cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par boucherat (01/04/2015 12:21:04)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17691
GCIE: Google Chrome v40.0.2214.93 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : M8X2Q
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v5.02

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6124 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (23%) free of 351 GB

---\\ Mode de connexion au système
~ Computer Name: BOUCHERAT-MSI
~ User Name: boucherat
~ All Users Names: HomeGroupUser$, boucherat, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\boucherat\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\boucherat\AppData\Roaming\
~ %Desktop% : C:\Users\boucherat\Desktop\
~ %Favorites% : C:\Users\boucherat\Favorites\
~ %LocalAppData% : C:\Users\boucherat\AppData\Local\
~ %StartMenu% : C:\Users\boucherat\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 351 Go)
D: Hard drive, Flash drive, Thumb drive (Free 157 Go of 234 Go)
E: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Free 0 Go of 6 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 02:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/7
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/5763
~ Mon Bureau (My Desktop) : 1/5117
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 06s



---\\ Processus lancés
[MD5.8D48E16BA75F3670A133F259742DD0CA] - (...) -- C:\ProgramData\{003ca243-8a74-ea29-003c-ca2438a7890e}\fr0cr4_pfr.rar.exe [1169920] [PID.3476]
[MD5.358C81ADA09E0B6906DB82EA75B836D5] - (.NEC Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496] [PID.2956]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.3840]
[MD5.2F07BE779A06AC531AA5FF817DCA7564] - (.Micro-Star International Co., Ltd. - Pas de description.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2408448] [PID.4112]
[MD5.11E044B2317B4E51BEB82439A6F6F117] - (.Motorola, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1441544] [PID.4444]
[MD5.41F0E411F79B90CD3D500E44BABC854D] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592] [PID.4172]
[MD5.E177D510084CD9688A2B958AB765BF66] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [893312] [PID.5944]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.5868]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1608]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1816]
[MD5.F172AD4E906D97ED8F071896FC6789DC] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912] [PID.2196]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\windows\SysWOW64\srvany.exe [8192] [PID.2300]
[MD5.71C6748EE8DE938532057EF10B4B7E44] - (.Micro-Star International Co., Ltd. - MSI SCM Service.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe [160768] [PID.2324]
[MD5.82865FF17BC664C711EFA674759F9991] - (...) -- C:\windows\KMService.exe [77824] [PID.2336]
[MD5.82E122019C9C8F141BFBCA457C182A52] - (.OB - SavePass 1.1 exe.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-6.exe [1507288] [PID.3844] =>PUP.CrossRider
[MD5.66318D08295D69DE7DF3F1CAE863A60B] - (.OB - SavePass 1.1 exe.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-1-6.exe [1413080] [PID.3984] =>PUP.CrossRider
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3048]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\boucherat\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 07s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (27)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: MiinimuumPPRicEa [64Bits] - {63f6ba51-f21d-4b60-bf50-7f349bade115} . (...) -- C:\Program Files (x86)\MiinimuumPPRicEa\qN3ZPcVtpFnrSR.dll =>PUP.MinimumPrice
O2 - BHO: SoAllePlus [64Bits] - {d5fc60c4-7ab4-4e34-ae60-48c693a01bde} . (...) -- C:\Program Files (x86)\SoAllePlus\1dOaG5EKXHCTu2.dll
~ BHO: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IntelWireless] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [XboxStat] . (.Microsoft Corporation - XBoxStat.exe.) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\boucherat\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Windows Live] . (.Adobe Systems Incorporated - Bootstrapper.) -- C:\Users\boucherat\AppData\winini.exe
O4 - HKCU\..\Run: [HKCU] . (.Microsoft Corporation - Microsoft® Resource File To COFF Object Con.) -- C:\Users\boucherat\AppData\Roaming\Update\vbc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.NEC Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [MGSysCtrl] . (.Micro-Star International Co., Ltd. - Pas de description.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [msi LED Manager] . (.msi - msi LED Manager.) -- C:\Program Files (x86)\msi\msi LED Manager\SLM.exe
