Oropher
Participant
Nombre d'articles : 10

Suite (trop de rapport!! mdr )

ZHPDiag

Spoiler for kek0oa2g

~ Rapport de ZHPDiag v2013.12.7.16 – Nicolas Coolman (07/12/2013)
~ Lancé par Thibault (11/12/2013 14:06:12)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428
MFIE: Mozilla Firefox 25.0.1 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : BP67J
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v3.25 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
µTorrent v2.2.1 =>P2P.µTorrent

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4077 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (4%) free of 119 GB

—\ Mode de connexion au système
~ Computer Name: PRÉCIEUX
~ User Name: Thibault
~ All Users Names: Thibault, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersThibaultAppDataRoamingZHP
~ %AppData% : C:UsersThibaultAppDataRoaming
~ %Desktop% : C:UsersThibaultDesktop
~ %Favorites% : C:UsersThibaultFavorites
~ %LocalAppData% : C:UsersThibaultAppDataLocal
~ %StartMenu% : C:UsersThibaultAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 119 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 376 Go of 932 Go)
F: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go)
G: Hard drive, Flash drive, Thumb drive (Free 2053 Go of 2794 Go)
H: CD-ROM drive (Free 0 Go of 7 Go)
I: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)
J: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.04/12/2013 – 00:26:18.) — C:WindowsSystem32wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
Mes images (My Pictures) : 2/2 (Modified)
~ Mes musiques (My Musics) : 1/5
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/7550
~ Mon Bureau (My Desktop) : 1/543
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.B644A9A9A8ADDEC20E7956373130AC2D] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2273056] [PID.2756]
[MD5.384366C69DF4C11133915C3315F541CC] – (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe [1028896] [PID.3252]
[MD5.4D837DC7A4960B3A635AB9F7108D6B0B] – (.Valve Corporation – Steam Client Bootstrapper (buildbot_winslav.) — C:JeuSteamSteam.exe [1823656] [PID.3296]
[MD5.CC02FBA3F124E56ECDB77BCFA4DAEB9E] – (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe [347648] [PID.3348]
[MD5.22DA0DDAF1BF9E0FB5C705319024429B] – (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe [399224] [PID.3364] =>P2P.BitTorrent
[MD5.E08959B4F41E833971BEA1878967D3BD] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.3444]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.3500]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] – (.OpenOffice.org – OpenOffice.org 3.3.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11322880] [PID.3540]
[MD5.736E57247F12EACECDB224B8D1F7F187] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.3552]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] – (.OpenOffice.org – OpenOffice.org 3.3.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11314688] [PID.3644]
[MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3404]
[MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.4400]
[MD5.5D60EE718D0C708D69DFF4B3336B68BF] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.4748]
[MD5.C0F5728CCD08AB01D66646FA320A03F2] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8286208] [PID.6104]
[MD5.49D9C17FDDFAC66F27FA735E94923216] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [414496] [PID.956]
[MD5.7A189530FD0CFD415DBE41123F8A6A59] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1312]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1780]
[MD5.1D3878E5722F0AB3C22D04E88AC4AC55] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1370912] [PID.1876]
[MD5.7DE35FB26617D9AEF44CEFE9FAC5C51A] – (.Valve Corporation – Steam Client Service (buildbot_winslave04_s.) — C:Program Files (x86)Common FilesSteamSteamService.exe [569768] [PID.1276]
~ Processes Running: Scanned in 00mn 00s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultprefs.js
M2 – MFEP: prefs.js [Thibault – w9ai663y.defaulttoolbarbutton@browseradditions.com] [] BrowserAdditions v1.0 (..)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.searchs.at” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.searchs.at” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.searchs.at/keyword/” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://www.searchs.at” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://www.searchs.at” onclick=”window.open(this.href);return false;
~ IE Browser: 22 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Call of Juarez Gunslinger.lnk . (.Techland – Call of Juarez® Gunslinger.) — E:Jeu installéCall of Juarez GunslingerCoJGunslinger.exe
