PC lent – System speedup 2014-07-11T20:39:19+00:00
  • Auteur
    Messages
  • lolo500
    Post count: 0

    :’) Pas d’amélioration, toujours de gros ralentissement

  • lolo500
    Post count: 0

    Re,
    Que dois-je faire ensuite?

    Merci

  • lolo500
    Post count: 0

    @v-x wrote:

    Re,

    recommence roguekiller en mode suppression, mais faut cocher les cases :)

    ++

    en effet c’est mieux !

    RogueKiller V9.2.2.0 [Jul 11 2014] par Adlice Software
    Mail : http://www.adlice.com/contact/” onclick=”window.open(this.href);return false;
    Remontées : http://forum.adlice.com” onclick=”window.open(this.href);return false;
    Site Web : http://www.surlatoile.org/RogueKiller/” onclick=”window.open(this.href);return false;
    Blog : http://www.adlice.com” onclick=”window.open(this.href);return false;

    Système d’exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Démarrage : Mode normal
    Utilisateur : Rag [Droits d’admin]
    Mode : Suppression — Date : 07/12/2014 18:10:21

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrées de registre : 11 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersInterfaces{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1} | DhcpNameServer : 10.11.0.1 -> REMPLACÉ ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINESystemControlSet001ServicesTcpipParametersInterfaces{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1} | DhcpNameServer : 10.11.0.1 -> REMPLACÉ ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINESystemControlSet002ServicesTcpipParametersInterfaces{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1} | DhcpNameServer : 10.11.0.1 -> REMPLACÉ ()
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | EnableLUA : 0 -> REMPLACÉ (1)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | EnableLUA : 0 -> REMPLACÉ (1)
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)

    ¤¤¤ Tâches planifiées : 0 ¤¤¤

    ¤¤¤ Fichiers : 0 ¤¤¤

    ¤¤¤ Fichier HOSTS : 2 ¤¤¤
    [C:WindowsSystem32driversetchosts] 127.0.0.1 localhost -> SUPPRIMÉ
    [C:WindowsSystem32driversetchosts] ::1 localhost -> SUPPRIMÉ

    ¤¤¤ Antirootkit : 0 (Driver: NON CHARGE [0xc000036b]) ¤¤¤

    ¤¤¤ Navigateurs web : 9 ¤¤¤
    [FIREFX:Addon] s5r52euh.default : DownThemAll! [{DDC359D1-844A-42a7-9AA1-88A850A938A8}] -> SUPPRIMÉ
    [FIREFX:Addon] s5r52euh.default : HP Detect [{ab91efd4-6975-4081-8552-1b3922ed79e2}] -> SUPPRIMÉ
    [CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> SUPPRIMÉ
    [CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
    [CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
    [CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
    [CHROME:Addon] Default : Website Logon [dfaldikcoaplhepekpbngkepfcoiihef] -> ERROR [2]
    [CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
    [CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

    ¤¤¤ MBR Verif : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
    — User —
    [MBR] 55a247bdf91de86b9e4d547fe83573e1
    [BSP] 9a583d1d46c873ffbf1414cc23161aba : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
    1 – [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
    2 – [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 469810 MB
    3 – [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 962580480 | Size: 483858 MB
    User = LL1 … OK
    User != LL2 … KO!
    — LL2 —
    [MBR] 42db7c051ef7e77277d006ef3eb1e18f
    [BSP] 9a583d1d46c873ffbf1414cc23161aba : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
    1 – [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB

    ============================================
    RKreport_DEL_07112014_235543.log – RKreport_SCN_07112014_232809.log – RKreport_SCN_07122014_180618.log

  • lolo500
    Post count: 0

    Bonjour ,

    mon dernier post était lisible ?

    Merci de votre aide

  • lolo500
    Post count: 0

    RogueKiller V9.2.2.0 [Jul 11 2014] par Adlice Software
    Mail : http://www.adlice.com/contact/” onclick=”window.open(this.href);return false;
    Remontées : http://forum.adlice.com” onclick=”window.open(this.href);return false;
    Site Web : http://www.surlatoile.org/RogueKiller/” onclick=”window.open(this.href);return false;
    Blog : http://www.adlice.com” onclick=”window.open(this.href);return false;

    Système d’exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Démarrage : Mode normal
    Utilisateur : Rag [Droits d’admin]
    Mode : Suppression — Date : 07/11/2014 23:55:43

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrées de registre : 13 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersInterfaces{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1} | DhcpNameServer : 10.11.0.1 -> NON SELECTIONNÉ
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINESystemControlSet001ServicesTcpipParametersInterfaces{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1} | DhcpNameServer : 10.11.0.1 -> NON SELECTIONNÉ
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINESystemControlSet002ServicesTcpipParametersInterfaces{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1} | DhcpNameServer : 10.11.0.1 -> NON SELECTIONNÉ
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | EnableLUA : 0 -> NON SELECTIONNÉ
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | EnableLUA : 0 -> NON SELECTIONNÉ
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | ConsentPromptBehaviorAdmin : 0 -> NON SELECTIONNÉ
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem | ConsentPromptBehaviorAdmin : 0 -> NON SELECTIONNÉ
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
    [HJ.FileAsso] (X64) HKEY_LOCAL_MACHINESoftwareClassespezfileshellopencommand | : “C:Program Files (x86)Prezi Desktop 4Prezi Desktop.exe” “%1” -> REMPLACÉ (“%1” %*)
    [HJ.FileAsso] (X64) HKEY_CLASSES_ROOTpezfileshellopencommand | : “C:Program Files (x86)Prezi Desktop 4Prezi Desktop.exe” “%1” -> REMPLACÉ (“%1” %*)

    ¤¤¤ Tâches planifiées : 1 ¤¤¤
    [Suspicious.Path] \Registration — “C:Program Files (x86)Hewlett-PackardHP SetupRemEngine.exe” (Registration ShowMessageTask2D) -> SUPPRIMÉ

    ¤¤¤ Fichiers : 1 ¤¤¤
    [Suspicious.Path][Fichier] Moniteur neufbox.lnk — C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMoniteur neufbox.lnk [LNK@] C:UsersRagAppDataLocalNicolas VannierMoniteur neufboxMoniteur neufbox.exe -> SUPPRIMÉ

    ¤¤¤ Fichier HOSTS : 2 ¤¤¤
    [C:WindowsSystem32driversetchosts] 127.0.0.1 localhost
    [C:WindowsSystem32driversetchosts] ::1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: NON CHARGE [0xc000036b]) ¤¤¤

    ¤¤¤ Navigateurs web : 0 ¤¤¤

    ¤¤¤ MBR Verif : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
    — User —
    [MBR] 55a247bdf91de86b9e4d547fe83573e1
    [BSP] 9a583d1d46c873ffbf1414cc23161aba : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
    1 – [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
    2 – [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 469810 MB
    3 – [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 962580480 | Size: 483858 MB
    User = LL1 … OK
    User != LL2 … KO!
    — LL2 —
    [MBR] 42db7c051ef7e77277d006ef3eb1e18f
    [BSP] 9a583d1d46c873ffbf1414cc23161aba : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
    1 – [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB

    ============================================
    RKreport_SCN_07112014_232809.log

  • lolo500
    Post count: 0

    Pas à ma connaissance, j’ai du installer ça il y a longtemps.
    Rapport ZHP : https://antimalware.top/www/?a=d&i=qVulqkhA2R” onclick=”window.open(this.href);return false;

  • lolo500
    Post count: 0

    Rapport ZHPFIX : https://antimalware.top/www/?a=d&i=LVJjXC8fDG” onclick=”window.open(this.href);return false;

    Rapport Rogue killer : https://antimalware.top/www/?a=d&i=V9KBqNAUHc” onclick=”window.open(this.href);return false;

  • lolo500
    Post count: 0

    Très bien, merci.