O4 - HKLM\..\Wow6432Node\Run: [Raptr] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\boucherat\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\Run: [Windows Live] . (.Adobe Systems Incorporated - Bootstrapper.) -- C:\Users\boucherat\AppData\winini.exe
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\Run: [HKCU] . (.Microsoft Corporation - Microsoft® Resource File To COFF Object Con.) -- C:\Users\boucherat\AppData\Roaming\Update\vbc.exe
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-2670531527-249888476-3226608411-1001\..\RunOnce: [Application Restart #0] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5293E3-7434-416A-8388-A7CA538BCB19}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FDBA45A-4644-4FFE-88D8-CCE21F67CF11}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F5293E3-7434-416A-8388-A7CA538BCB19}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FDBA45A-4644-4FFE-88D8-CCE21F67CF11}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F5293E3-7434-416A-8388-A7CA538BCB19}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FDBA45A-4644-4FFE-88D8-CCE21F67CF11}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: RelayDefender (156c2b3d) . (...) - c:\Program Files (x86)\RelayDefender\RelayDefender.dll
O23 - Service: PathModule (d9c9d1e8) . (...) - c:\Program Files (x86)\PathModule\PathModule.dll
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
O23 - Service: KMService (KMService) . (...) - C:\windows\SysWOW64\srvany.exe
~ Services: 12 Legitimates Filtered in 00mn 04s



---\\ Tâches planifiées en automatique (O39)
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.AutoKMS
[MD5.66318D08295D69DE7DF3F1CAE863A60B] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-1-6] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-1-6.exe [1413080] =>PUP.CrossRider
[MD5.59FA9D44454DE804E52A97924F1B9D39] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-1-7] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-1-7.exe [1129944] =>PUP.CrossRider
[MD5.CF73748056C636CABC089877EED57A56] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-10_user] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-10.exe [1470424] =>PUP.CrossRider
[MD5.3811DB56357FB580F8940675EA4CFAAA] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-5] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-5.exe [1182680] =>PUP.CrossRider
[MD5.3811DB56357FB580F8940675EA4CFAAA] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-5_user] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-5.exe [1182680] =>PUP.CrossRider
[MD5.82E122019C9C8F141BFBCA457C182A52] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-6] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-6.exe [1507288] =>PUP.CrossRider
[MD5.59FA9D44454DE804E52A97924F1B9D39] [APT] [d6ac52ba-b676-45f1-874e-5260240fef08-7] (.OB.) -- C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-7.exe [1129944] =>PUP.CrossRider
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.AutoKMS
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.AutoKMS
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-1-6 - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-1-6.job [3128]
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-1-6 - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-1-6 [3128]
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-1-7 - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-1-7.job [3128]
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-1-7 - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-1-7 [3128]
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-10_user - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-10_user.job [2102]
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-10_user - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-10_user [2102]