O4 – GSDesktop [Public]: Dungeon Keeper 2.lnk . (…) — E:Jeu installéDungeon Keeper 2DKII.exe
O4 – GSDesktop [Public]: FightBoard Advanced.lnk . (…) — C:Program Files (x86)REVOLTECFightBoard Advanced 2.00FightBoard.exe
O4 – GSDesktop [Public]: Heroes of Might and Magic V – Tribes of the East.lnk . (…) — E:Jeu installéHeroes of Might and Magic V – Tribes of the EastHeroes of Might and Magic V – Tribes of the EastbinH5_Game.exe
O4 – GSDesktop [Public]: Heroes of Might and Magic V.lnk . (…) — E:Jeu installéHeroes of Might and Magic VbinH5_Game.exe
O4 – GSDesktop [Public]: Legend of Grimrock.lnk . (…) — E:Jeu installéLegend of Grimrockgrimrock.exe
O4 – GSDesktop [Public]: MechWarrior Online.lnk . (.Piranha Games Inc. – MechWarrior Online.) — E:Jeu installémechwarriorMechWarrior OnlineBin32MechWarriorOnline.exe
O4 – GSDesktop [Public]: Nexus Mod Manager.lnk . (.Black Tree Gaming – Nexus Mod Manager.) — C:Program FilesNexus Mod ManagerNexusClient.exe
O4 – GSDesktop [Public]: Overlord.lnk . (…) — E:Jeu installéOverlordOverlord.exe
O4 – GSDesktop [Public]: RomStation.lnk . (…) — C:Program Files (x86)RomStationRomStation.exe
O4 – GSDesktop [Public]: Sniper Elite V2.lnk . (…) — E:Jeu installéSniperEliteV2binSniperEliteV2.exe
O4 – GSDesktop [Public]: Temple of Elemental Evil.lnk . (…) — C:JeuTemple of Elemental EvilToEE.exe
O4 – GSDesktop [Public]: Warhammer® Mark of Chaos™.lnk . (.Black Hole Entertainment – Warhammer®: Battle March™.) — C:JeuWarhammer® Mark of ChaosWarhammer.exe
O4 – GSDesktop [Public]: XCOM Enemy Unknown.lnk . (.Firaxis Games – XCOM: Enemy Unknown.) — C:JeuXCOM Enemy UnknownBinariesWin32XComGame.exe
O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSProgram [Public]: Call of Juarez Gunslinger.lnk . (.Techland – Call of Juarez® Gunslinger.) — E:Jeu installéCall of Juarez GunslingerCoJGunslinger.exe
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Thibault]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Thibault]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSTaskBar [Thibault]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [Thibault]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Thibault]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Thibault]: AnumanLive.lnk . (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
O4 – GSDesktop [Thibault]: CivilizationV – Raccourci.lnk . (.Firaxis Games – Sid Meier's Civilization V.) — E:Jeu installéSid Meier's Civilization V – Gods and KingsCivilizationV.exe
O4 – GSDesktop [Thibault]: Down of War II.lnk . (.THQ Canada Inc. – DOW2.) — E:JeuDown of War IIDOW2.exe
O4 – GSDesktop [Thibault]: Dragon Age – Origins.lnk . (.BioWare – Launcher Application.) — E:Jeu installéDragon AgeDAOriginsLauncher.exe
O4 – GSDesktop [Thibault]: Dragon Age 2.lnk . (.BioWare – Dragon Age II.) — E:Jeu installéDragon Age 2bin_shipDragonAge2.exe
O4 – GSDesktop [Thibault]: Mass Effect 2.lnk . (.BioWare – Mass Effect 2.) — E:Jeu installéMass Effect 2BinariesMassEffect2.exe
O4 – GSDesktop [Thibault]: Mass Effect 3.lnk . (.BioWare – Mass Effect(TM) 3.) — E:Jeu installéMass Effect 3BinariesWin32MassEffect3.exe
O4 – GSDesktop [Thibault]: Mass Effect.lnk . (.BioWare – Mass Effect.) — E:Jeu installéMass EffectBinariesMassEffect.exe
O4 – GSDesktop [Thibault]: Mount&Blade With Fire and Sword.lnk . (. Taleworlds Entertainment – Mount&Blade: With Fire and Sword.) — C:Program Files (x86)Mount&Blade With Fire and Swordmb_wfas.exe
O4 – GSDesktop [Thibault]: Nexus.lnk . (…) — E:Jeu installéNexus – The Jupiter Incidentnexus.exe
O4 – GSDesktop [Thibault]: Ordinateur – Raccourci.lnk – Clé orpheline
O4 – GSDesktop [Thibault]: Photoshop.lnk . (.Adobe Systems, Incorporated – Adobe Photoshop CS6.) — C:Program Files (x86)AdobeAdobe Photoshop CS6Photoshop.exe =>.Adobe Systems Incorporated
O4 – GSDesktop [Thibault]: Rome Total War 2.lnk . (.The Creative Assembly Ltd – Total War: Rome II.) — E:Jeu installéTotal War Rome IIRome2.exe
O4 – GSDesktop [Thibault]: Sid Meiers Civilization V.lnk . (.Firaxis Games – Civilization V Launcher.) — C:JeuSid Meier's Civilization VLauncher.exe
O4 – GSDesktop [Thibault]: Total War™ SHOGUN 2.lnk . (.The Creative Assembly Ltd – Total War: SHOGUN 2.) — E:Jeu installéTotal War Shogun 2Shogun2.exe
O4 – GSDesktop [Thibault]: Téléchargement.lnk . (…) — E:Téléchargement
O4 – GSDesktop [Thibault]: wesnoth.lnk . (…) — E:JeuBattle for Wesnoth 1.8.5wesnoth.exe