    Rapport shortcut : https://antimalware.top/www/?a=d&i=KBo6g7H7yJ” onclick=”window.open(this.href);return false;

    Rapport adwcleaner : https://antimalware.top/www/?a=d&i=XHcdc3sreO” onclick=”window.open(this.href);return false;

  • lolo500
    Post count: 0

    [spoiler:1xv8r3l2]~ Rapport de ZHPDiag v2014.6.25.98 – Nicolas Coolman (25/06/2014)
    ~ Lancé par Rag (11/07/2014 22:28:28)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207
    MFIE: Mozilla Firefox 30.0 (Defaut)
    GCIE: Google Chrome v35.0.1916.153

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.14

    —\ Logiciels de partage PeerToPeer
    FrostWire 4.13.1.5 BETA v4.13.1.5

    —\ Surveillance de Logiciels
    Adobe Flash Player 14 Plugin
    Adobe Reader X
    Java 7 Update 51

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 6091 MB (56% free)
    System Restore: Activé (Enable)
    System drive C: has 95 GB (20%) free of 459 GB

    —\ Mode de connexion au système
    ~ Computer Name: RAG-HP
    ~ User Name: Rag
    ~ All Users Names: VUSR_RAG-HP, Rag, HomeGroupUser$, Administrateur,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersRagAppDataRoamingZHP
    ~ %AppData% : C:UsersRagAppDataRoaming
    ~ %Desktop% : C:UsersRagDesktop
    ~ %Favorites% : C:UsersRagFavorites
    ~ %LocalAppData% : C:UsersRagAppDataLocal
    ~ %StartMenu% : C:UsersRagAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 459 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
    E: CD-ROM drive (Not Inserted)
    F: Hard drive, Flash drive, Thumb drive (Free 125 Go of 458 Go)
    G: CD-ROM drive (Not Inserted)
    H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
    J: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/446
    ~ Mes musiques (My Musics) : 273/1471
    ~ Mes Videos (My Videos) : 18/29
    ~ Mes Favoris (My Favorites) : 1/11
    ~ Mes Documents (My Documents) : 4/1084
    ~ Mon Bureau (My Desktop) : 1/5927
    ~ Menu demarrer (Programs) : 1/84
    ~ Hidden Files: Scanned in 00mn 12s

