lolo500
Nombre d'articles : 0

[spoiler:1xv8r3l2]~ Rapport de ZHPDiag v2014.6.25.98 – Nicolas Coolman (25/06/2014)
~ Lancé par Rag (11/07/2014 22:28:28)
~ Adresse du Site Web http://nicolascoolman.fr » onclick= »window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v35.0.1916.153

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System – Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

—\ Logiciels d'optimisation du système
CCleaner v4.14

—\ Logiciels de partage PeerToPeer
FrostWire 4.13.1.5 BETA v4.13.1.5

—\ Surveillance de Logiciels
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6091 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 95 GB (20%) free of 459 GB

—\ Mode de connexion au système
~ Computer Name: RAG-HP
~ User Name: Rag
~ All Users Names: VUSR_RAG-HP, Rag, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersRagAppDataRoamingZHP
~ %AppData% : C:UsersRagAppDataRoaming
~ %Desktop% : C:UsersRagDesktop
~ %Favorites% : C:UsersRagFavorites
~ %LocalAppData% : C:UsersRagAppDataLocal
~ %StartMenu% : C:UsersRagAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 459 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 125 Go of 458 Go)
G: CD-ROM drive (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
J: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/446
~ Mes musiques (My Musics) : 273/1471
~ Mes Videos (My Videos) : 18/29
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 4/1084
~ Mon Bureau (My Desktop) : 1/5927
~ Menu demarrer (Programs) : 1/84
~ Hidden Files: Scanned in 00mn 12s

—\ Processus lancés
[MD5.7F7B8C734872CB4FB3BC271B43130697] – (.HP – TouchControl.) — C:Program Files (x86)HP SimplePass 2011TouchControl.exe [653128] [PID.4072]
[MD5.5D7652D9326956AF043960BC646461BD] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePass 2011BioMonitor.exe [142664] [PID.408]
[MD5.88EE0FCDB773DF373EDFE7C2BD944EEB] – (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe [3595608] [PID.1880]
[MD5.CEA0461AAE4B8B6216F164501B1B5A10] – (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe [4910912] [PID.612]
[MD5.8943465BEFA91044227D42E84ECB8280] – (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [115048] [PID.2380]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.3556]
[MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.3676]
[MD5.D59ABED205F424BD4C52419479930BE9] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [586296] [PID.2540]
[MD5.B4E6C1B28AF8806008CB654C716ABAFA] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2588]
[MD5.D8465C1AE6CE673E60045E16CFBC6E64] – (.Motorola Solutions, Inc. – Bluetooth Media Player Controller.) — C:Program FilesMotorolaBluetoothbtplayerctrl.exe [1503824] [PID.4572]
[MD5.434FEE6FF661DCABADB69E55E0747494] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1344312] [PID.1484]
[MD5.A16B5C5787389D983EF08F5E36B297BB] – (.RPA Technology – Mobile Mouse Service.) — C:Program Files (x86)Air MouseAir MouseMobile Mouse Service.exe [43008] [PID.4668]
[MD5.CE21D66CBEF56B801101B1866FAE6136] – (.Electronic Arts Canada – FIFA 14.) — C:Program Files (x86)Origin GamesFIFA 14Gamefifasetupfifaconfig.exe [402280] [PID.4296]
[MD5.B1E01D636350983E94171E229C759468] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.4028]
[MD5.A5FCD42334CCC682DA1882A54338686C] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.4948]
[MD5.4F87179386948D61FBF74B0DDF265170] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.4308]
[MD5.192FFD3F99A0847740670AE711CB455A] – (.Adobe Systems, Inc. – Adobe Flash Player 14.0 r0.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.6032]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8071680] [PID.7016]
[MD5.6AA4E6B4EA50620AB622A048394C4AA2] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe [260424] [PID.848]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1932]
[MD5.F518545E5B7623AD49ABE7F8776EFA46] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1992]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.2052]
[MD5.F630DD7564EBB7248A13B1CC774D9EA6] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2180]
[MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] – (…) — C:WindowsSysWOW64PnkBstrA.exe [76152] [PID.2348]
[MD5.97F6FFB8A305A77D25C6C0E07B71D252] – (.TeamViewer GmbH – TeamViewer 9.) — C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe [5024576] [PID.2424]
[MD5.D41861E56E7552C13674D7F147A02464] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.4632]
[MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1129760] [PID.4820]
[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.5520]
[MD5.A678E5DDD974903DD71F503BDCACA218] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.5864]
[MD5.E040F0064D39F73BB4995D494F3DCBB8] – (.Hewlett-Packard Development Company L.P. – HP Connection Manager Service.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe [1071160] [PID.1236]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersRagAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [aelbknmfcacjffmgnoaaonhgoghlmlkp] HP Product Detection Plugin v.2.0.5.6 (Activé)
G2 – GCE: Preference [User DataDefault] [eahpcpckmhaneflmhiegmedhiegncgnf] Webplayer v.2.3.17.1 (Désactivé)
G2 – GCE: Preference [User DataDefault] [epbmnbdplhcomkedpjfceakddnbgfjmf] Passer les publicits sur YouTube v.1.203 (Activé)
G2 – GCE: Preference [User DataDefault] [gpbnepipgmcpkdglgbcfmcecaoflaemc] Resume (CV) Maker v.2.4 (Activé)
G2 – GCE: Preference [User DataDefault] [lneaknkopdijkpnocmklfnjbeapigfbh] Google Maps v.5.2.7 (Activé)
G2 – GCE: Preference [User DataDefault] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 – GCE: Preference [User DataDefault] [opjonmehjfmkejjifhhknofdnacklmjk] Marc Ecko v.2 (Activé)
G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [picobbnlkmnillfianmlnblfafncgoek] IP Country Location v.3.1.7.13 (Activé)

