Répondre à : Besoin d’aide pense être infecter SVP ??????? 2016-09-08T13:46:08+00:00
Photo du profil de monsieur1monsieur1
Participant
Post count: 5

[spoiler:2jtzw9cp]~ Rapport de ZHPDiag v2014.6.12.90 – Nicolas Coolman (2014-06-12)
~ Lancé par john (2014-06-13 22:58:03)
~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17126
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v35.0.1916.153

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System – Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3VD38
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Kaspersky Internet Security v14.0.0.4651
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 60
Java 7 Update 60

—\ Informations sur le système
~ Processor: AMD64 Family 21 Model 16 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7375 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 390 GB (83%) free of 466 GB

—\ Mode de connexion au système
~ Computer Name: john-PC
~ User Name: john
~ All Users Names: john, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersjohnAppDataRoamingZHP
~ %AppData% : C:UsersjohnAppDataRoaming
~ %Desktop% : C:UsersjohnDesktop
~ %Favorites% : C:UsersjohnFavorites
~ %LocalAppData% : C:UsersjohnAppDataLocal
~ %StartMenu% : C:UsersjohnAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 390 Go of 466 Go)
D: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.2011-02-25 – 01:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.2009-07-13 – 20:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.2014-05-30 – 02:56:56.) — C:WindowsSystem32wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.2014-03-04 – 04:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.2010-11-20 – 22:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.2013-09-27 – 20:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.2009-07-13 – 20:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.2009-07-13 – 18:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.2010-11-20 – 22:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.2010-11-20 – 22:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.2010-11-20 – 22:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.2009-07-13 – 18:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.2009-07-13 – 19:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.2011-04-26 – 21:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.2010-11-20 – 22:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.2014-01-23 – 21:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.2009-07-13 – 19:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.2010-11-20 – 22:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.2010-11-20 – 22:25:07.) — C:Windowssystem32Driversrdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.2009-07-13 – 19:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.2010-11-20 – 22:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.2010-11-20 – 22:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/16
~ Mes Favoris (My Favorites) : 1/213
~ Mes Documents (My Documents) : 1/373
~ Mon Bureau (My Desktop) : 1/991
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.B96D82EA7BC9A842028559968E9570D4] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 14.0.0avpui.exe [1004864] [PID.3424]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6970168] [PID.3888]
[MD5.053C93D5967E08748DBA0E132EAEC0B3] – (.Advanced Micro Devices, Inc. – AMD USB 3.0 Device Detector.) — C:Program Files (x86)ATI TechnologiesAMDUSB3DeviceDetectornusb3mon.exe [97280] [PID.3788]
[MD5.35F97E7C110FC49D4FFB290D5FD8A0DE] – (.Druide informatique inc. – AgentAntidote.) — C:Program Files (x86)DruideAntidote 8Programmes32AgentAntidote.exe [1130280] [PID.4948]
[MD5.648584CDD57A2392993EC4155D1C09E2] – (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe [22415552] [PID.4912]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.620]
[MD5.ABBA6869E600C7F1DDAB73DFFF122D42] – (.Belkin International, Inc. – Belkin Network USB Hub Control Center.) — C:Program FilesBelkinNetwork USB Hub Control CenterConnect.exe [790651] [PID.2020]
[MD5.6B2DD56DD048F6FEF998737BE88A17AC] – (.Glarysoft Ltd – Glary Utilities 5.) — C:Program Files (x86)Glary Utilities 5Integrator.exe [792864] [PID.4880]
[MD5.1B4E3C00644E16D963CC7963C154828A] – (.MSI – Super-Charger.) — C:Program Files (x86)MSISuper-ChargerSuper-Charger.exe [1047536] [PID.4236]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.208]
[MD5.443078EF67B609725CE3F76CC3A52156] – (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe [5545328] [PID.4648]
[MD5.99AC936C6BB6CC8044809B8995E86B05] – (.Druide informatique inc. – MoteurIntegration.) — C:Program Files (x86)DruideAntidote 8Programmes32MoteurIntegration.exe [645928] [PID.5228]
[MD5.B1E01D636350983E94171E229C759468] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3556]
[MD5.4F87179386948D61FBF74B0DDF265170] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.168]
[MD5.038053B5DB6B0DCFB32B7682334B7625] – (.Adobe Systems, Inc. – Adobe Flash Player 13.0 r0.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_214.exe [1863856] [PID.6636]