    —\ Processus lancés
    [MD5.7F7B8C734872CB4FB3BC271B43130697] – (.HP – TouchControl.) — C:Program Files (x86)HP SimplePass 2011TouchControl.exe [653128] [PID.4072]
    [MD5.5D7652D9326956AF043960BC646461BD] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePass 2011BioMonitor.exe [142664] [PID.408]
    [MD5.88EE0FCDB773DF373EDFE7C2BD944EEB] – (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe [3595608] [PID.1880]
    [MD5.CEA0461AAE4B8B6216F164501B1B5A10] – (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe [4910912] [PID.612]
    [MD5.8943465BEFA91044227D42E84ECB8280] – (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [115048] [PID.2380]
    [MD5.DC73E11DC27E7D9AEF884EBE816C4240] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.3556]
    [MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.3676]
    [MD5.D59ABED205F424BD4C52419479930BE9] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [586296] [PID.2540]
    [MD5.B4E6C1B28AF8806008CB654C716ABAFA] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2588]
    [MD5.D8465C1AE6CE673E60045E16CFBC6E64] – (.Motorola Solutions, Inc. – Bluetooth Media Player Controller.) — C:Program FilesMotorolaBluetoothbtplayerctrl.exe [1503824] [PID.4572]
    [MD5.434FEE6FF661DCABADB69E55E0747494] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1344312] [PID.1484]
    [MD5.A16B5C5787389D983EF08F5E36B297BB] – (.RPA Technology – Mobile Mouse Service.) — C:Program Files (x86)Air MouseAir MouseMobile Mouse Service.exe [43008] [PID.4668]
    [MD5.CE21D66CBEF56B801101B1866FAE6136] – (.Electronic Arts Canada – FIFA 14.) — C:Program Files (x86)Origin GamesFIFA 14Gamefifasetupfifaconfig.exe [402280] [PID.4296]
    [MD5.B1E01D636350983E94171E229C759468] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.4028]
    [MD5.A5FCD42334CCC682DA1882A54338686C] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.4948]
    [MD5.4F87179386948D61FBF74B0DDF265170] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.4308]
    [MD5.192FFD3F99A0847740670AE711CB455A] – (.Adobe Systems, Inc. – Adobe Flash Player 14.0 r0.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.6032]
    [MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8071680] [PID.7016]
    [MD5.6AA4E6B4EA50620AB622A048394C4AA2] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe [260424] [PID.848]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1932]
    [MD5.F518545E5B7623AD49ABE7F8776EFA46] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1992]
    [MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.2052]
    [MD5.F630DD7564EBB7248A13B1CC774D9EA6] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2180]
    [MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] – (…) — C:WindowsSysWOW64PnkBstrA.exe [76152] [PID.2348]
    [MD5.97F6FFB8A305A77D25C6C0E07B71D252] – (.TeamViewer GmbH – TeamViewer 9.) — C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe [5024576] [PID.2424]
    [MD5.D41861E56E7552C13674D7F147A02464] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.4632]
    [MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1129760] [PID.4820]
    [MD5.D7E0BED3EA21D7BDDD410ADE51708D90] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.5520]
    [MD5.A678E5DDD974903DD71F503BDCACA218] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.5864]
    [MD5.E040F0064D39F73BB4995D494F3DCBB8] – (.Hewlett-Packard Development Company L.P. – HP Connection Manager Service.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe [1071160] [PID.1236]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersRagAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [aelbknmfcacjffmgnoaaonhgoghlmlkp] HP Product Detection Plugin v.2.0.5.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [eahpcpckmhaneflmhiegmedhiegncgnf] Webplayer v.2.3.17.1 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [epbmnbdplhcomkedpjfceakddnbgfjmf] Passer les publicits sur YouTube v.1.203 (Activé)
    G2 – GCE: Preference [User DataDefault] [gpbnepipgmcpkdglgbcfmcecaoflaemc] Resume (CV) Maker v.2.4 (Activé)
    G2 – GCE: Preference [User DataDefault] [lneaknkopdijkpnocmklfnjbeapigfbh] Google Maps v.5.2.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [opjonmehjfmkejjifhhknofdnacklmjk] Marc Ecko v.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [picobbnlkmnillfianmlnblfafncgoek] IP Country Location v.3.1.7.13 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 26 Legitimates Filtered in 00mn 18s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersRagAppDataRoamingMozillaFirefoxProfiless5r52euh.defaultprefs.js
    ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSQuickLaunch [Rag]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSProgram [Rag]: Alloplayer.lnk . (…) — C:UsersRagAppDataRoamingMicrosoftInstaller{8A6ACC7D-F378-40DB-B0C3-E277D8A022AC}_9C5DD7514B58D6773F4D22.exe =>PUP.Alloplayer
    ~ Global Startup: 3 Legitimates Filtered in 00mn 05s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [XboxStat] . (.Microsoft Corporation – XBoxStat.exe.) — C:Program FilesMicrosoft Xbox 360 AccessoriesXboxStat.exe
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray64.exe
    O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. – Bluetooth Shell Extension.) — C:Program FilesMotorolaBluetoothbtmshell.dll
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersRagAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [NUSB3MON] . (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    O4 – HKLM..Wow6432NodeRun: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. – HPCMDelayStart Application.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
    O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersRagAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: @C:Program FilesMotorolaBluetoothResourcesfra.dll,-247 [64Bits] – {bd707fe6-39f6-4bda-9265-86a76719bdc5} — Clé orpheline
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
    O17 – HKLMSystemCCSServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
    O17 – HKLMSystemCCSServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS1ServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
    O17 – HKLMSystemCS1ServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS2ServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
    O17 – HKLMSystemCS2ServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
    O17 – HKLMSystemCS2ServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [Rocket Updater] (…) — C:UsersRagAppDataRoamingROCKET~1UPDATE~1UPDATE~1.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [Tasker] (…) — C:UsersRagAppDataRoamingcertificate.vbs” (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [TaskUserUpdate_wp] (…) — C:UsersRagAppDataRoaming~jjgrvmc.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [Updater12765.exe] (…) — C:UsersRagAppDataLocalUpdater12765Updater12765.exe (.not file.) [0] =>PUP.CrossRider
    [MD5.00000000000000000000000000000000] [APT] [WIN-fdfEfEfAfC] (…) — C:UsersRagAppDataRoaming~onofdug.exe (.not file.) [0]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{18423F16-F41B-46C7-8A20-C3E6523CDD03}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{23B769FC-C5AC-45F4-832E-AC82B963275F}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{3CDEF5F1-A659-4766-BA72-11585D106FE2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{417EFCE3-808F-4229-83F5-5E9F003B16E1}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5115B333-0E1C-458F-810F-B4E49721D712}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5B67ECF7-BDDC-4723-83FA-11625A92E074}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5DCEC873-5794-4435-B84D-D15D8275CC02}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.00000000000000000000000000000000] [APT] [{6E34C0EC-418F-4F03-8E38-A75BEFFE9772}] (…) — C:Program Files (x86)Pricora 12.0Uninstall.exe (.not file.) [0] =>Adware.Pricora
    [MD5.00000000000000000000000000000000] [APT] [{7191F987-E683-43EF-8041-36E16B184C64}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{810F7F9A-EA2B-4CED-86FA-F33F50E65120}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{87237D78-0E52-4351-B6AD-FC7B9AF594DA}] (…) — C:ProgramDataCloudSoftOptimizerProOptimizerPro.exe (.not file.) [0] =>PUP.OptimizerPro
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{87D2F4BC-362B-4FAF-962F-35A5EF4E2EB8}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{8CA5616D-61F7-49DD-AA08-C49B89B66BAF}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{95A03EDA-DF5F-4D77-A19B-6C55F1E6D3F6}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{96DD1E44-BFD8-42D8-8A75-047558496EE2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.00000000000000000000000000000000] [APT] [{ADFCD6BF-07B1-4105-9015-07DC5F2C6FC8}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{BB3ABD8D-D656-4695-98E7-0D7B0F4A0BAF}] (…) — C:UsersRagAppDataLocalTeamSpeak 3 Clientpackage_inst.exe (.not file.) [0]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{EC80195F-B542-4CEE-A3F6-99A0D3A2ECB9}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{EEFEF701-A0AA-4855-B2D4-E4D030FE12FD}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{F93418A4-BBFE-46F9-84ED-69CF39E015C3}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{FFE94A91-1051-4C68-B1F6-341503E9C8F2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsTasksAutoKMS.job [268] =>Trojan.Keygen
    O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000Core [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000UA [1088]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1058]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1062]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000Core [1018]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000UA [1070]
    O39 – APT: – (..) — C:WindowsSystem32TasksHPCeeScheduleForRag [324]
    ~ Scheduled Task: 61 Legitimates Filtered in 00mn 13s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Ares 2.2.4 – (.Ares Development Group.) [HKLM][64Bits] — Ares
    O42 – Logiciel: Decid Créateur 5.60P V2 – (…) [HKLM][64Bits] — Decid Créateur 5.60P V2
    O42 – Logiciel: FMRTE 5.1.2 – (.Raul Bravo.) [HKLM][64Bits] — {63486834-B10B-4DD4-8216-C8D66A157D7E}_is1
    O42 – Logiciel: Goat Simulator – (…) [HKLM][64Bits] — R29hdFNpbXVsYXRvcg==_is1
    O42 – Logiciel: PMU Poker – (.PMU.) [HKLM][64Bits] — PMUPoker
    O42 – Logiciel: PPÖúÊÖ PC°æ 1.1.0.6 – (.¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾.) [HKLM][64Bits] — PPÖúÊÖ PC°æ
    O42 – Logiciel: Project 64 version 2.1.0.1 – (…) [HKLM][64Bits] — Project 64_is1
    O42 – Logiciel: Trickshot – (…) [HKLM][64Bits] — {ACC9AC0E-8B6E-4393-AF52-E43CF31BA7AC}
    O42 – Logiciel: TweakAll 3.0 – (.Codeforge.) [HKLM][64Bits] — TweakAll_is1
    O42 – Logiciel: Woosaah's Rugasmic 08 Editor – (.woosaahs programs.) [HKLM][64Bits] — {A6F18C01-D3EC-4270-8B2F-EB214CB809FF}
    ~ Logic: 63 Legitimates Filtered in 00mn 07s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAres]
    [HKCUSoftwareGenie™]
    [HKCUSoftwarePMU]
    [HKCUSoftwarePinstall]
    [HKCUSoftwareSHAPE Services]
    [HKCUSoftwareShortcut_Module]
    [HKCUSoftwareTeiron]
    [HKCUSoftwareZona]
    [HKLMSoftwareShortcut_Module]
    [HKLMSoftwareWow6432NodeSHAPE Services]
    [HKLMSoftwareWow6432NodeSecurity Center]
    [HKLMSoftwareWow6432NodeShortcut_Module]
    [HKLMSoftwareWow6432NodeWinU]
    ~ Key Software: 670 Legitimates Filtered in 00mn 07s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 08/06/2014 – 01:57:40 – [] —-D C:Program Files (x86)Air Mouse
    O43 – CFD: 18/04/2014 – 18:00:57 – [] —-D C:Program Files (x86)Ares
    O43 – CFD: 19/12/2013 – 15:38:12 – [] —-D C:Program Files (x86)F1 2013
    O43 – CFD: 10/04/2014 – 02:20:40 – [] —-D C:Program Files (x86)Goat Simulator
    O43 – CFD: 03/06/2013 – 10:12:54 – [0] —-D C:Program Files (x86)GRID 2
    O43 – CFD: 03/07/2014 – 12:38:15 – [] —-D C:Program Files (x86)NASCAR '14
    O43 – CFD: 19/04/2014 – 22:42:38 – [] —-D C:Program Files (x86)PPÖúÊÖ
    O43 – CFD: 06/07/2014 – 16:46:28 – [0] —-D C:Program Files (x86)R.G. Games
    O43 – CFD: 31/05/2012 – 21:32:12 – [] —-D C:Program Files (x86)Radio Recorder v.1.4
    O43 – CFD: 08/11/2013 – 01:50:16 – [] —-D C:Program Files (x86)SP55068
    O43 – CFD: 08/11/2013 – 23:37:01 – [] —-D C:Program Files (x86)Trickshot
    O43 – CFD: 06/04/2013 – 23:26:32 – [] —-D C:Program Files (x86)TS Notifier
    O43 – CFD: 22/04/2014 – 17:47:58 – [0] —-D C:Program Files (x86)Vocaluxe
    O43 – CFD: 20/11/2013 – 19:57:58 – [] —-D C:Program Files (x86)Woosaah Ruggby 08 Editor
    O43 – CFD: 18/02/2012 – 16:38:15 – [] —-D C:ProgramDataAutoKMS =>Trojan.Keygen
    O43 – CFD: 02/03/2014 – 04:36:28 – [] -SH-D C:ProgramDataICLJIG
    O43 – CFD: 11/07/2014 – 16:44:12 – [0] —-D C:ProgramDataSHAPE Services
    O43 – CFD: 16/06/2013 – 15:29:10 – [] —-D C:ProgramDataUEL
    O43 – CFD: 07/02/2014 – 21:34:06 – [] —-D C:ProgramData{18165758-115C-4DC0-9EC2-FF89F725767F}
    O43 – CFD: 22/05/2014 – 02:50:16 – [] —-D C:UsersRagAppDataRoamingAlloplayerBdd =>PUP.Alloplayer
    O43 – CFD: 12/10/2012 – 00:14:28 – [] —-D C:UsersRagAppDataRoamingPMU
    O43 – CFD: 06/07/2014 – 06:11:52 – [0] —-D C:UsersRagAppDataRoamingrightbackup
    O43 – CFD: 10/07/2014 – 13:32:07 – [] —-D C:UsersRagAppDataRoamingShareaza
    O43 – CFD: 22/05/2014 – 02:33:30 – [] —-D C:UsersRagAppDataRoamingZona
    O43 – CFD: 24/04/2014 – 03:38:55 – [0] —-D C:UsersRagAppDataLocal2012
    O43 – CFD: 04/02/2012 – 11:45:13 – [] —-D C:UsersRagAppDataLocal28050
    O43 – CFD: 16/12/2013 – 12:06:46 – [] —-D C:UsersRagAppDataLocalAres
    O43 – CFD: 24/05/2013 – 05:02:06 – [] —-D C:UsersRagAppDataLocalShareaza
    O43 – CFD: 05/07/2012 – 21:48:57 – [0] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsDB Vrai Nom – PCM France
    O43 – CFD: 31/05/2012 – 21:32:11 – [0] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsRadio Recorder v.1.4
    O43 – CFD: 08/06/2013 – 15:44:30 – [] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsSystème
    O43 – CFD: 20/11/2013 – 19:57:59 – [] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsWoosaah's Rugasmic 08 Editor
    ~ Program Folder: 446 Legitimates Filtered in 00mn 07s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.9A638760CFB0BB01AD3B646CAA0BD0C4] – 02/07/2014 – 23:31:22 —A- . (…) — C:WindowsKillProcess.INI [325]
    O44 – LFC:[MD5.485055033BCDDFDE56325C0D2FEEA4F2] – 05/07/2014 – 15:20:23 —A- . (…) — C:WindowsKMSEmulator.exe [151552]
    O44 – LFC:[MD5.096A3C078107C797DF04F1402C1C6356] – 10/07/2014 – 05:24:58