~ Global Startup: 99 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Thibault]: OpenOffice.org 3.3.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [Logitech Download Assistant] . (.Logitech, Inc. – Logitech Download Assistant.) — C:WindowsSystem32LogiLDA.dll
O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [Nvtmru] . (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Corenvtmru.exe
O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
O4 – HKCU..Run: [Steam] . (.Valve Corporation – Steam Client Bootstrapper (buildbot_winslav.) — C:JeuSteamSteam.exe
O4 – HKCU..Run: [AnumanLive] . (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
O4 – HKCU..Run: [AdobeBridge] Clé orpheline
O4 – HKCU..Run: [uTorrent] . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [NWEReboot] Clé orpheline
O4 – HKLM..Wow6432NodeRun: [SwitchBoard] . (.Adobe Systems Incorporated – SwitchBoard Server (32 bit).) — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O4 – HKLM..Wow6432NodeRun: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated – Adobe CS6 Service Manager.) — C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKLM..Wow6432NodeRun: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdate9e6f17cc-3f6c-4ec1-a858-5c4e1cff4cc2.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [Steam] . (.Valve Corporation – Steam Client Bootstrapper (buildbot_winslav.) — C:JeuSteamSteam.exe
O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [AnumanLive] . (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [AdobeBridge] Clé orpheline
O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [uTorrent] . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{8E3C289F-02CB-41E3-91A0-465F0065B175}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCCSServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpNameServer = 91.121.161.184 188.165.197.144
O17 – HKLMSystemCCSServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpDomain = lan
O17 – HKLMSystemCS1ServicesTcpip..{8E3C289F-02CB-41E3-91A0-465F0065B175}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS1ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpNameServer = 91.121.161.184 188.165.197.144
O17 – HKLMSystemCS1ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpDomain = lan
O17 – HKLMSystemCS2ServicesTcpip..{8E3C289F-02CB-41E3-91A0-465F0065B175}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS2ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpNameServer = 91.121.161.184 188.165.197.144
O17 – HKLMSystemCS2ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpDomain = lan
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 91.121.161.184 188.165.197.144
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Arcanum – (.Troika Games LLC.) [HKLM][64Bits] — {08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}
O42 – Logiciel: Dungeon Keeper 2 – (…) [HKLM][64Bits] — Dungeon Keeper II
O42 – Logiciel: MechWarrior Online – (.Piranha Games Inc..) [HKLM][64Bits] — {1B2EC53E-FB7C-40E7-A4E8-504171771FC0}
O42 – Logiciel: MechWarrior Online – (.Piranha Games Inc..) [HKLM][64Bits] — {73bcb521-8936-42d7-ad00-ec2bb399e26c}
O42 – Logiciel: Temple of Elemental Evil – (…) [HKLM][64Bits] — {AD80F06B-0F21-4EEE-934D-BEF0D21E6383}
O42 – Logiciel: lesFourmis – (…) [HKLM][64Bits] — lesFourmis
~ Logic: 26 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarePiranha Games]
~ Key Software: 292 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 11/12/2013 – 11:09:54 – [0] —-D C:Program Files (x86)GeCAD
~ Program Folder: 139 Legitimates Filtered in 00mn 02s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 04/12/2013 – 00:26:18 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
O44 – LFC:[MD5.141A4682049682B8337F946E10CDCE65] – 11/12/2013 – 13:00:01 —A- . (…) — C:UsbFix [Scan 1] PRÉCIEUX.txt [9411]
~ Files: 90 Legitimates Filtered in 00mn 01s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{118b0bf1-4de5-11e1-acdb-c860006839aa}AutoRuncommand. (.BioWare – Launcher Application.) — H:autorun.exe
O51 – MPSK:{2cc013cb-4c47-11e1-81ea-806e6f6e6963}AutoRuncommand. (…) — D:autorun.exe (.not file.)
O51 – MPSK:{47dd5448-4c44-11e1-baad-806e6f6e6963}AutoRuncommand. (…) — D:Binassetup.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 06/11/2013 – 21:16:51 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 06/11/2013 – 21:16:51 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
O58 – SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] – 09/03/2012 – 13:45:03 —A- . (…) — C:WindowsSystem32Driversatksgt.sys [88480]
O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:[MD5.955982BF4421B77722196552B62E8DC2] – 09/03/2012 – 13:45:03 —A- . (…) — C:WindowsSystem32Driverslirsgt.sys [46400]