[MD5.52A15203DD8B6EB9F6C7D675D6D773A5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8067072] [PID.3564]
[MD5.B362181ED3771DC03B4141927C80F801] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65432] [PID.1824]
[MD5.221564CC7BE37611FE15EACF443E1BF6] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1944]
[MD5.0D2F8F4055903A762AD46204E5A42E86] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 14.0.0avp.exe [214512] [PID.1976]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.1120]
[MD5.4F45ED469906494F9BF754E476390DBD] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472] [PID.2060]
[MD5.48EC03865CEE3EA81926789AA06F3A0D] – (.MSI – Super-Charger Service.) — C:Program Files (x86)MSISuper-ChargerChargeService.exe [161776] [PID.2196]
[MD5.2B29FD3AF7B4FEB272CD1F6EEC8FE4BA] – (.TeamViewer GmbH – TeamViewer 9.) — C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe [4915040] [PID.2304]
[MD5.1924EC48CC26D0A2C445E03A5592FF7A] – (.Western Digital Technologies, Inc. – WD Drive Service.) — C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe [271728] [PID.2488]
~ Processes Running: Scanned in 00mn 00s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersjohnAppDataRoamingMozillaFirefoxProfiles7hkwqwb4.defaultprefs.js
M2 – MFEP: prefs.js [john – 7hkwqwb4.defaultantidote7_win_firefox_103@druide.com] [] Module d'Antidote v8.16.39 (..)
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSQuickLaunch [john]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersjohnAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSDesktop [john]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersjohnAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 04s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKLM..Run: [NUSB3MON] . (.Advanced Micro Devices, Inc. – AMD USB 3.0 Device Detector.) — C:Program Files (x86)ATI TechnologiesAMDUSB3DeviceDetectornusb3mon.exe
O4 – HKLM..Run: [EvtMgr6] . (.Logitech, Inc. – Logitech SetPoint Event Manager (UNICODE).) — C:Program FilesLogitechSetPointPSetPoint.exe
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [AgentAntidote32] . (.Druide informatique inc. – AgentAntidote.) — C:Program Files (x86)DruideAntidote 8Programmes32AgentAntidote.exe
O4 – HKLM..Run: [AgentAntidote64] . (.Druide informatique inc. – AgentAntidote.) — C:Program Files (x86)DruideAntidote 8Programmes64AgentAntidote.exe
O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe
O4 – HKCU..Run: [GUDelayStartup] . (.Glarysoft Ltd – StartupManager.) — C:Program Files (x86)Glary Utilities 5StartupManager.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKLM..Wow6432NodeRun: [Super-Charger] . (.MSI – Super-Charger.) — C:Program Files (x86)MSISuper-ChargerSuper-Charger.exe
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-Staticamd64CLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [CloneCDTray] . (.SlySoft, Inc. – CloneCD Tray.) — C:Program Files (x86)SlySoftCloneCDCloneCDTray.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKLM..Wow6432NodeRun: [SwitchBoard] . (.Adobe Systems Incorporated – SwitchBoard Server (32 bit).) — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O4 – HKLM..Wow6432NodeRun: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated – Adobe CS5 Service Manager.) — C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe
O4 – HKLM..Wow6432NodeRun: [WD Quick View] . (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe =>.Western Digital Technologies
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-2418020115-3038648256-3463316840-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-2418020115-3038648256-3463316840-1000..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe
O4 – HKUSS-1-5-21-2418020115-3038648256-3463316840-1000..Run: [GUDelayStartup] . (.Glarysoft Ltd – StartupManager.) — C:Program Files (x86)Glary Utilities 5StartupManager.exe
O4 – HKUSS-1-5-21-2418020115-3038648256-3463316840-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: Clavier virtuel [64Bits] – {0C4CC089-D306-440D-9772-464E226F6539} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 14.0.0kbrd.ico
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll =>.Microsoft Corporation
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll =>.Microsoft Corporation
O9 – Extra button: Analyse des liens [64Bits] – {CCF151D8-D089-449F-A5A4-D9909053F20F} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 14.0.0logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{2C01F0E6-12FE-4ADA-B93F-A95708F7D7D0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{2C01F0E6-12FE-4ADA-B93F-A95708F7D7D0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{2C01F0E6-12FE-4ADA-B93F-A95708F7D7D0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: video/x-flv [64Bits] – {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices – MIME Video Detector for IE.) — C:Program FilesAMDSteadyVideoVideoMIMEFilter.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: LBTWlgn . (.Logitech, Inc. – Logitech Bluetooth Service.) — c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: (no name) [64Bits] – {1984DD45-52CF-49cd-AB77-18F378FEA264} – (.not file.)
~ STS/SSO: Scanned in 00mn 00s