—\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 26 Legitimates Filtered in 00mn 18s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersRagAppDataRoamingMozillaFirefoxProfiless5r52euh.defaultprefs.js
~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSQuickLaunch [Rag]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSProgram [Rag]: Alloplayer.lnk . (…) — C:UsersRagAppDataRoamingMicrosoftInstaller{8A6ACC7D-F378-40DB-B0C3-E277D8A022AC}_9C5DD7514B58D6773F4D22.exe =>PUP.Alloplayer
~ Global Startup: 3 Legitimates Filtered in 00mn 05s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [XboxStat] . (.Microsoft Corporation – XBoxStat.exe.) — C:Program FilesMicrosoft Xbox 360 AccessoriesXboxStat.exe
O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray64.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. – Bluetooth Shell Extension.) — C:Program FilesMotorolaBluetoothbtmshell.dll
O4 – HKCU..Run: [AdobeBridge] Clé orpheline
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersRagAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [NUSB3MON] . (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe
O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
O4 – HKLM..Wow6432NodeRun: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. – HPCMDelayStart Application.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [AdobeBridge] Clé orpheline
O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersRagAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
O4 – HKUSS-1-5-21-3737081600-1731025143-3912972593-1000..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
O9 – Extra button: @C:Program FilesMotorolaBluetoothResourcesfra.dll,-247 [64Bits] – {bd707fe6-39f6-4bda-9265-86a76719bdc5} — Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
O17 – HKLMSystemCCSServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
O17 – HKLMSystemCCSServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 – HKLMSystemCS1ServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
O17 – HKLMSystemCS1ServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
O17 – HKLMSystemCS1ServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 – HKLMSystemCS2ServicesTcpip..{3CAA8BB7-D895-40F4-BF46-6B9243C9F8E1}: DhcpNameServer = 10.11.0.1
O17 – HKLMSystemCS2ServicesTcpip..{6F26C620-80A9-4D11-AAAE-F34FF73EBEAB}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{92DECFDC-BDB4-4785-940F-F849AD859A88}: DhcpNameServer = 192.168.10.110
O17 – HKLMSystemCS2ServicesTcpip..{BAD97159-D6D7-4FDC-9A0F-8393A6591E82}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Rocket Updater] (…) — C:UsersRagAppDataRoamingROCKET~1UPDATE~1UPDATE~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Tasker] (…) — C:UsersRagAppDataRoamingcertificate.vbs » (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [TaskUserUpdate_wp] (…) — C:UsersRagAppDataRoaming~jjgrvmc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Updater12765.exe] (…) — C:UsersRagAppDataLocalUpdater12765Updater12765.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [WIN-fdfEfEfAfC] (…) — C:UsersRagAppDataRoaming~onofdug.exe (.not file.) [0]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{18423F16-F41B-46C7-8A20-C3E6523CDD03}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{23B769FC-C5AC-45F4-832E-AC82B963275F}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{3CDEF5F1-A659-4766-BA72-11585D106FE2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{417EFCE3-808F-4229-83F5-5E9F003B16E1}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5115B333-0E1C-458F-810F-B4E49721D712}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5B67ECF7-BDDC-4723-83FA-11625A92E074}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{5DCEC873-5794-4435-B84D-D15D8275CC02}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.00000000000000000000000000000000] [APT] [{6E34C0EC-418F-4F03-8E38-A75BEFFE9772}] (…) — C:Program Files (x86)Pricora 12.0Uninstall.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [{7191F987-E683-43EF-8041-36E16B184C64}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{810F7F9A-EA2B-4CED-86FA-F33F50E65120}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{87237D78-0E52-4351-B6AD-FC7B9AF594DA}] (…) — C:ProgramDataCloudSoftOptimizerProOptimizerPro.exe (.not file.) [0] =>PUP.OptimizerPro
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{87D2F4BC-362B-4FAF-962F-35A5EF4E2EB8}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{8CA5616D-61F7-49DD-AA08-C49B89B66BAF}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{95A03EDA-DF5F-4D77-A19B-6C55F1E6D3F6}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{96DD1E44-BFD8-42D8-8A75-047558496EE2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.00000000000000000000000000000000] [APT] [{ADFCD6BF-07B1-4105-9015-07DC5F2C6FC8}] (…) — C:UsersRagDownloadsCoreMaximizer1.03Core Maximizer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BB3ABD8D-D656-4695-98E7-0D7B0F4A0BAF}] (…) — C:UsersRagAppDataLocalTeamSpeak 3 Clientpackage_inst.exe (.not file.) [0]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{EC80195F-B542-4CEE-A3F6-99A0D3A2ECB9}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{EEFEF701-A0AA-4855-B2D4-E4D030FE12FD}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{F93418A4-BBFE-46F9-84ED-69CF39E015C3}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
[MD5.BC9A9CAEDDAE0E006848833DCB7BE832] [APT] [{FFE94A91-1051-4C68-B1F6-341503E9C8F2}] (…) — F:jeuxCueClub Francaiscueclub.exe [15793381]
O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
O39 – APT: – (..) — C:WindowsTasksAutoKMS.job [268] =>Trojan.Keygen
O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000Core [1066]
O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000UA [1088]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1058]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1062]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000Core [1018]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-3737081600-1731025143-3912972593-1000UA [1070]
O39 – APT: – (..) — C:WindowsSystem32TasksHPCeeScheduleForRag [324]
~ Scheduled Task: 61 Legitimates Filtered in 00mn 13s