O58 – SDL:[MD5.656736958178461D25B51BB0D9EC7D09] – 01/12/2013 – 18:28:38 —A- . (.Duplex Secure Ltd. – SCSI Pass Through Direct Host.) — C:WindowsSystem32Driverssptd.sys [381440]
O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
O58 – SDL:[MD5.E30B899AB45384AE27656619A702EA7A] – 28/11/2007 – 13:48:54 —A- . (.Copyright (C) Listan GmbH & Co.KG – REVOLTEC FightBoard Advanced Game Controller Driver.) — C:WindowsSystem32Driverssystormflb.sys [23712]
O58 – SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] – 02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
~ Drivers: 16 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1Duran1.xml [5765]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4Duran1_Story.xml [25370]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4savegame.das [2225636]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4savegame.das.met [1138]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4screen.dds [65664]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1Duran1_Story.xml [25370]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1savegame.das [2225860]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1savegame.das.met [1138]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1screen.dds [65664]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1Duran1_Story.xml [25440]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1Oropher.das [2244444]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1Oropher.das.met [1150]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1screen.dds [65664]
O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeSettingsProfile.dap [25630]
O61 – LFC: 11/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultAppDataRoamingZHPLog.txt [16861] =>.Nicolas Coolman
O61 – LFC: 11/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultAppDataRoamingZHPTestsZHPDiag.txt [2938] =>.Nicolas Coolman
O61 – LFC: 11/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon Age 2systeminformation.xml [7845]
O61 – LFC: 11/12/2013 – 14:06:39 —A- . (…) — C:UsersThibaultDownloadsadwcleaner.exe [1226802]
O61 – LFC: 11/12/2013 – 14:06:41 —A- . (…) — C:UsersThibaultDownloadsUsbFix(1).exe [0]
O61 – LFC: 11/12/2013 – 14:06:41 —A- . (…) — C:UsersThibaultDownloadsUsbFix(2).exe [0]
O61 – LFC: 11/12/2013 – 14:06:41 —A- . (…) — C:UsersThibaultDownloadsUsbFix.exe [0]
~ 100 Fichiers temporaires (Temporary files)
~ Files: 780 Legitimates Filtered in 00mn 07s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
E:JeucrackCRACK-Bataille pour la terre du milieuLe Seigneur Des Anneaux – La Bataille Pour La Terre Du Milieu (The Battle For Middle Earth) – Keygen.zip
E:JeucrackCRACK-Bataille pour la terre du milieuThe Lord Of The Rings – The Battle For Middle Earth Keygen.rar
E:JeuMass Effect 2Mass Effect 2 Keygen, crack, et infoskeygen.exe
E:JeuMass Effect 2Mass Effect 2 Keygen, crack, et infosMassEffect2.exe
E:JeuMass Effect 2ME2_1_FA98keygen.exe
~ Files: Scanned in 00mn 38s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.13C16BD2140940551895CF0BAD91DB87] [SPRF][11/12/2013] (…) — C:UsersThibaultAppDataLocalTemp42050-359-rav-antivirus-desktop.exe [12802048]
[MD5.F4118787E9A624968F8D82990623EAA2] [SPRF][11/12/2013] (…) — C:UsersThibaultAppDataLocalTempinstloffer.exe [557356]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/12/2013] (…) — C:UsersThibaultAppDataLocalTempOKitSpaceSetup.exe [0] =>PUP.Onekit
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (…) — C:UsersThibaultAppDataLocalTempQuarantine.exe [360051]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersThibaultAppDataLocalTempuninst1.exe [389632] =>PUP.Babylon
~ Files: 5 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{5B9DE060-65D4-4EF7-BCB1-D933A258B5D2}C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe” |In – Private – P6 – TRUE | .(…) — C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe (.not file.)
O87 – FAEL: “UDP Query User{17DED76C-822D-44E9-80C0-0E1B53A86564}C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe” |In – Private – P17 – TRUE | .(…) — C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe (.not file.)
O87 – FAEL: “TCP Query User{7FD21FDB-0A4D-461A-A992-2491E114B13D}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{D33BABA7-7002-462B-97D8-41E404F2DE7E}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{CF191F31-9808-452B-9566-8DE8D31E2F06}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “{BE9BAF20-CE73-4CF2-9888-403D50DD7E1A}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “{E1CA07F9-E0E4-4CFB-BA2E-33AA617BB5D9}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “{C6171E89-7B51-4354-9261-9FE76661286F}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “TCP Query User{47C3C347-D272-4288-9594-9B89C55D5970}E:jeubattle for wesnoth 1.8.5wesnothd.exe” | In – Private – P6 – TRUE | .(…) — E:jeubattle for wesnoth 1.8.5wesnothd.exe