    . (…) — C:Shortcut_Module_10_07_2014_06_24_58.txt [120018]
    O44 – LFC:[MD5.18DE0D1BB1F13AC55D32DCB39E521E5E] – 10/07/2014 – 14:08:32


    . (…) — C:Shortcut_Module_10_07_2014_15_08_32.txt [41129]
    O44 – LFC:[MD5.718E53084CF131630715CF0EDFD30868] – 11/07/2014 – 15:30:09 —A- . (…) — C:Shortcut_Module_11_07_2014_16_30_09.txt [55072]
    O44 – LFC:[MD5.B2111A07AFF8E75C082C6E2F10FE0B25] – 11/07/2014 – 15:37:11 —A- . (…) — C:.dir [780]
    ~ Files: 64 Legitimates Filtered in 00mn 05s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{184bfa1f-349c-11e1-b9c2-101f74168afc}AutoRuncommand. (…) — G:setup.exe (.not file.)
    O51 – MPSK:{19194862-9dfc-11e1-aebc-101f74168afc}AutoRuncommand. (…) — I:LaunchU3.exe (.not file.)
    O51 – MPSK:{bb0a0f9a-8b07-11e1-b46b-101f74168afc}AutoRuncommand. (…) — J:setup.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″VIDC.TMB1″=”tmb1-v64.dll” . (…) — C:WindowsSystem32tmb1-v64.dll
    O52 – TDSD: drivers.desc”tmb1-v64.dll”=”PlayClaw 4 video decoder 64″ . (…) — C:WindowsSystem32tmb1-v64.dll
    ~ TDSD: 4 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAllShareAgent [Key] . (…) — C:Program Files (x86)SamsungAllShareAllShareAgent.exe (.not file.)
    O53 – SMSR:HKLM…startupregSyncios device service [Key] . (…) — C:Program Files (x86)SynciosSynciosDeviceService.exe (.not file.)
    O53 – SMSR:HKLM…startupreguTorrent [Key] . (.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
    O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
    O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175] =>.ALWIL Software
    O58 – SDL:20/05/2012 – 09:39:53 —A- . (…) — C:WindowsSystem32Driversatksgt.sys [314016]
    O58 – SDL:02/01/2012 – 18:26:26 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [270912]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:20/01/2013 – 07:07:06 —A- . (.AnchorFree Inc. – Hotspot Shield Routing Driver.) — C:WindowsSystem32Drivershssdrv6.sys [42696]
    O58 – SDL:20/05/2012 – 09:39:52 —A- . (…) — C:WindowsSystem32Driverslirsgt.sys [43680]
    O58 – SDL:31/01/2013 – 10:50:58 —A- . (.ManyCam LLC – ManyCam Virtual Microphone.) — C:WindowsSystem32Driversmcaudrv_x64.sys [28160]
    O58 – SDL:11/10/2012 – 04:08:10 —A- . (.ManyCam LLC – ManyCam Virtual Webcam.) — C:WindowsSystem32Driversmcvidrv_x64.sys [44928]
    O58 – SDL:23/03/2013 – 23:01:26 —A- . (.pBUS-167 Software – http://www.pbus-167.com” onclick=”window.open(this.href);return false; – Notebook Hardware Control Device Driver.) — C:WindowsSystem32DriversnhcDriver.sys [22528]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:02/06/2011 – 04:11:26 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt64.sys [528384]
    O58 – SDL:01/07/2011 – 10:46:40 —A- . (.The OpenVPN Project – TAP-Win32 Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [31232]
    O58 – SDL:20/01/2013 – 07:16:48 —A- . (.Anchorfree Inc. – Anchorfree HSS VPN Adapter.) — C:WindowsSystem32Driverstaphss6.sys [42184]
    O58 – SDL:18/03/2013 – 16:51:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    O58 – SDL:26/12/2008 – 12:56:04 —A- . (.Avnex – Avnex Ltd. Virtual Audio Device (WDM).) — C:WindowsSystem32Driversvcsvad.sys [21504]
    ~ Drivers: 94 Legitimates Filtered in 00mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    O63 – Logiciel: HiJackThis – (.Trend Micro.) [HKLM] — {45A66726-69BC-466B-A7A4-12FCBA4883D7}
    O63 – Logiciel: OTL – (.OldTimer.)
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {08E3C4EE-C625-473F-B7FC-E87F700B5855} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {C6032E4B-F4D5-4B62-906B-55E7D90625AF} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.DB95B03031E66AC45495EDF1D16B8887] [SPRF][10/07/2014] (…) — C:UsersRagDesktopadwcleaner_3.215.exe [1348263]
    [MD5.624C7518F90073CBE7D69B3A7E80EEB3] [SPRF][06/12/2011] (.i-Funbox.com – File & App Manager for iPhone/iPad.) — C:UsersRagDesktopiFunBox.exe [7783424]
    [MD5.EBD27B1A5614F278E23E7F8E88CEA829] [SPRF][11/07/2014] (.Pas de propriétaire – Shortcut_Module.) — C:UsersRagDesktopShortcut_Module.exe [2636288]
    ~ Files: 7 Legitimates Filtered in 00mn 01s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{A87FB84A-F951-4610-B5F5-8844FF6941C6}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{C29AA608-2DAE-4D7F-A985-EB344848A11E}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{166D3601-AC42-4248-91A6-A2ED7AF86E0E}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{89D7F055-8BB7-4978-BAEB-92C3D9D55541}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 4 Legitimates Filtered in 00mn 05s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingAlloplayer_RASAPI32 =>PUP.Alloplayer
    HKLMSOFTWAREWow6432NodeMicrosoftTracingAlloplayer_RASMANCS =>PUP.Alloplayer
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingwhilokii_is_RASAPI32 =>PUP.Whilokii
    HKLMSOFTWAREWow6432NodeMicrosoftTracingwhilokii_is_RASMANCS =>PUP.Whilokii
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWhilokii_Setup_RASAPI32 =>PUP.Whilokii
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWhilokii_Setup_RASMANCS =>PUP.Whilokii
    ~ BTK: 575 Legitimates Filtered in 00mn 02s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Disabled 23/06/2014 49152 | (BEService) . (…) – C:Program Files (x86)Common FilesBattlEyeBEService.exe
    SS – | Disabled 17/09/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Disabled 14/07/2012 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Disabled 14/07/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
    SS – | Disabled 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SS – | Disabled 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SS – | Demand 11/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Disabled 21/03/2011 1845248 | (nlsvc) . (.Locktime Software.) – C:Program FilesNetLimiter 3nlsvc.exe
    SS – | Disabled 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Disabled 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SS – | Disabled 29/06/2012 4714888 | (vncserver) . (.RealVNC Ltd.) – C:Program FilesRealVNCVNC Servervncserver.exe
    SS – | Disabled 27/07/2011 5023744 | (wxpSvc) . (.Moonware Studios.) – C:Program Files (x86)webcamXP 5wService.exe
    SR – | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMAESTSr64.exe
    SR – | Auto 09/03/2012 235520 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 08/02/2011 4151376 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothdevmgrsrv.exe
    SR – | Auto 28/02/2011 1189968 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothaudiosrv.exe
    SR – | Auto 15/02/2011 680016 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothobexsrv.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
    SR – | Demand 17/09/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
    SR – | Auto 25/08/2011 260424 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe
    SR – | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
    SR – | Demand 15/02/2011 1071160 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) – C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe
    SR – | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
    SR – | Auto 09/11/2010 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
    SR – | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 23/05/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SR – | Demand 06/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 25/10/2013 2768208 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 10/07/1658 0 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
    SR – | Auto 02/06/2011 301568 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
    SR – | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe
    SR – | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 28s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (25/06/2014)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 3
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreguTorrent] =>P2P.BitTorrent^
    [HKLMSYSTEMCurrentControlSetServicesEventlogApplicationHssSrv] =>Trojan.Adclicker
    C:ProgramDataAutoKMS =>Trojan.Keygen^
    C:UsersRagAppDataRoamingAlloplayerBdd =>PUP.Alloplayer^
    C:WindowsTasksAutoKMS.job =>Trojan.Keygen^
    C:WindowsKMSEmulator.exe =>Hijacker.Windows
    ~ Additionnel Scan: 466623 Items scanned in 02mn 19s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 5 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    http://nicolascoolman.fr/adware-pricora” onclick=”window.open(this.href);return false; =>Adware.Pricora
    http://nicolascoolman.fr/pup-optimizerpro” onclick=”window.open(this.href);return false; =>PUP.OptimizerPro
    http://nicolascoolman.fr/pup-whilokii” onclick=”window.open(this.href);return false; =>PUP.Whilokii
    http://nicolascoolman.fr/hijacker-windows” onclick=”window.open(this.href);return false; =>Hijacker.Windows
    ~ MSI: 5 link(s) detected in 00mn 00s