—\ Logiciels installés (O42)
O42 – Logiciel: Ares 2.2.4 – (.Ares Development Group.) [HKLM][64Bits] — Ares
O42 – Logiciel: Decid Créateur 5.60P V2 – (…) [HKLM][64Bits] — Decid Créateur 5.60P V2
O42 – Logiciel: FMRTE 5.1.2 – (.Raul Bravo.) [HKLM][64Bits] — {63486834-B10B-4DD4-8216-C8D66A157D7E}_is1
O42 – Logiciel: Goat Simulator – (…) [HKLM][64Bits] — R29hdFNpbXVsYXRvcg==_is1
O42 – Logiciel: PMU Poker – (.PMU.) [HKLM][64Bits] — PMUPoker
O42 – Logiciel: PPÖúÊÖ PC°æ 1.1.0.6 – (.¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾.) [HKLM][64Bits] — PPÖúÊÖ PC°æ
O42 – Logiciel: Project 64 version 2.1.0.1 – (…) [HKLM][64Bits] — Project 64_is1
O42 – Logiciel: Trickshot – (…) [HKLM][64Bits] — {ACC9AC0E-8B6E-4393-AF52-E43CF31BA7AC}
O42 – Logiciel: TweakAll 3.0 – (.Codeforge.) [HKLM][64Bits] — TweakAll_is1
O42 – Logiciel: Woosaah's Rugasmic 08 Editor – (.woosaahs programs.) [HKLM][64Bits] — {A6F18C01-D3EC-4270-8B2F-EB214CB809FF}
~ Logic: 63 Legitimates Filtered in 00mn 07s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareAres]
[HKCUSoftwareGenie™]
[HKCUSoftwarePMU]
[HKCUSoftwarePinstall]
[HKCUSoftwareSHAPE Services]
[HKCUSoftwareShortcut_Module]
[HKCUSoftwareTeiron]
[HKCUSoftwareZona]
[HKLMSoftwareShortcut_Module]
[HKLMSoftwareWow6432NodeSHAPE Services]
[HKLMSoftwareWow6432NodeSecurity Center]
[HKLMSoftwareWow6432NodeShortcut_Module]
[HKLMSoftwareWow6432NodeWinU]
~ Key Software: 670 Legitimates Filtered in 00mn 07s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 08/06/2014 – 01:57:40 – [] —-D C:Program Files (x86)Air Mouse
O43 – CFD: 18/04/2014 – 18:00:57 – [] —-D C:Program Files (x86)Ares
O43 – CFD: 19/12/2013 – 15:38:12 – [] —-D C:Program Files (x86)F1 2013
O43 – CFD: 10/04/2014 – 02:20:40 – [] —-D C:Program Files (x86)Goat Simulator
O43 – CFD: 03/06/2013 – 10:12:54 – [0] —-D C:Program Files (x86)GRID 2
O43 – CFD: 03/07/2014 – 12:38:15 – [] —-D C:Program Files (x86)NASCAR '14
O43 – CFD: 19/04/2014 – 22:42:38 – [] —-D C:Program Files (x86)PPÖúÊÖ
O43 – CFD: 06/07/2014 – 16:46:28 – [0] —-D C:Program Files (x86)R.G. Games
O43 – CFD: 31/05/2012 – 21:32:12 – [] —-D C:Program Files (x86)Radio Recorder v.1.4
O43 – CFD: 08/11/2013 – 01:50:16 – [] —-D C:Program Files (x86)SP55068