O87 – FAEL: “UDP Query User{5413FE72-3CDE-4C8E-9851-B9B2ECB6222A}E:jeubattle for wesnoth 1.8.5wesnothd.exe” | In – Private – P17 – TRUE | .(…) — E:jeubattle for wesnoth 1.8.5wesnothd.exe
O87 – FAEL: “TCP Query User{2E82F62A-4041-4812-ADE0-29672C729C90}C:jeurome – total warrometw.exe” |In – Private – P6 – FALSE | .(…) — C:jeurome – total warrometw.exe (.not file.)
O87 – FAEL: “UDP Query User{EA97DF13-B145-40C0-8E8E-10AA8B85E9DD}C:jeurome – total warrometw.exe” |In – Private – P17 – FALSE | .(…) — C:jeurome – total warrometw.exe (.not file.)
O87 – FAEL: “TCP Query User{55E233A4-C890-4066-8321-6CE0544F1C22}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{2029B272-793D-4372-8846-051ABE4980BD}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{042F912B-760B-4F11-B8B1-A1997042C30A}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Private – P6 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
O87 – FAEL: “UDP Query User{AEE91F9C-FC4A-432A-9747-495FBFA07DA4}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Private – P17 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
O87 – FAEL: “TCP Query User{4CDD4C69-45A0-4C10-BB07-E31FC9A62C9A}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Public – P6 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
O87 – FAEL: “UDP Query User{176156CB-29E8-4C0A-8B4C-477F8524F583}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Public – P17 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
O87 – FAEL: “TCP Query User{A6410583-5364-4EDE-A68E-39EA6E9309AB}C:jeuwarhammer® mark of chaoswarhammer.exe” | In – Private – P6 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:jeuwarhammer® mark of chaoswarhammer.exe
O87 – FAEL: “UDP Query User{F74D7510-3253-4F2E-A78E-02AE0ABAB741}C:jeuwarhammer® mark of chaoswarhammer.exe” | In – Private – P17 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:jeuwarhammer® mark of chaoswarhammer.exe
O87 – FAEL: “{E105079D-AC2E-42A4-AF8E-59CC87BA9926}” | In – Public – P6 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:JeuWarhammer® Mark of ChaosWarhammer.exe
O87 – FAEL: “{0526EE69-1865-45ED-8EE4-3A5BA6B526AA}” | In – Public – P17 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:JeuWarhammer® Mark of ChaosWarhammer.exe
O87 – FAEL: “{45042BBB-FA6A-4FED-9CF9-1D366F7A74F1}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 – FAEL: “{8380FA16-9DEA-449D-B256-A87993890350}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 – FAEL: “{1E46F584-9033-4B56-A9EE-6DBE6E2CE39E}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 – FAEL: “{33AADC9E-D30F-438D-B415-89545F680C73}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 – FAEL: “TCP Query User{7412A1B9-2DB5-49C7-AA6F-C44D80308A6A}E:jeu installéoriginal warowarfull.exe” | In – Private – P6 – TRUE | .(…) — E:jeu installéoriginal warowarfull.exe
O87 – FAEL: “UDP Query User{AC1F002D-D4E7-471D-A26F-3610C244DC23}E:jeu installéoriginal warowarfull.exe” | In – Private – P17 – TRUE | .(…) — E:jeu installéoriginal warowarfull.exe
~ Firewall: 285 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “93C19CBAD662240428E834680E2F2581” . (.Warhammer Battle March.) — C:WindowsInstaller{ABC91C39-266D-4042-828E-4386E0F25218}ARPPRODUCTICON.exe
~ Update Products: 48 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.964914A3090CE0E7CB5D5144B3E0D37B] [WIS][17/09/2013] (.Piranha Games Inc. – MechWarrior Online.) — C:WindowsInstaller16d954.msi [6668288]
[MD5.79E6443F01B4B1C3B957AA38DDD564FF] [WIS][16/07/2012] (.Boxore OU. – Software Update Helper.) — C:WindowsInstaller204b49.msi [45056] =>Adware.Boxore
[MD5.0D3D8A540679ABE6CE4F8EB43475102B] [WIS][31/01/2012] (.REVOLTEC – FightBoard Advanced.) — C:WindowsInstaller25a13.msi [10309632]
[MD5.93F772291029409295D4CF49368EAA1F] [WIS][17/09/2004] (.Nom de votre société – Nexus – The Jupiter Incident.) — C:WindowsInstaller2c44a1.msi [3610600]
[MD5.918ACE4687D2FBE32BB792A4922C8F3B] [WIS][18/04/2008] (.Namco Bandai Games – Warhammer Mark of Chaos.) — C:WindowsInstaller2c77eea.msi [4510720]
~ WIS: 64 Legitimates Filtered in 00mn 02s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Demand 15/12/2009 25832 | (DAUpdaterSvc) . (.BioWare.) – E:Jeu installéDragon Agebin_shipDAUpdaterSvc.Service.exe
SS – | Demand 16/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe

SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 06/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 19/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 25/10/2013 2768208 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
SR – | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
SR – | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
SR – | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Demand 04/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
SR – | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 02s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Thibault at 11/12/2013 14:07:26
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Thibault at 11/12/2013 14:07:28

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

—\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 – SDL:[MD5.656736958178461D25B51BB0D9EC7D09] – 01/12/2013 – 18:28:38 —A- . (.Duplex Secure Ltd. – SCSI Pass Through Direct Host.) — C:WindowsSystem32Driverssptd.sys [381440]
~ Emulateurs: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13011 – (07/12/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 18

[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesBA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products9BB106980C8CD3949921DAF7159A813A] =>Adware.Boxore
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:uTorrent =>P2P.BitTorrent^
C:UsersThibaultAppDataLocalSoftware =>Adware.Boxore
C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent^
C:UsersThibaultAppDataLocalTempOKitSpaceSetup.exe =>PUP.Onekit^
C:UsersThibaultAppDataLocalTempuninst1.exe =>PUP.Babylon^
C:WindowsInstaller204b49.msi =>Adware.Boxore^
C:UsersThibaultDownloadscacaoweb.exe =>PUP.CacaoWeb
C:UsersThibaultAppDataLocalTempinstloffer.exe =>PUP.OfferBox
C:UsersThibaultAppDataLocalTempime_babylon_logo.bmp =>PUP.SweetIM
C:UsersThibaultAppDataLocalTempsquare_wajam.bmp =>Toolbar.Wajam
C:UsersThibaultAppDataLocalTempwajam_image1.bmp =>Toolbar.Wajam
C:UsersThibaultAppDataLocalTempwajam_logo.bmp =>Toolbar.Wajam
C:UsersThibaultAppDataLocalTempwajam_terms.rtf =>Toolbar.Wajam
C:UsersThibaultAppDataLocalTempmoreinfo_boxore.bmp =>Adware.Boxore
C:UsersThibaultAppDataLocalTempsquare_boxore.bmp =>Adware.Boxore
C:UsersThibaultAppDataLocalTemplollipop_moreinfo.bmp =>Adware.Lollipop
C:UsersThibaultAppDataLocalTempsquare_lollipop.bmp =>Adware.Lollipop
C:UsersThibaultAppDataLocalTemppricepeep_logo.bmp =>Adware.PricePeep
C:UsersThibaultAppDataLocalTempsquare_pricepeep.bmp =>Adware.PricePeep
~ Additionnel Scan: 201544 Items scanned in 00mn 12s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33456961-pup-onekit” onclick=”window.open(this.href);return false; =>PUP.OneKit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader” onclick=”window.open(this.href);return false; =>PUP.YourFileDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
~ MSI: 9 link(s) detected in 00mn 12s

~ 1898 Legitimates filtered by white list
End of the scan (579 lines in 01mn 28s)(5)[/spoiler:kek0oa2g]