    ~ 1455 Legitimates filtered by white list
    End of the scan (622 lines in 05mn 20s)(0)[/spoiler:1xv8r3l2]

  • lolo500
    Post count: 0

    Bonjour,

    Depuis quelques temps mon pc HP DV6 Windows 7 , est devenu très lent, notamment infecté par “system speedup. j’ai utilisé shortcut_module pour le supprimer , ce logiciel ne revient plus mais mon pc reste très lent. Ci-joint le rapport ZHPdiag :

    ~ Rapport de ZHPDiag v2014.6.25.98 – Nicolas Coolman (25/06/2014)
    ~ Lancé par Rag (11/07/2014 22:28:28)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207
    MFIE: Mozilla Firefox 30.0 (Defaut)
    GCIE: Google Chrome v35.0.1916.153

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W7 (Activate)

    —\ Logiciels d’optimisation du système
    CCleaner v4.14

    —\ Logiciels de partage PeerToPeer
    FrostWire 4.13.1.5 BETA v4.13.1.5

    —\ Surveillance de Logiciels
    Adobe Flash Player 14 Plugin
    Adobe Reader X
    Java 7 Update 51

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 6091 MB (56% free)
    System Restore: Activé (Enable)
    System drive C: has 95 GB (20%) free of 459 GB

    —\ Mode de connexion au système
    ~ Computer Name: RAG-HP
    ~ User Name: Rag
    ~ All Users Names: VUSR_RAG-HP, Rag, HomeGroupUser$, Administrateur,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersRagAppDataRoamingZHP
    ~ %AppData% : C:UsersRagAppDataRoaming
    ~ %Desktop% : C:UsersRagDesktop
    ~ %Favorites% : C:UsersRagFavorites
    ~ %LocalAppData% : C:UsersRagAppDataLocal
    ~ %StartMenu% : C:UsersRagAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 459 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
    E: CD-ROM drive (Not Inserted)
    F: Hard drive, Flash drive, Thumb drive (Free 125 Go of 458 Go)
    G: CD-ROM drive (Not Inserted)
    H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
    J: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/446
    ~ Mes musiques (My Musics) : 273/1471
    ~ Mes Videos (My Videos) : 18/29
    ~ Mes Favoris (My Favorites) : 1/11
    ~ Mes Documents (My Documents) : 4/1084
    ~ Mon Bureau (My Desktop) : 1/5927
    ~ Menu demarrer (Programs) : 1/84
    ~ Hidden Files: Scanned in 00mn 12s