O43 – CFD: 08/11/2013 – 23:37:01 – [] —-D C:Program Files (x86)Trickshot
O43 – CFD: 06/04/2013 – 23:26:32 – [] —-D C:Program Files (x86)TS Notifier
O43 – CFD: 22/04/2014 – 17:47:58 – [0] —-D C:Program Files (x86)Vocaluxe
O43 – CFD: 20/11/2013 – 19:57:58 – [] —-D C:Program Files (x86)Woosaah Ruggby 08 Editor
O43 – CFD: 18/02/2012 – 16:38:15 – [] —-D C:ProgramDataAutoKMS =>Trojan.Keygen
O43 – CFD: 02/03/2014 – 04:36:28 – [] -SH-D C:ProgramDataICLJIG
O43 – CFD: 11/07/2014 – 16:44:12 – [0] —-D C:ProgramDataSHAPE Services
O43 – CFD: 16/06/2013 – 15:29:10 – [] —-D C:ProgramDataUEL
O43 – CFD: 07/02/2014 – 21:34:06 – [] —-D C:ProgramData{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 – CFD: 22/05/2014 – 02:50:16 – [] —-D C:UsersRagAppDataRoamingAlloplayerBdd =>PUP.Alloplayer
O43 – CFD: 12/10/2012 – 00:14:28 – [] —-D C:UsersRagAppDataRoamingPMU
O43 – CFD: 06/07/2014 – 06:11:52 – [0] —-D C:UsersRagAppDataRoamingrightbackup
O43 – CFD: 10/07/2014 – 13:32:07 – [] —-D C:UsersRagAppDataRoamingShareaza
O43 – CFD: 22/05/2014 – 02:33:30 – [] —-D C:UsersRagAppDataRoamingZona
O43 – CFD: 24/04/2014 – 03:38:55 – [0] —-D C:UsersRagAppDataLocal2012
O43 – CFD: 04/02/2012 – 11:45:13 – [] —-D C:UsersRagAppDataLocal28050
O43 – CFD: 16/12/2013 – 12:06:46 – [] —-D C:UsersRagAppDataLocalAres
O43 – CFD: 24/05/2013 – 05:02:06 – [] —-D C:UsersRagAppDataLocalShareaza
O43 – CFD: 05/07/2012 – 21:48:57 – [0] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsDB Vrai Nom – PCM France
O43 – CFD: 31/05/2012 – 21:32:11 – [0] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsRadio Recorder v.1.4
O43 – CFD: 08/06/2013 – 15:44:30 – [] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsSystème
O43 – CFD: 20/11/2013 – 19:57:59 – [] —-D C:UsersRagAppDataRoamingMicrosoftWindowsStart MenuProgramsWoosaah's Rugasmic 08 Editor
~ Program Folder: 446 Legitimates Filtered in 00mn 07s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.9A638760CFB0BB01AD3B646CAA0BD0C4] – 02/07/2014 – 23:31:22 —A- . (…) — C:WindowsKillProcess.INI [325]
O44 – LFC:[MD5.485055033BCDDFDE56325C0D2FEEA4F2] – 05/07/2014 – 15:20:23 —A- . (…) — C:WindowsKMSEmulator.exe [151552]
O44 – LFC:[MD5.096A3C078107C797DF04F1402C1C6356] – 10/07/2014 – 05:24:58