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-5 - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5.job [2436] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-5 - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5 [2436] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-5_user - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5_user.job [2436] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-5_user - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5_user [2436] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-6 - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-6.job [5508] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-6 - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-6 [5508] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-7 - (.OB.) -- C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-7.job [5172] =>PUP.CrossRider
O39 - APT: d6ac52ba-b676-45f1-874e-5260240fef08-7 - (.OB.) -- C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-7 [5172] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [888] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [888] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [892] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [892] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 38 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: DEAD OR ALIVE 5 Last Round - (...) [HKLM][64Bits] -- REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1
O42 - Logiciel: Deponia - (...) [HKLM][64Bits] -- Deponia_is1
O42 - Logiciel: Dying Light - Patch FR 1.00 - (.TraductionJeux.com.) [HKLM][64Bits] -- Dying Light - Patch FR 1.00
O42 - Logiciel: Dying Light Update v1.2.1 - (...) [HKLM][64Bits] -- RHlpbmdMaWdodA==_is1
O42 - Logiciel: Grow Home - (...) [HKLM][64Bits] -- R3Jvd0hvbWU=_is1
O42 - Logiciel: Ori and the Blind Forest - (...) [HKLM][64Bits] -- Ori and the Blind Forest_is1
O42 - Logiciel: ParallelExtern - (.ParallelExtern.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d9c9d1e8}
O42 - Logiciel: RelayDefender - (.Software Publisher.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{156c2b3d}
O42 - Logiciel: SavePass 1.1 - (.OB.) [HKLM][64Bits] -- SavePass 1.1 =>PUP.CrossRider
O42 - Logiciel: SoAllePlus - (...) [HKLM][64Bits] -- {B696F285-F54E-2524-58B1-E06A70ABE6BE}
O42 - Logiciel: The AdBlocker - (.The AdBlocker.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1 =>PUP.Adblocker
O42 - Logiciel: UniDeaalsa - (...) [HKLM][64Bits] -- {11F6D5AB-263F-388E-74DE-E3DECD390E3F}
O42 - Logiciel: dict cc - (...) [HKLM][64Bits] -- {AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
O42 - Logiciel: unoiSSaleS - (...) [HKLM][64Bits] -- {4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
O42 - Logiciel: youtubeadblocker - (...) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.YouTuAdBlocker
~ Logic: 35 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\SavePass 1.1-nv-ie] =>PUP.CrossRider
[HKCU\Software\SavePass 1.1-nv] =>PUP.CrossRider
[HKCU\Software\SavePass 1.1] =>PUP.CrossRider
[HKCU\Software\new]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\SavePass 1.1-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\0e1474e3-c6f8-4dfc-9557-3c7e65c583fd] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\1853d9f8-ec69-4674-afc5-a6df71336700] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\SavePass 1.1-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\SavePass 1.1-nv] =>PUP.CrossRider
~ Key Software: 256 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2015 - 04:17:15 - [] ----D C:\Program Files (x86)\AllCheapPRice =>PUP.AllCheapPrice
O43 - CFD: 07/02/2015 - 14:42:30 - [] ----D C:\Program Files (x86)\BittSaaver =>PUP.BitSaver
O43 - CFD: 16/02/2015 - 04:17:14 - [] ----D C:\Program Files (x86)\CheapMee =>PUP.CheapMe
O43 - CFD: 06/03/2015 - 03:15:47 - [] ----D C:\Program Files (x86)\CheappMe =>PUP.CheapMe
O43 - CFD: 12/02/2015 - 16:23:44 - [] ----D C:\Program Files (x86)\dict cc
O43 - CFD: 30/01/2015 - 22:49:18 - [] ----D C:\Program Files (x86)\Dying Light
O43 - CFD: 02/02/2015 - 17:11:34 - [] ----D C:\Program Files (x86)\f12f7364-7195-4caf-bc3e-fef9819c9e84
O43 - CFD: 28/02/2015 - 05:54:45 - [] ----D C:\Program Files (x86)\FUn2Savve =>PUP.Fun2Save
O43 - CFD: 08/02/2015 - 20:30:12 - [] ----D C:\Program Files (x86)\Grow Home
O43 - CFD: 17/03/2015 - 06:18:00 - [] ----D C:\Program Files (x86)\MiinimuumPPRicEa =>PUP.MinimumPrice
O43 - CFD: 28/02/2015 - 05:54:45 - [] ----D C:\Program Files (x86)\NewuSoaver =>PUP.NewSaver
O43 - CFD: 13/03/2015 - 16:37:48 - [] ----D C:\Program Files (x86)\Ori and the Blind Forest
O43 - CFD: 29/03/2015 - 07:50:12 - [] ----D C:\Program Files (x86)\PathModule
O43 - CFD: 10/02/2015 - 22:41:33 - [] ----D C:\Program Files (x86)\RelayDefender
O43 - CFD: 02/02/2015 - 17:11:56 - [] ----D C:\Program Files (x86)\SavePass 1.1 =>PUP.CrossRider