—\ Enumère les données de BootExecute (BEX) (O34)
O34 – HKLM BootExecute: (autocheck autochk * ) – File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.DD3A4BEBE7EA3E75F71F3D9E9E2AA016] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [3798528] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [GlaryOneClickOptimizer 5] (…) — C:Program Files (x86)Glary Utilities 5OneClickMaintenance.exe (.not file.) [0]
O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
O39 – APT: – (..) — C:WindowsSystem32TasksGlaryInitialize 5 [344]
O39 – APT: GlaryOneClickOptimizer 5 – (…) — C:WindowsSystem32TasksGlaryOneClickOptimizer 5 [438]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1074]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1078]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 03s

—\ Logiciels installés (O42)
O42 – Logiciel: Ace Translator 11.6 – (.AceTools.biz.) [HKLM][64Bits] — Ace Translator_is1
O42 – Logiciel: WinToFlash Suggestor – (.Think Tank Labs, LLC.) [HKLM][64Bits] — WinToFlash Suggestor =>Spyware.WinToFlash
~ Logic: 19 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareAcomba]
[HKCUSoftwareGFMA]
[HKCUSoftwareGestion PME]
[HKCUSoftwareLoadTool]
[HKLMSoftwareWow6432NodeFortsum Solutions d'affaires inc]
[HKLMSoftwareWow6432NodeeFAX]
~ Key Software: 293 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 2014-06-05 – 00:06:01 – [] —-D C:Program Files (x86)Ace Translator
O43 – CFD: 2014-05-27 – 16:56:35 – [] —-D C:Program Files (x86)Gestion PME
O43 – CFD: 2014-05-06 – 20:17:18 – [0] -SH-D C:ProgramData{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 – CFD: 2014-03-07 – 16:41:00 – [] —-D C:UsersjohnAppDataRoamingMicrosoftWindowsStart MenuProgramsGestion PME Travailleur Autonome
~ Program Folder: 185 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.63151CBB4BD04C5F1CF3AEC31FC29165] – 2014-06-11 – 15:07:24 —A- . (…) — C:WindowsAcomba.ini [109]
O44 – LFC:[MD5.E585CA2967C45464D97F48764F9260F4] – 2014-06-12 – 15:27:20 —A- . (…) — C:WindowsBRWMARK.INI [441]
~ Files: 75 Legitimates Filtered in 00mn 05s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~2Office14GROOVEEX.DLL
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~2Office14GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:2009-07-13 – 20:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:2009-06-10 – 15:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:2009-07-13 – 20:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
O58 – SDL:2007-10-03 – 06:42:00 —A- . (.silex technology, Inc. – SXUPTP Driver.) — C:WindowsSystem32Driverssxuptp.sys [78952]
~ Drivers: 100 Legitimates Filtered in 00mn 03s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 2013-09-19 – C:Program FilesATI TechnologiesATI.ACEFuelamd64AODDriver2.sys (AODDriver4.2.0) .(.Advanced Micro Devices – AMD OverDrive Service Driver.) – LEGACY_AODDRIVER4.2.0
O64 – Services: CurCS – 2014-06-02 – C:WindowsSystem32driversBootDefragDriver.sys (BootDefragDriver) .(.Glarysoft Ltd – Boot Defrag Driver.) – LEGACY_BOOTDEFRAGDRIVER
O64 – Services: CurCS – 2014-05-14 – C:WindowsSystem32driversGUBootStartup.sys (GUBootStartup) .(.Glarysoft Ltd – The driver for the Startup Manager tool.) – LEGACY_GUBOOTSTARTUP
O64 – Services: CurCS – 2014-03-19 – C:WindowsSystem32DRIVERSkneps.sys (kneps) .(.Kaspersky Lab ZAO – KNEPS Power [fre_wnet_amd64].) – LEGACY_KNEPS
O64 – Services: CurCS – 2014-05-12 – C:Windowssystem32driversmwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation – Malwarebytes Web Access Control.) – LEGACY_MBAMWEBACCESSCONTROL
O64 – Services: CurCS – 2009-06-10 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
~ Legacy: 130 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{58D6AE1B-A141-4AD5-8058-8070A2C02B60}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersjohnAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
O87 – FAEL: “{AC48E779-5FAF-4952-9D09-C1F1D29024C9}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersjohnAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 115 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 2014-05-13 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Disabled 1658-07-10 0 | (aspnet_state) . (…) – C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
SS – | Auto 2014-03-06 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 2014-03-06 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 2014-03-07 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 2013-06-13 357144 | (LBTServ) . (.Logitech, Inc..) – C:Program FilesCommon FilesLogiShrdBluetoothlbtserv.exe
SS – | Demand 2014-06-10 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Demand 2010-02-19 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
SR – | Auto 2013-12-21 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 2013-12-06 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 2013-12-06 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) – C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
SR – | Auto 2014-02-12 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 2013-10-12 214512 | (AVP) . (.Kaspersky Lab ZAO.) – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 14.0.0avp.exe
SR – | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Demand 2014-05-26 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 2014-05-12 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
SR – | Auto 2014-05-12 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
SR – | Auto 2013-09-09 161776 | (MSI_SuperCharger) . (.MSI.) – C:Program Files (x86)MSISuper-ChargerChargeService.exe
SR – | Auto 2014-02-17 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe
SR – | Auto 2014-02-28 271728 | (WDDriveService) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe
SR – | Auto 2009-07-13 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 1658-07-10 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 2009-07-13 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 08s

—\ Scan Additionnel (O88)
Database Version : 13026 – (2014-06-12)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallWinToFlash Suggestor] =>Spyware.WinToFlash^
[HKCUSoftwareAppDataLowSoftwareWinToFlash Suggestor] =>Spyware.WinToFlash
C:WindowsAutoKMSAutoKMS.exe =>Trojan.Keygen^
~ Additionnel Scan: 316319 Items scanned in 00mn 48s

—\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/30439524-spyware-wintoflash” onclick=”window.open(this.href);return false; =>Spyware.WinToFlash
~ MSI: 1 link(s) detected in 00mn 00s

~ 926 Legitimates filtered by white list
End of the scan (446 lines in 01mn 56s)(0)[/spoiler:2jtzw9cp]

voici une analyse de zhpdiag