    —\ Processus lancés
    [MD5.7F7B8C734872CB4FB3BC271B43130697] – (.HP – TouchControl.) — C:Program Files (x86)HP SimplePass 2011TouchControl.exe [653128] [PID.4072]
    [MD5.5D7652D9326956AF043960BC646461BD] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePass 2011BioMonitor.exe [142664] [PID.408]
    [MD5.88EE0FCDB773DF373EDFE7C2BD944EEB] – (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe [3595608] [PID.1880]
    [MD5.CEA0461AAE4B8B6216F164501B1B5A10] – (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe [4910912] [PID.612]
    [MD5.8943465BEFA91044227D42E84ECB8280] – (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [115048] [PID.2380]
    [MD5.DC73E11DC27E7D9AEF884EBE816C4240] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.3556]
    [MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.3676]
    [MD5.D59ABED205F424BD4C52419479930BE9] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [586296] [PID.2540]
    [MD5.B4E6C1B28AF8806008CB654C716ABAFA] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2588]
    [MD5.D8465C1AE6CE673E60045E16CFBC6E64] – (.Motorola Solutions, Inc. – Bluetooth Media Player Controller.) — C:Program FilesMotorolaBluetoothbtplayerctrl.exe [1503824] [PID.4572]
    [MD5.434FEE6FF661DCABADB69E55E0747494] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1344312] [PID.1484]
    [MD5.A16B5C5787389D983EF08F5E36B297BB] – (.RPA Technology – Mobile Mouse Service.) — C:Program Files (x86)Air MouseAir MouseMobile Mouse Service.exe [43008] [PID.4668]
    [MD5.CE21D66CBEF56B801101B1866FAE6136] – (.Electronic Arts Canada – FIFA 14.) — C:Program Files (x86)Origin GamesFIFA 14Gamefifasetupfifaconfig.exe [402280] [PID.4296]
    [MD5.B1E01D636350983E94171E229C759468] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.4028]
    [MD5.A5FCD42334CCC682DA1882A54338686C] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.4948]
    [MD5.4F87179386948D61FBF74B0DDF265170] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.4308]
    [MD5.192FFD3F99A0847740670AE711CB455A] – (.Adobe Systems, Inc. – Adobe Flash Player 14.0 r0.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.6032]
    [MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8071680] [PID.7016]
    [MD5.6AA4E6B4EA50620AB622A048394C4AA2] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe [260424] [PID.848]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1932]
    [MD5.F518545E5B7623AD49ABE7F8776EFA46] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1992]
    [MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.2052]
    [MD5.F630DD7564EBB7248A13B1CC774D9EA6] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2180]
    [MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] – (…) — C:WindowsSysWOW64PnkBstrA.exe [76152] [PID.2348]
    [MD5.97F6FFB8A305A77D25C6C0E07B71D252] – (.TeamViewer GmbH – TeamViewer 9.) — C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe [5024576] [PID.2424]
    [MD5.D41861E56E7552C13674D7F147A02464] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.4632]
    [MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1129760] [PID.4820]
    [MD5.D7E0BED3EA21D7BDDD410ADE51708D90] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.5520]
    [MD5.A678E5DDD974903DD71F503BDCACA218] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.5864]
    [MD5.E040F0064D39F73BB4995D494F3DCBB8] – (.Hewlett-Packard Development Company L.P. – HP Connection Manager Service.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe [1071160] [PID.1236]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersRagAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [aelbknmfcacjffmgnoaaonhgoghlmlkp] HP Product Detection Plugin v.2.0.5.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [eahpcpckmhaneflmhiegmedhiegncgnf] Webplayer v.2.3.17.1 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [epbmnbdplhcomkedpjfceakddnbgfjmf] Passer les publicits sur YouTube v.1.203 (Activé)
    G2 – GCE: Preference [User DataDefault] [gpbnepipgmcpkdglgbcfmcecaoflaemc] Resume (CV) Maker v.2.4 (Activé)
    G2 – GCE: Preference [User DataDefault] [lneaknkopdijkpnocmklfnjbeapigfbh] Google Maps v.5.2.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [opjonmehjfmkejjifhhknofdnacklmjk] Marc Ecko v.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [picobbnlkmnillfianmlnblfafncgoek] IP Country Location v.3.1.7.13 (Activé)

