Rageremie
Participant
Nombre d'articles : 14

~ Rapport de ZHPDiag v2014.4.25.44 – Nicolas Coolman (25/04/2014)
~ Lancé par Jérémie (25/04/2014 11:04:36)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9P736
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8

—\ Logiciels d’optimisation du système
CCleaner v4.06 =>.Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Java 7 Update 51

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3988 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 749 GB (82%) free of 907 GB

—\ Mode de connexion au système
~ Computer Name: JÉRÉMORDI
~ User Name: Jérémie
~ All Users Names: Jérémie, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersJérémieAppDataRoamingZHP
~ %AppData% : C:UsersJérémieAppDataRoaming
~ %Desktop% : C:UsersJérémieDesktop
~ %Favorites% : C:UsersJérémieFavorites
~ %LocalAppData% : C:UsersJérémieAppDataLocal
~ %StartMenu% : C:UsersJérémieAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 749 Go of 907 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 23 Go)
E: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] – (.Microsoft Corporation – Explorateur Windows.) (.24/11/2013 – 20:04:39.) — C:WindowsExplorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.22/08/2013 – 10:55:08.) — C:WindowsSystem32Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/12/2013 – 09:54:07.) — C:WindowsSystem32sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32DriversAFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.22/08/2013 – 12:38:00.) — C:Windowssystem32DriversDfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.22/08/2013 – 12:38:38.) — C:Windowssystem32DriversHDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] – (.Microsoft Corporation – IP Network Address Translator.) (.27/11/2013 – 13:02:29.) — C:Windowssystem32DriversIpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.23/11/2013 – 08:08:19.) — C:Windowssystem32DriversMRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.10/03/2014 – 11:35:58.) — C:Windowssystem32Driversntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 – 04:59:53.) — C:Windowssystem32Driversrdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.31/01/2014 – 17:15:23.) — C:Windowssystem32Driversvolsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/8185
~ Mes musiques (My Musics) : 1/5627
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/390
~ Mon Bureau (My Desktop) : 3/152
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6963512] [PID.3700]
[MD5.DE7F11C59789AD6616F2381BBC48A97F] – (.Valve Corporation – Steam Client Bootstrapper.) — C:Program Files (x86)SteamSteam.exe [1821888] [PID.3400]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] – (.Google Inc. – Programme d’installation de Google.) — C:UsersJérémieAppDataLocalGoogleUpdateGoogleUpdate.exe [116648] [PID.4736]
[MD5.A4C98FD0EB19815374011C929B7D728A] – (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe [21822128] [PID.4576]
[MD5.58FC1B36032F03342E4C02813F80DAC1] – (.Dropbox, Inc. – Dropbox.) — C:UsersJérémieAppDataRoamingDropboxbinDropbox.exe [30714328] [PID.4228]
[MD5.A2221900B57AEC20577996744FA4A56A] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [93296] [PID.4460]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4892]
[MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP System EventHPMSGSVC.exe [1045304] [PID.5064]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1343904] [PID.6136]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.5152]
[MD5.724CB7A116F7E1A67009D751BCF86586] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe [111120] [PID.5188]
[MD5.BB1A27803A98AAFB2BCFE48159EC3922] – (…) — C:Program FilesWindowsAppsHalfbrickStudiosPtyLtd.JetpackJoyride_1.0.3.68_x86__w77bc8x1h5kyaJetpackJoyride_Win8.exe [5257728] [PID.5608]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.4840]
[MD5.EB777DE39AE1FC04A7F25130CDAB47B7] – (.Google – Hangouts Plugin.) — C:UsersJérémieAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe [64384] [PID.7056]
[MD5.D92A40FE27C4DA704AB74083FEDAFD4E] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7869440] [PID.6316]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersJérémieAppDataLocalGoogleChromeUser DataDefaultPreferences