. (…) — C:Shortcut_Module_10_07_2014_06_24_58.txt [120018]
O44 – LFC:[MD5.18DE0D1BB1F13AC55D32DCB39E521E5E] – 10/07/2014 – 14:08:32


. (…) — C:Shortcut_Module_10_07_2014_15_08_32.txt [41129]
O44 – LFC:[MD5.718E53084CF131630715CF0EDFD30868] – 11/07/2014 – 15:30:09 —A- . (…) — C:Shortcut_Module_11_07_2014_16_30_09.txt [55072]
O44 – LFC:[MD5.B2111A07AFF8E75C082C6E2F10FE0B25] – 11/07/2014 – 15:37:11 —A- . (…) — C:.dir [780]
~ Files: 64 Legitimates Filtered in 00mn 05s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{184bfa1f-349c-11e1-b9c2-101f74168afc}AutoRuncommand. (…) — G:setup.exe (.not file.)
O51 – MPSK:{19194862-9dfc-11e1-aebc-101f74168afc}AutoRuncommand. (…) — I:LaunchU3.exe (.not file.)
O51 – MPSK:{bb0a0f9a-8b07-11e1-b46b-101f74168afc}AutoRuncommand. (…) — J:setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 – TDSD: Drivers32″VIDC.TMB1″= »tmb1-v64.dll » . (…) — C:WindowsSystem32tmb1-v64.dll
O52 – TDSD: drivers.desc »tmb1-v64.dll »= »PlayClaw 4 video decoder 64″ . (…) — C:WindowsSystem32tmb1-v64.dll
~ TDSD: 4 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregAllShareAgent [Key] . (…) — C:Program Files (x86)SamsungAllShareAllShareAgent.exe (.not file.)
O53 – SMSR:HKLM…startupregSyncios device service [Key] . (…) — C:Program Files (x86)SynciosSynciosDeviceService.exe (.not file.)
O53 – SMSR:HKLM…startupreguTorrent [Key] . (.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – « EnableLUA »=0
O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
O55 – MWPS:[HKLM…PoliciesSystem] – « PromptOnSecureDesktop »=0
O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
O58 – SDL:28/06/2013 – 01:15:10 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175] =>.ALWIL Software
O58 – SDL:20/05/2012 – 09:39:53 —A- . (…) — C:WindowsSystem32Driversatksgt.sys [314016]
O58 – SDL:02/01/2012 – 18:26:26 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [270912]
O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:20/01/2013 – 07:07:06 —A- . (.AnchorFree Inc. – Hotspot Shield Routing Driver.) — C:WindowsSystem32Drivershssdrv6.sys [42696]
O58 – SDL:20/05/2012 – 09:39:52 —A- . (…) — C:WindowsSystem32Driverslirsgt.sys [43680]
O58 – SDL:31/01/2013 – 10:50:58 —A- . (.ManyCam LLC – ManyCam Virtual Microphone.) — C:WindowsSystem32Driversmcaudrv_x64.sys [28160]
O58 – SDL:11/10/2012 – 04:08:10 —A- . (.ManyCam LLC – ManyCam Virtual Webcam.) — C:WindowsSystem32Driversmcvidrv_x64.sys [44928]
O58 – SDL:23/03/2013 – 23:01:26 —A- . (.pBUS-167 Software – http://www.pbus-167.com » onclick= »window.open(this.href);return false; – Notebook Hardware Control Device Driver.) — C:WindowsSystem32DriversnhcDriver.sys [22528]
O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
O58 – SDL:02/06/2011 – 04:11:26 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt64.sys [528384]
O58 – SDL:01/07/2011 – 10:46:40 —A- . (.The OpenVPN Project – TAP-Win32 Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [31232]
O58 – SDL:20/01/2013 – 07:16:48 —A- . (.Anchorfree Inc. – Anchorfree HSS VPN Adapter.) — C:WindowsSystem32Driverstaphss6.sys [42184]
O58 – SDL:18/03/2013 – 16:51:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
O58 – SDL:26/12/2008 – 12:56:04 —A- . (.Avnex – Avnex Ltd. Virtual Audio Device (WDM).) — C:WindowsSystem32Driversvcsvad.sys [21504]
~ Drivers: 94 Legitimates Filtered in 00mn 01s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
O63 – Logiciel: HiJackThis – (.Trend Micro.) [HKLM] — {45A66726-69BC-466B-A7A4-12FCBA4883D7}
O63 – Logiciel: OTL – (.OldTimer.)
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {08E3C4EE-C625-473F-B7FC-E87F700B5855} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {C6032E4B-F4D5-4B62-906B-55E7D90625AF} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr » onclick= »window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com » onclick= »window.open(this.href);return false; =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DB95B03031E66AC45495EDF1D16B8887] [SPRF][10/07/2014] (…) — C:UsersRagDesktopadwcleaner_3.215.exe [1348263]