    —\ Liste des dossiers d’extension Google Chrome
    ~ Google Lines Browser: 26 Legitimates Filtered in 00mn 18s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersRagAppDataRoamingMozillaFirefoxProfiless5r52euh.defaultprefs.js
    ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSQuickLaunch [Rag]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSProgram [Rag]: Alloplayer.lnk . (…) — C:UsersRagAppDataRoamingMicrosoftInstaller{8A6ACC7D-F378-40DB-B0C3-E277D8A022AC}_9C5DD7514B58D6773F4D22.exe =>PUP.Alloplayer
    ~ Global Startup: 3 Legitimates Filtered in 00mn 05s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [XboxStat] . (.Microsoft Corporation – XBoxStat.exe.) — C:Program FilesMicrosoft Xbox 360 AccessoriesXboxStat.exe
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray64.exe
    O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. – Bluetooth Shell Extension.) — C:Program FilesMotorolaBluetoothbtmshell.dll
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersRagAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [NUSB3MON] . (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    O4 – HKLM..Wow6432NodeRun: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. – HPCMDelayStart Application.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
    O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersRagAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
    O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: @C:Program FilesMotorolaBluetoothResourcesfra.dll,-247 [64Bits] – {bd707fe6-39f6-4bda-9265-86a76719bdc5} — Clé orpheline
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
    O17 – HKLMSystemCCSServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
    O17 – HKLMSystemCCSServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS1ServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
    O17 – HKLMSystemCS1ServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS2ServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
    O17 – HKLMSystemCS2ServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
    O17 – HKLMSystemCS2ServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [Rocket Updater] (…) — C:UsersRagAppDataRoamingROCKET~1UPDATE~1UPDATE~1.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [Tasker] (…) — C:UsersRagAppDataRoamingcertificate.vbs” (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [TaskUserUpdate_wp] (…) — C:UsersRagAppDataRoaming~jjgrvmc.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [Updater12765.exe] (…) — C:UsersRagAppDataLocalUpdater12765Updater12765.exe (.not file.) [0] =>PUP.CrossRider
    [MD5.00000000000000000000000000000000] [APT] [WIN-fdfEfEfAfC] (…) — C:UsersRagAppDataRoaming~onofdug.exe (.not file.) [0]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{18423F16-F41B-46C7-8A20-C3E6523CDD03}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{23B769FC-C5AC-45F4-832E-AC82B963275F}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{3CDEF5F1-A659-4766-BA72-11585D106FE2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{417EFCE3-808F-4229-83F5-5E9F003B16E1}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5115B333-0E1C-458F-810F-B4E49721D712}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5B67ECF7-BDDC-4723-83FA-11625A92E074}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5DCEC873-5794-4435-B84D-D15D8275CC02}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.00000000000000000000000000000000] [APT] [{6E34C0EC-418F-4F03-8E38-A75BEFFE9772}] (…) — C:Program Files (x86)Pricora 12.0Uninstall.exe (.not file.) [0] =>Adware.Pricora
    [MD5.00000000000000000000000000000000] [APT] [{7191F987-E683-43EF-8041-36E16B184C64}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{810F7F9A-EA2B-4CED-86FA-F33F50E65120}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{87237D78-0E52-4351-B6AD-FC7B9AF594DA}] (…) — C:ProgramDataCloudSoftOptimizerProOptimizerPro.exe (.not file.) [0] =>PUP.OptimizerPro
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{87D2F4BC-362B-4FAF-962F-35A5EF4E2EB8}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{8CA5616D-61F7-49DD-AA08-C49B89B66BAF}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{95A03EDA-DF5F-4D77-A19B-6C55F1E6D3F6}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{96DD1E44-BFD8-42D8-8A75-047558496EE2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.00000000000000000000000000000000] [APT] [{ADFCD6BF-07B1-4105-9015-07DC5F2C6FC8}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{BB3ABD8D-D656-4695-98E7-0D7B0F4A0BAF}] (…) — C:UsersRagAppDataLocalTeamSpeak 3 Clientpackage_inst.exe (.not file.) [0]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{EC80195F-B542-4CEE-A3F6-99A0D3A2ECB9}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{EEFEF701-A0AA-4855-B2D4-E4D030FE12FD}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{F93418A4-BBFE-46F9-84ED-69CF39E015C3}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    [MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{FFE94A91-1051-4C68-B1F6-341503E9C8F2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsTasksAutoKMS.job [268] =>Trojan.Keygen
    O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000Core [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000UA [1088]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1058]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1062]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000Core [1018]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000UA [1070]
    O39 – APT: – (..) — C:WindowsSystem32TasksHPCeeScheduleForRag [324]
    ~ Scheduled Task: 61 Legitimates Filtered in 00mn 13s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Ares 2.2.4 – (.Ares Development Group.) [HKLM][64Bits] — Ares
    O42 – Logiciel: Decid Créateur 5.60P V2 – (…) [HKLM][64Bits] — Decid Créateur 5.60P V2
    O42 – Logiciel: FMRTE 5.1.2 – (.Raul Bravo.) [HKLM][64Bits] — {63486834-B10B-4DD4-8216-C8D66A157D7E}_is1
    O42 – Logiciel: Goat Simulator – (…) [HKLM][64Bits] — R29hdFNpbXVsYXRvcg==_is1
    O42 – Logiciel: PMU Poker – (.PMU.) [HKLM][64Bits] — PMUPoker
    O42 – Logiciel: PPÖúÊÖ PC°æ 1.1.0.6 – (.¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾.) [HKLM][64Bits] — PPÖúÊÖ PC°æ
    O42 – Logiciel: Project 64 version 2.1.0.1 – (…) [HKLM][64Bits] — Project 64_is1
    O42 – Logiciel: Trickshot – (…) [HKLM][64Bits] — {ACC9AC0E-8B6E-4393-AF52-E43CF31BA7AC}
    O42 – Logiciel: TweakAll 3.0 – (.Codeforge.) [HKLM][64Bits] — TweakAll_is1
    O42 – Logiciel: Woosaah’s Rugasmic 08 Editor – (.woosaahs programs.) [HKLM][64Bits] — {A6F18C01-D3EC-4270-8B2F-EB214CB809FF}
    ~ Logic: 63 Legitimates Filtered in 00mn 07s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAres]
    [HKCUSoftwareGenie™]
    [HKCUSoftwarePMU]
    [HKCUSoftwarePinstall]
    [HKCUSoftwareSHAPE Services]
    [HKCUSoftwareShortcut_Module]
    [HKCUSoftwareTeiron]
    [HKCUSoftwareZona]
    [HKLMSoftwareShortcut_Module]
    [HKLMSoftwareWow6432NodeSHAPE Services]
    [HKLMSoftwareWow6432NodeSecurity Center]
    [HKLMSoftwareWow6432NodeShortcut_Module]
    [HKLMSoftwareWow6432NodeWinU]
    ~ Key Software: 670 Legitimates Filtered in 00mn 07s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 08/06/2014 – 01:57:40 – [] —-D C:Program Files (x86)Air Mouse
    O43 – CFD: 18/04/2014 – 18:00:57 – [] —-D C:Program Files (x86)Ares
    O43 – CFD: 19/12/2013 – 15:38:12 – [] —-D C:Program Files (x86)F1 2013
    O43 – CFD: 10/04/2014 – 02:20:40 – [] —-D C:Program Files (x86)Goat Simulator
    O43 – CFD: 03/06/2013 – 10:12:54 – [0] —-D C:Program Files (x86)GRID 2
    O43 – CFD: 03/07/2014 – 12:38:15 – [] —-D C:Program Files (x86)NASCAR ’14
    O43 – CFD: 19/04/2014 – 22:42:38 – [] —-D C:Program Files (x86)PPÖúÊÖ
    O43 – CFD: 06/07/2014 – 16:46:28 – [0] —-D C:Program Files (x86)R.G. Games
    O43 – CFD: 31/05/2012 – 21:32:12 – [] —-D C:Program Files (x86)Radio Recorder v.1.4
    O43 – CFD: 08/11/2013 – 01:50:16 – [] —-D C:Program Files (x86)SP55068
    O43 – CFD: 08/11/2013 – 23:37:01 – [] —-D C:Program Files (x86)Trickshot
    O43 – CFD: 06/04/2013 – 23:26:32 – [] —-D C:Program Files (x86)TS Notifier
    O43 – CFD: 22/04/2014 – 17:47:58 – [0] —-D C:Program Files (x86)Vocaluxe
    O43 – CFD: 20/11/2013 – 19:57:58 – [] —-D C:Program Files (x86)Woosaah Ruggby 08 Editor
    O43 – CFD: 18/02/2012 – 16:38:15 – [] —-D C:ProgramDataAutoKMS =>Trojan.Keygen
    O43 – CFD: 02/03/2014 – 04:36:28 – [] -SH-D C:ProgramDataICLJIG
    O43 – CFD: 11/07/2014 – 16:44:12 – [0] —-D C:ProgramDataSHAPE Services
    O43 – CFD: 16/06/2013 – 15:29:10 – [] —-D C:ProgramDataUEL
    O43 – CFD: 07/02/2014 – 21:34:06 – [] —-D C:ProgramData{18165758-115C-4DC0-9EC2-FF89F725767F}
    O43 – CFD: 22/05/2014 – 02:50:16 – [] —-D C:UsersRagAppDataRoamingAlloplayerBdd =>PUP.Alloplayer
    O43 – CFD: 12/10/2012 – 00:14:28 – [] —-D C:UsersRagAppDataRoamingPMU
    O43 – CFD: 06/07/2014 – 06:11:52 – [0] —-D C:UsersRagAppDataRoamingrightbackup
    O43 – CFD: 10/07/2014 – 13:32:07 – [] —-D C:UsersRagAppDataRoamingShareaza
    O43 – CFD: 22/05/2014 – 02:33:30 – [] —-D C:UsersRagAppDataRoamingZona
    O43 – CFD: 24/04/2014 – 03:38:55 – [0] —-D C:UsersRagAppDataLocal2012
    O43 – CFD: 04/02/2012 – 11:45:13 – [] —-D C:UsersRagAppDataLocal28050
    O43 – CFD: 16/12/2013 – 12:06:46 – [] —-D C:UsersRagAppDataLocalAres
    O43 – CFD: 24/05/2013 – 05:02:06 – [] —-D C:UsersRagAppDataLocalShareaza
    O43 – CFD: 05/07/2012 – 21:48:57 – [0] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsDB Vrai Nom – PCM France
    O43 – CFD: 31/05/2012 – 21:32:11 – [0] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsRadio Recorder v.1.4
    O43 – CFD: 08/06/2013 – 15:44:30 – [] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsSystème
    O43 – CFD: 20/11/2013 – 19:57:59 – [] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsWoosaah’s Rugasmic 08 Editor
    ~ Program Folder: 446 Legitimates Filtered in 00mn 07s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.9A638760CFB0BB01AD3B646CAA0BD0C4] – 02/07/2014 – 23:31:22 —A- . (…) — C:WindowsKillProcess.INI [325]
    O44 – LFC:[MD5.485055033BCDDFDE56325C0D2FEEA4F2] – 05/07/2014 – 15:20:23 —A- . (…) — C:WindowsKMSEmulator.exe [151552]
    O44 – LFC:[MD5.096A3C078107C797DF04F1402C1C6356] – 10/07/2014 – 05:24:58


    . (…) — C:Shortcut_Module_10_07_2014_06_24_58.txt [120018]
    O44 – LFC:[MD5.18DE0D1BB1F13AC55D32DCB39E521E5E] – 10/07/2014 – 14:08:32