O43 - CFD: 29/03/2015 - 07:49:39 - [] ----D C:\Program Files (x86)\SoAllePlus
O43 - CFD: 16/02/2015 - 04:17:14 - [] ----D C:\Program Files (x86)\SSaveLLotas =>PUP.SaveLots
O43 - CFD: 10/02/2015 - 22:41:27 - [0] ----D C:\Program Files (x86)\TurboSys
O43 - CFD: 28/02/2015 - 05:54:44 - [] ----D C:\Program Files (x86)\UniDeaalsa
O43 - CFD: 31/01/2015 - 10:08:35 - [] ----D C:\Program Files (x86)\unisAelies
O43 - CFD: 28/02/2015 - 05:54:43 - [] ----D C:\Program Files (x86)\uNNisalles
O43 - CFD: 28/02/2015 - 05:54:41 - [] ----D C:\Program Files (x86)\unoiSSaleS
O43 - CFD: 28/02/2015 - 05:54:39 - [] ----D C:\Program Files (x86)\youtubeadblocker =>PUP.YouTuAdBlocker
O43 - CFD: 06/03/2015 - 03:15:48 - [] ----D C:\ProgramData\5173437579868052468
O43 - CFD: 29/03/2015 - 07:49:33 - [] ----D C:\ProgramData\aanpkjeoghccjpfbhhipiehhdnagpbcf
O43 - CFD: 07/02/2015 - 00:21:23 - [] ----D C:\ProgramData\AdBlocker Manger =>PUP.Adblocker
O43 - CFD: 29/01/2015 - 00:46:47 - [] ----D C:\ProgramData\APN
O43 - CFD: 08/02/2015 - 16:47:44 - [] ----D C:\ProgramData\dneholafmlealchblfjlomncmpgkldbc
O43 - CFD: 31/01/2015 - 10:08:21 - [] ----D C:\ProgramData\gmlioaeikemikeijninmfgagelckbnph
O43 - CFD: 12/02/2015 - 16:22:37 - [] ----D C:\ProgramData\mggnblondinlbjendfiigmdmelgobpll
O43 - CFD: 12/02/2015 - 22:45:08 - [] ----D C:\ProgramData\The AdBlocker =>PUP.Adblocker
O43 - CFD: 10/02/2015 - 22:41:18 - [] ----D C:\ProgramData\{003ca243-8a74-ea29-003c-ca2438a7890e}
O43 - CFD: 29/03/2015 - 07:49:06 - [0] ----D C:\ProgramData\{628e3d55-c75a-4ab1-628e-e3d55c75f557}
O43 - CFD: 08/09/2010 - 20:37:34 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 30/01/2015 - 22:30:03 - [] ----D C:\Users\boucherat\AppData\Roaming\CPUControl
O43 - CFD: 01/04/2015 - 00:37:48 - [] --H-D C:\Users\boucherat\AppData\Roaming\D0780D2E
O43 - CFD: 29/01/2015 - 00:29:28 - [] ----D C:\Users\boucherat\AppData\Roaming\library_dir
O43 - CFD: 29/01/2015 - 00:46:55 - [] ----D C:\Users\boucherat\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 31/03/2015 - 17:42:19 - [] ----D C:\Users\boucherat\AppData\Roaming\Update
O43 - CFD: 02/02/2015 - 17:10:27 - [] -SH-D C:\Users\boucherat\AppData\Local\EmieBrowserModeList
O43 - CFD: 08/02/2015 - 23:05:32 - [] ----D C:\Users\boucherat\AppData\Local\GrowHome
O43 - CFD: 15/03/2015 - 16:56:09 - [] ----D C:\Users\boucherat\AppData\Local\Ori and the Blind Forest
~ Program Folder: 229 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4AC21670C9663FCA12A49AD2158C7979] - 01/04/2015 - 07:18:29 ---A- . (...) -- C:\Windows\DirectX.log [18587]
~ Files: 19 Legitimates Filtered in 00mn 03s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{0d1d5c94-a727-11e4-a4c3-6c626d2ac7b6}\AutoRun\command. (.Pas de propriétaire - DEAD OR ALIVE 5 Last Round (c) KOEI TECMO GAMES CO., LTD. Se.) -- H:\setup.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:09/08/2010 - 04:01:58 ---A- . (.ENE Technology Inc. - ENE USB Memory Card Reader Driver.) -- C:\Windows\System32\Drivers\EUCR6SK.sys [88912]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 64 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DD89B12A21223EE65709C540BEEB4D36] [SPRF][26/03/2015] (...) -- C:\Users\boucherat\AppData\Roaming\AdobeWLCMCache.dat [34]
[MD5.30F8849B7537C566BEE4CBE7C6C7A567] [SPRF][29/03/2015] (...) -- C:\Users\boucherat\AppData\Roaming\appdataFr3.bin [20]
[MD5.CF43D0F929AE3335692D014F4DF05E6D] [SPRF][01/02/2015] (...) -- C:\Users\boucherat\AppData\Roaming\boucherat-wchelper.dll [154283]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A06674D3-D245-4C95-9372-C4ED58B2EE17}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\boucherat\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BFE8E416-AF3C-4F80-BF13-9C62C3E26A5B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\boucherat\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:51d2f2ea="J/Ay/YZ/FPAm/Xl/GPAm/DJ/d/Ah/XJ/bxAj////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:65114b36="Vl/l////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\64949786569300920\eae10f9d]:fe94ce1e="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:51d2f2ea="J/Ak/YZ/c/Ay/Xl/PlAq/X6/bxAt////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:65114b36="Vl/l////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6\6668796612202935\eae10f9d]:fe94ce1e="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:51d2f2ea="JxAu/Xl/FPA3/DP/GPAv/XJ/axAt/XJ/bx////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:65114b36="VP/l////"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4\6388720985898615\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\172077e.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 04s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 64 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{fa8dcc28-b35b-4975-939c-9a677b7343ef}] (youtubeadblocker) =>PUP.Multiplug