[MD5.624C7518F90073CBE7D69B3A7E80EEB3] [SPRF][06/12/2011] (.i-Funbox.com – File & App Manager for iPhone/iPad.) — C:UsersRagDesktopiFunBox.exe [7783424]
[MD5.EBD27B1A5614F278E23E7F8E88CEA829] [SPRF][11/07/2014] (.Pas de propriétaire – Shortcut_Module.) — C:UsersRagDesktopShortcut_Module.exe [2636288]
~ Files: 7 Legitimates Filtered in 00mn 01s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: « {A87FB84A-F951-4610-B5F5-8844FF6941C6} » | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O87 – FAEL: « {C29AA608-2DAE-4D7F-A985-EB344848A11E} » | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O87 – FAEL: « {166D3601-AC42-4248-91A6-A2ED7AF86E0E} » | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
O87 – FAEL: « {89D7F055-8BB7-4978-BAEB-92C3D9D55541} » | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersRagAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 05s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREWow6432NodeMicrosoftTracingAlloplayer_RASAPI32 =>PUP.Alloplayer
HKLMSOFTWAREWow6432NodeMicrosoftTracingAlloplayer_RASMANCS =>PUP.Alloplayer
HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
HKLMSOFTWAREWow6432NodeMicrosoftTracingwhilokii_is_RASAPI32 =>PUP.Whilokii
HKLMSOFTWAREWow6432NodeMicrosoftTracingwhilokii_is_RASMANCS =>PUP.Whilokii
HKLMSOFTWAREWow6432NodeMicrosoftTracingWhilokii_Setup_RASAPI32 =>PUP.Whilokii
HKLMSOFTWAREWow6432NodeMicrosoftTracingWhilokii_Setup_RASMANCS =>PUP.Whilokii
~ BTK: 575 Legitimates Filtered in 00mn 02s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Disabled 23/06/2014 49152 | (BEService) . (…) – C:Program Files (x86)Common FilesBattlEyeBEService.exe
SS – | Disabled 17/09/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
SS – | Disabled 14/07/2012 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Disabled 14/07/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
SS – | Disabled 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
SS – | Disabled 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
SS – | Demand 11/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Disabled 21/03/2011 1845248 | (nlsvc) . (.Locktime Software.) – C:Program FilesNetLimiter 3nlsvc.exe
SS – | Disabled 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Disabled 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
SS – | Disabled 29/06/2012 4714888 | (vncserver) . (.RealVNC Ltd.) – C:Program FilesRealVNCVNC Servervncserver.exe
SS – | Disabled 27/07/2011 5023744 | (wxpSvc) . (.Moonware Studios.) – C:Program Files (x86)webcamXP 5wService.exe
SR – | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMAESTSr64.exe
SR – | Auto 09/03/2012 235520 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 08/02/2011 4151376 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothdevmgrsrv.exe
SR – | Auto 28/02/2011 1189968 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothaudiosrv.exe
SR – | Auto 15/02/2011 680016 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothobexsrv.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
SR – | Demand 17/09/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
SR – | Auto 25/08/2011 260424 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe
SR – | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
SR – | Demand 15/02/2011 1071160 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) – C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe
SR – | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
SR – | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
SR – | Auto 09/11/2010 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
SR – | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 23/05/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
SR – | Demand 06/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 25/10/2013 2768208 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
SR – | Auto 10/07/1658 0 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
SR – | Auto 02/06/2011 301568 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
SR – | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe
SR – | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 28s