—\ Liste des dossiers d’extension Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 02s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = https=172.16.0.254:3128
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSProgram [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd – HP Connected Music.) — C:Program Files (x86)HPConnectedMusicHPConnectedMusic.exe
O4 – GSQuickLaunch [Jérémie]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Jérémie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSTaskBar [Jérémie]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Jérémie]: VisualBoyAdvance emulator.lnk . (.None – VisualBoyAdvance emulator.) — C:UsersJérémieDesktopVisualBoyAdvance.exe
O4 – GSProgram [Jérémie]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Jérémie]: Minecraft.lnk . (…) — C:UsersJérémieDownloadsMinecraft.exe
~ Global Startup: 39 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du système (O4)
O4 – GSStartup [Jérémie]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersJérémieAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
O4 – HKCU..Run: [Steam] . (.Valve Corporation – Steam Client Bootstrapper.) — C:Program Files (x86)SteamSteam.exe
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersJérémieAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP System EventHPMSGSVC.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKUSS-1-5-21-270148986-3979810591-4228004459-1001..Run: [Steam] . (.Valve Corporation – Steam Client Bootstrapper.) — C:Program Files (x86)SteamSteam.exe
O4 – HKUSS-1-5-21-270148986-3979810591-4228004459-1001..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersJérémieAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-21-270148986-3979810591-4228004459-1001..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program Files (x86)GoogleDrivegoogledrivesync.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
O9 – Extra button: Se&nd to OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15ONBttnIE.dll =>.Microsoft Corporation
O9 – Extra button: Lync Click to Call [64Bits] – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15lync.exe (.not file.)
O9 – Extra button: OneNote Lin&ked Notes [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{4EB299D9-F3B9-40A1-8B03-915D12944212}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCCSServicesTcpip..{831AE977-73BA-448E-915D-D196B6779408}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 – HKLMSystemCCSServicesTcpip..{89DE7C54-80A8-4DAC-97DB-4AEF4BAAE0D3}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 – HKLMSystemCCSServicesTcpip..{4EB299D9-F3B9-40A1-8B03-915D12944212}: DhcpDomain = lan
O17 – HKLMSystemCS1ServicesTcpip..{4EB299D9-F3B9-40A1-8B03-915D12944212}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS1ServicesTcpip..{831AE977-73BA-448E-915D-D196B6779408}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{89DE7C54-80A8-4DAC-97DB-4AEF4BAAE0D3}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{4EB299D9-F3B9-40A1-8B03-915D12944212}: DhcpDomain = lan
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Cryostasis (Remove Only) – (.505games.) [HKLM][64Bits] — {97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1
O42 – Logiciel: Haunted Memories – (.MadMan Theory Games.) [HKLM][64Bits] — Steam App 241640
O42 – Logiciel: OEM Application Profile – (.Nom de votre société.) [HKLM][64Bits] — {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
~ Logic: 44 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareCoolROM]
[HKCUSoftwareMTG]
~ Key Software: 281 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 26/01/2014 – 15:45:28 – [] —-D C:Program Files (x86)505games
O43 – CFD: 02/12/2013 – 00:00:52 – [] —-D C:ProgramDataUpdater =>PUP.CrossRider
O43 – CFD: 01/04/2014 – 10:18:20 – [] —-D C:ProgramData{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 – CFD: 12/02/2014 – 22:41:41 – [] —-D C:UsersJérémieAppDataRoamingMicrosoftWindowsStart MenuProgramsSpyHunter =>Crapware.SpyHunter
~ Program Folder: 149 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.F9C5325CE5F006B1E6B5E1E52977EADE] – 19/01/2014 – 19:29:46 —A- – C:WindowsPrefetchGOFORFILES.EXE-86A9CB03.pf =>P2P.GoforFiles
O45 – LFCP:[MD5.02A4E5BDD1A5D45E9E7E9034B6E6335F] – 19/01/2014 – 19:30:42 —A- – C:WindowsPrefetchGOFORFILESDL.EXE-B6294483.pf =>P2P.GoforFiles
O45 – LFCP:[MD5.0AAFB9F7F5E89D857F7F20D191066A35] – 13/02/2014 – 07:10:50 —A- – C:WindowsPrefetchREGHUNTER-INSTALLER.EXE-827133AE.pf =>Crapware.RegHunter
O45 – LFCP:[MD5.102C660213557E4C31745858228476BA] – 21/03/2014 – 16:42:46 —A- – C:WindowsPrefetchREGHUNTER.EXE-CB203609.pf =>Crapware.RegHunter
O45 – LFCP:[MD5.4B306593E0F0D7693BDDBBEA3BD1B1FD] – 12/02/2014 – 21:40:38 —A- – C:WindowsPrefetchSHSETUP.EXE-78B32E3D.pf =>Crapware.SpyHunter
