUP.Optional.SmartBar
P2 - EXT FILE: (...) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\searchplugins\WebSearch.xml  =>PUP.Optional.SimpleSearches
P2 - EXT: (. - quiz games.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\a6tJKUvBs@gmail.com
P2 - EXT: (. - youtubeadblocker.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\cd@Y4gT4w.org
P2 - EXT: (. - SaloePlausu.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\E349uK@o.com
P2 - EXT: (. - SoallePluus.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\ghCLzVy@w2h.com
P2 - EXT: (. - UniDeals o.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\kpLLhK@xuzZ.edu
P2 - EXT: (.Cinema Plus - CinemaP-1.9c.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\OIBMBKA115048682@HYKFIU97176590.com  =>PUP.Optional.CrossRider
P2 - EXT: (.Tony Schilling - Cookie Monster.) -- C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}  =>.Tony Schilling
P2 - FPN: [HKLM] [@microsoft.com/Lync,version=15.0] - (.Microsoft.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll  =>.Microsoft
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate.) -- C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll  =>PUP.Optional.GlobalUpdate
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate.) -- C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll  =>PUP.Optional.GlobalUpdate

---\\ Opera, Démarrage,Recherche,Plugins (1) - 0s
B2 - EXT: [quiz games] C:\Users\BOB\AppData\Roaming\Opera Software\Opera Stable\Extensions\gijpiklekffjdhakddncmmfoljbopjka

---\\ Internet Explorer,Démarrage,Recherche,URLSearchHook (17) - 1s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolnGTOlmSCjbuKK_GFH_Wdrj4eGe_hG9YjZhyqj6WtxYnVOPvimLSUQYhAluB6LJa_LSjiSSB6udsktgvH9v0N4_wnhLDqjIFwx3pBwMJ7f0T0ZBxVlFrYJiwgQneAb7v4AvyFegR4h0FR1JKQE_74RJnm7ag,,  =>.Superfluous.Linkury
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/  =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/  =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrgnclvs1ac6snoh2tlpbfgrogfolngtolmscjbukk_gfh_wdrj4ege_hg9yjzhyqj6wtxynvopvimlsuqyhalub6lja_h8rskfbflyhxqs2hgaq4ziqtlmtphmk811u2t-ztzppvhzkywurvdnj4coqpxdiq92-f2wzwwbhoivpkcmxhctiseow,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrgnclvs1ac6snoh2tlpbfgrogfolngtolmscjbukk_gfh_wdrj4ege_hg9yjzhyqj6wtxynvopvimlsuqyhalub6lja_h8rskfbflyhxqs2hgaq4ziqtlmtphmk811u2t-ztzppvhzkywurvdnj4coqpxdiq92-f2wzwwbhoivpkcmxhctiseow,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk  =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrgnclvs1ac6snoh2tlpbfgrogfolngtolmscjbukk_gfh_wdrj4ege_hg9yjzhyqj6wtxynvopvimlsuqyhalub6lja_h8rskfbflyhxqs2hgaq4ziqtlmtphmk811u2t-ztzppvhzkywurvdnj4coqpxdiq92-f2wzwwbhoivpkcmxhctiseow,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrgnclvs1ac6snoh2tlpbfgrogfolngtolmscjbukk_gfh_wdrj4ege_hg9yjzhyqj6wtxynvopvimlsuqyhalub6lja_h8rskfbflyhxqs2hgaq4ziqtlmtphmk811u2t-ztzppvhzkywurvdnj4coqpxdiq92-f2wzwwbhoivpkcmxhctiseow,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk  =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-560240018-1254437602-1933369308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrgnclvs1ac6snoh2tlpbfgrogfolngtolmscjbukk_gfh_wdrj4ege_hg9yjzhyqj6wtxynvopvimlsuqyhalub6lja_h8rskfbflyhxqs2hgaq4ziqtlmtphmk811u2t-ztzppvhzkywurvdnj4coqpxdiq92-f2wzwwbhoivpkcmxhctiseow,,&q={searchterms}  =>.Superfluous.Linkury
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan  =>.Microsoft Internet Explorer

---\\ Internet Explorer,Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [http://nostopped.net/]

---\\ Internet Explorer,IniFiles, Autoloading programs (4) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.)  =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)  =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.)  =>.Microsoft Corporation
F3 - REG:win.ini: load=C:\ProgramData\msyaserpq.exe

---\\ Scan Additionnel (11) - 0s
C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\searchplugins\findit.xml  =>PUP.Optional.SmartBar
C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\searchplugins\WebSearch.xml  =>PUP.Optional.SimpleSearches
C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\ajy78157.default\extensions\OIBMBKA115048682@HYKFIU97176590.com  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10  =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4  =>PUP.Optional.GlobalUpdate
C:\Users\BOB\AppData\Roaming\csrss.exe  =>Heuristic.Suspect
C:\Users\BOB\AppData\Roaming\rundll3.exe  =>Heuristic.Suspect
C:\Users\BOB\AppData\Roaming\rundll32.exe  =>Heuristic.Suspect
C:\Users\BOB\AppData\Roaming\Saileco.exe  =>Heuristic.Suspect
C:\Users\BOB\AppData\Roaming\Strongsing.exe  =>Heuristic.Suspect
C:\Users\BOB\AppData\Roaming\svchost.exe  =>Heuristic.Suspect

---\\ Récapitulatif des éléments trouvés sur votre station (6) - 0s
https://www.nicolascoolman.com/fr/hijacker-smartbar/  =>PUP.Optional.SmartBar
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.SimpleSearches
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/  =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/pup-globalupdate/  =>PUP.Optional.GlobalUpdate
https://www.anti-malware.top/2016/08/02/superfluous-linkury/  =>.Superfluous.Linkury
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect

~ End of the scan, 50705 items in 02mn49s (171)