    . (…) — C:Shortcut_Module_10_07_2014_15_08_32.txt [41129]
    O44 – LFC:[MD5.718E53084CF131630715CF0EDFD30868] – 11/07/2014 – 15:30:09 —A- . (…) — C:Shortcut_Module_11_07_2014_16_30_09.txt [55072]
    O44 – LFC:[MD5.B2111A07AFF8E75C082C6E2F10FE0B25] – 11/07/2014 – 15:37:11 —A- . (…) — C:.dir [780]
    ~ Files: 64 Legitimates Filtered in 00mn 05s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{184bfa1f-349c-11e1-b9c2-101f74168afc}AutoRuncommand. (…) — G:setup.exe (.not file.)
    O51 – MPSK:{19194862-9dfc-11e1-aebc-101f74168afc}AutoRuncommand. (…) — I:LaunchU3.exe (.not file.)
    O51 – MPSK:{bb0a0f9a-8b07-11e1-b46b-101f74168afc}AutoRuncommand. (…) — J:setup.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″VIDC.TMB1″=”tmb1-v64.dll” . (…) — C:WindowsSystem32tmb1-v64.dll
    O52 – TDSD: drivers.desc”tmb1-v64.dll”=”PlayClaw 4 video decoder 64″ . (…) — C:WindowsSystem32tmb1-v64.dll
    ~ TDSD: 4 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAllShareAgent [Key] . (…) — C:Program Files (x86)SamsungAllShareAllShareAgent.exe (.not file.)
    O53 – SMSR:HKLM…startupregSyncios device service [Key] . (…) — C:Program Files (x86)SynciosSynciosDeviceService.exe (.not file.)
    O53 – SMSR:HKLM…startupreguTorrent [Key] . (.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
    O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
    O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175] =>.ALWIL Software
    O58 – SDL:20/05/2012 – 09:39:53 —A- . (…) — C:WindowsSystem32Driversatksgt.sys [314016]
    O58 – SDL:02/01/2012 – 18:26:26 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [270912]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:20/01/2013 – 07:07:06 —A- . (.AnchorFree Inc. – Hotspot Shield Routing Driver.) — C:WindowsSystem32Drivershssdrv6.sys [42696]
    O58 – SDL:20/05/2012 – 09:39:52 —A- . (…) — C:WindowsSystem32Driverslirsgt.sys [43680]
    O58 – SDL:31/01/2013 – 10:50:58 —A- . (.ManyCam LLC – ManyCam Virtual Microphone.) — C:WindowsSystem32Driversmcaudrv_x64.sys [28160]
    O58 – SDL:11/10/2012 – 04:08:10 —A- . (.ManyCam LLC – ManyCam Virtual Webcam.) — C:WindowsSystem32Driversmcvidrv_x64.sys [44928]
    O58 – SDL:23/03/2013 – 23:01:26 —A- . (.pBUS-167 Software – http://www.pbus-167.com” onclick=”window.open(this.href);return false; – Notebook Hardware Control Device Driver.) — C:WindowsSystem32DriversnhcDriver.sys [22528]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:02/06/2011 – 04:11:26 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt64.sys [528384]
    O58 – SDL:01/07/2011 – 10:46:40 —A- . (.The OpenVPN Project – TAP-Win32 Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [31232]
    O58 – SDL:20/01/2013 – 07:16:48 —A- . (.Anchorfree Inc. – Anchorfree HSS VPN Adapter.) — C:WindowsSystem32Driverstaphss6.sys [42184]
    O58 – SDL:18/03/2013 – 16:51:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    O58 – SDL:26/12/2008 – 12:56:04 —A- . (.Avnex – Avnex Ltd. Virtual Audio Device (WDM).) — C:WindowsSystem32Driversvcsvad.sys [21504]
    ~ Drivers: 94 Legitimates Filtered in 00mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    O63 – Logiciel: HiJackThis – (.Trend Micro.) [HKLM] — {45A66726-69BC-466B-A7A4-12FCBA4883D7}
    O63 – Logiciel: OTL – (.OldTimer.)
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {08E3C4EE-C625-473F-B7FC-E87F700B5855} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {C6032E4B-F4D5-4B62-906B-55E7D90625AF} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.DB95B03031E66AC45495EDF1D16B8887] [SPRF][10/07/2014] (…) — C:UsersRagDesktopadwcleaner_3.215.exe [1348263]
    [MD5.624C7518F90073CBE7D69B3A7E80EEB3] [SPRF][06/12/2011] (.i-Funbox.com – File & App Manager for iPhone/iPad.) — C:UsersRagDesktopiFunBox.exe [7783424]
    [MD5.EBD27B1A5614F278E23E7F8E88CEA829] [SPRF][11/07/2014] (.Pas de propriétaire – Shortcut_Module.) — C:UsersRagDesktopShortcut_Module.exe [2636288]
    ~ Files: 7 Legitimates Filtered in 00mn 01s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{A87FB84A-F951-4610-B5F5-8844FF6941C6}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{C29AA608-2DAE-4D7F-A985-EB344848A11E}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{166D3601-AC42-4248-91A6-A2ED7AF86E0E}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{89D7F055-8BB7-4978-BAEB-92C3D9D55541}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 4 Legitimates Filtered in 00mn 05s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingAlloplayer_RASAPI32 =>PUP.Alloplayer
    HKLMSOFTWAREWow6432NodeMicrosoftTracingAlloplayer_RASMANCS =>PUP.Alloplayer
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingwhilokii_is_RASAPI32 =>PUP.Whilokii
    HKLMSOFTWAREWow6432NodeMicrosoftTracingwhilokii_is_RASMANCS =>PUP.Whilokii
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWhilokii_Setup_RASAPI32 =>PUP.Whilokii
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWhilokii_Setup_RASMANCS =>PUP.Whilokii
    ~ BTK: 575 Legitimates Filtered in 00mn 02s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Disabled 23/06/2014 49152 | (BEService) . (…) – C:Program Files (x86)Common FilesBattlEyeBEService.exe
    SS – | Disabled 17/09/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Disabled 14/07/2012 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Disabled 14/07/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
    SS – | Disabled 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SS – | Disabled 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SS – | Demand 11/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Disabled 21/03/2011 1845248 | (nlsvc) . (.Locktime Software.) – C:Program FilesNetLimiter 3nlsvc.exe
    SS – | Disabled 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Disabled 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SS – | Disabled 29/06/2012 4714888 | (vncserver) . (.RealVNC Ltd.) – C:Program FilesRealVNCVNC Servervncserver.exe
    SS – | Disabled 27/07/2011 5023744 | (wxpSvc) . (.Moonware Studios.) – C:Program Files (x86)webcamXP 5wService.exe
    SR – | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMAESTSr64.exe
    SR – | Auto 09/03/2012 235520 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 08/02/2011 4151376 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothdevmgrsrv.exe
    SR – | Auto 28/02/2011 1189968 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothaudiosrv.exe
    SR – | Auto 15/02/2011 680016 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothobexsrv.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
    SR – | Demand 17/09/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
    SR – | Auto 25/08/2011 260424 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe
    SR – | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
    SR – | Demand 15/02/2011 1071160 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) – C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe
    SR – | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
    SR – | Auto 09/11/2010 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
    SR – | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 23/05/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SR – | Demand 06/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 25/10/2013 2768208 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 10/07/1658 0 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
    SR – | Auto 02/06/2011 301568 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
    SR – | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe
    SR – | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 28s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (25/06/2014)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 3
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreguTorrent] =>P2P.BitTorrent^
    [HKLMSYSTEMCurrentControlSetServicesEventlogApplicationHssSrv] =>Trojan.Adclicker
    C:ProgramDataAutoKMS =>Trojan.Keygen^
    C:UsersRagAppDataRoamingAlloplayerBdd =>PUP.Alloplayer^
    C:WindowsTasksAutoKMS.job =>Trojan.Keygen^
    C:WindowsKMSEmulator.exe =>Hijacker.Windows
    ~ Additionnel Scan: 466623 Items scanned in 02mn 19s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 5 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    http://nicolascoolman.fr/adware-pricora” onclick=”window.open(this.href);return false; =>Adware.Pricora
    http://nicolascoolman.fr/pup-optimizerpro” onclick=”window.open(this.href);return false; =>PUP.OptimizerPro
    http://nicolascoolman.fr/pup-whilokii” onclick=”window.open(this.href);return false; =>PUP.Whilokii
    http://nicolascoolman.fr/hijacker-windows” onclick=”window.open(this.href);return false; =>Hijacker.Windows
    ~ MSI: 5 link(s) detected in 00mn 00s

    ~ 1455 Legitimates filtered by white list
    End of the scan (622 lines in 05mn 20s)(0)

    Merci d’avance pour votre réponse

Le sujet ‘PC lent – System speedup’ est fermé à de nouvelles réponses.