—\ Scan Additionnel (O88)
Database Version : 13026 – (25/06/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 2

[HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreguTorrent] =>P2P.BitTorrent^
[HKLMSYSTEMCurrentControlSetServicesEventlogApplicationHssSrv] =>Trojan.Adclicker
C:ProgramDataAutoKMS =>Trojan.Keygen^
C:UsersRagAppDataRoamingAlloplayerBdd =>PUP.Alloplayer^
C:WindowsTasksAutoKMS.job =>Trojan.Keygen^
C:WindowsKMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 466623 Items scanned in 02mn 19s

—\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ » onclick= »window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ » onclick= »window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ » onclick= »window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ » onclick= »window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-crossrider » onclick= »window.open(this.href);return false; =>PUP.CrossRider
http://nicolascoolman.fr/adware-pricora » onclick= »window.open(this.href);return false; =>Adware.Pricora
http://nicolascoolman.fr/pup-optimizerpro » onclick= »window.open(this.href);return false; =>PUP.OptimizerPro
http://nicolascoolman.fr/pup-whilokii » onclick= »window.open(this.href);return false; =>PUP.Whilokii
http://nicolascoolman.fr/hijacker-windows » onclick= »window.open(this.href);return false; =>Hijacker.Windows
~ MSI: 5 link(s) detected in 00mn 00s

~ 1455 Legitimates filtered by white list
End of the scan (622 lines in 05mn 20s)(0)[/spoiler:1xv8r3l2]