O45 – LFCP:[MD5.8595DD96839DE68C69D789B2951C9ACE] – 12/02/2014 – 21:40:23 —A- – C:WindowsPrefetchSPYHUNTER-INSTALLER.EXE-E2989EDC.pf =>Crapware.SpyHunter
O45 – LFCP:[MD5.9595539567E960BCA728493447B66BC3] – 29/03/2014 – 12:09:57 —A- – C:WindowsPrefetchSPYHUNTER4.EXE-3B4E3201.pf =>Crapware.SpyHunter
O45 – LFCP:[MD5.3421D30251731D8D3D8CFBA388F218B6] – 16/03/2014 – 17:54:44 —A- – C:WindowsPrefetchUNITYWEBPLAYER.EXE-BEEDF56F.pf =>Adware.SocialSkinz
~ Prefetcher: 8 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
O58 – SDL:19/10/2012 – 04:52:32 —A- . (.Windows (R) Win 7 DDK provider – IEEE-1284.4-1999 Driver.) — C:WindowsSystem32DriversDot4.sys [151968]
O58 – SDL:19/10/2012 – 04:52:30 —A- . (.Windows (R) Win 7 DDK provider – IEEE-1284.4 Print Class Driver.) — C:WindowsSystem32DriversDot4Prt.sys [27040]
O58 – SDL:22/06/2012 – 11:01:32 —A- . (…) — C:WindowsSystem32DriversEsgScanner.sys [22704]
O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
O58 – SDL:13/12/2012 – 13:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
~ Drivers: 60 Legitimates Filtered in 00mn 06s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 25/04/2014 – 11:05:12 —A- . (.SQLite Development Team.) — C:UsersJérémieAppDataLocalMicrosoftWindowsINetCacheIE3MW1UEIBSQLite3_300700200[1].dll [536576]
O61 – LFC: 25/04/2014 – 11:05:38 —A- . (…) — C:UsersJérémieDesktopadwcleaner (1).exe [1365865]
O61 – LFC: 25/04/2014 – 11:05:38 —A- . (…) — C:UsersJérémieDownloadsadwcleaner.exe [1365865]
~ 2303 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 55 Legitimates Filtered in 00mn 27s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {28546CC0-CED3-40A2-B19B-74BAAFCA3456} – (Yahoo!) – http://search.yahoo.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {402BFBA3-89A9-4601-880B-D98C0ECC4122} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {B9E8BE15-D45A-47A9-A34F-2BF0F030398B} – (Search.us) – http://search.us.com” onclick=”window.open(this.href);return false; =>PUP.StartSearch
O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D67F6941F666E53EEF6214DA441ABC3F] [SPRF][25/04/2014] (…) — C:UsersJérémieDesktopadwcleaner (1).exe [1365865]
[MD5.6BE4A22726CD2C884F9B8D93CD560CC4] [SPRF][01/10/2005] (.None – VisualBoyAdvance emulator.) — C:UsersJérémieDesktopVisualBoyAdvance.exe [1974352]
~ Files: 2 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 03/10/2013 279000 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
SS – | Auto 05/10/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 05/10/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientSocketHeciServer.exe
SS – | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesRealtekAudioHDAAERTSr64.exe
SR – | Auto 26/09/2013 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
SR – | Demand 07/06/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
SR – | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
SR – | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – c:Program Files (x86)Hewlett-PackardHP System EventHPWMISVC.exe
SR – | Auto 22/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
SR – | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 29/12/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
SR – | Auto 29/12/2013 169432 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 29/12/2013 390616 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
SR – | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) – C:Program FilesRealtekAudioHDARtkAudioService64.exe
SR – | Auto 09/01/2014 1025408 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) – C:Program FilesEnigma Software GroupSpyHunterSH4Service.exe =>Crapware.SpyHunter
SR – | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 06s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Jérémie at 25/04/2014 11:07:33
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Jérémie at 25/04/2014 11:07:35
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13045 – (25/04/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLMSYSTEMCurrentControlSetServicesSpyHunter 4 Service] =>Crapware.SpyHunter
C:ProgramDataUpdater =>PUP.CrossRider^
C:UsersJérémieAppDataRoamingMicrosoftWindowsStart MenuProgramsSpyHunter =>Crapware.SpyHunter^
~ Additionnel Scan: 339126 Items scanned in 00mn 11s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter” onclick=”window.open(this.href);return false; =>Crapware.SpyHunter
http://nicolascoolman.webs.com/apps/blog/show/34571753-crapware-reghunter” onclick=”window.open(this.href);return false; =>Crapware.RegHunter
http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz” onclick=”window.open(this.href);return false; =>Adware.SocialSkinz
http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch” onclick=”window.open(this.href);return false; =>PUP.StartSearch
~ MSI: 5 link(s) detected in 00mn 00s

~ 688 Legitimates filtered by white list
End of the scan (425 lines in 03mn 10s)(0)