~ BCK: 4573 Legitimates Filtered in 00mn 06s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 08/09/2010 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 02/02/2015 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Demand 02/02/2015 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Auto 28/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/03/2010 340240 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 19/02/2015 835776 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 10/02/2015 1958400 | (156c2b3d) . (...) - c:\Program Files (x86)\RelayDefender\RelayDefender.dll
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Demand 15/04/2010 4170504 | (Bluetooth Device Manager) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Demand 15/04/2010 1096456 | (Bluetooth Media Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 22/04/2010 677128 | (Bluetooth OBEX Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 29/03/2015 1662464 | (d9c9d1e8) . (...) - c:\Program Files (x86)\PathModule\PathModule.dll
SR - | Auto 05/03/2010 1425168 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Demand 08/09/2010 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10/07/1658 0 | (KMService) . (...) - C:\windows\system32\srvany.exe
SR - | Auto 09/07/2009 160768 | (Micro Star SCM) . (.Micro-Star International Co., Ltd..) - C:\Program Files (x86)\System Control Manager\MSIService.exe
SR - | Auto 05/03/2010 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 34

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63F6BA51-F21D-4B60-BF50-7F349BADE115}] =>PUP.MinimumPrice^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1] =>PUP.Adblocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.YouTuAdBlocker^
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\AllCheapPRice =>PUP.AllCheapPrice^
C:\Program Files (x86)\BittSaaver =>PUP.BitSaver^
C:\Program Files (x86)\CheapMee =>PUP.CheapMe^
C:\Program Files (x86)\CheappMe =>PUP.CheapMe^
C:\Program Files (x86)\FUn2Savve =>PUP.Fun2Save^
C:\Program Files (x86)\MiinimuumPPRicEa =>PUP.MinimumPrice^
C:\Program Files (x86)\NewuSoaver =>PUP.NewSaver^
C:\Program Files (x86)\SavePass 1.1 =>PUP.CrossRider^
C:\Program Files (x86)\SSaveLLotas =>PUP.SaveLots^
C:\Program Files (x86)\youtubeadblocker =>PUP.YouTuAdBlocker^
C:\ProgramData\AdBlocker Manger =>PUP.Adblocker^
C:\ProgramData\The AdBlocker =>PUP.Adblocker^
C:\Users\boucherat\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-1-6.exe =>PUP.CrossRider^
C:\windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^
C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-1-7.exe =>PUP.CrossRider^
C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-10.exe =>PUP.CrossRider^
C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-5.exe =>PUP.CrossRider^
C:\Program Files (x86)\SavePass 1.1\d6ac52ba-b676-45f1-874e-5260240fef08-7.exe =>PUP.CrossRider^
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^
C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5 =>PUP.CrossRider^
C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-5_user =>PUP.CrossRider^
C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-6 =>PUP.CrossRider^
C:\Windows\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\d6ac52ba-b676-45f1-874e-5260240fef08-7 =>PUP.CrossRider^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
[HKCU\Software\SavePass 1.1-nv-ie] =>PUP.CrossRider^
[HKCU\Software\SavePass 1.1-nv] =>PUP.CrossRider^
[HKCU\Software\SavePass 1.1] =>PUP.CrossRider^
[HKLM\Software\SavePass 1.1-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\0e1474e3-c6f8-4dfc-9557-3c7e65c583fd] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\1853d9f8-ec69-4674-afc5-a6df71336700] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\762f8d35-b8de-94dc-5fc6-de7607333bf6] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\8dce8a0b-6220-e777-61af-c8bf1e5d03b4] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SavePass 1.1-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SavePass 1.1-nv] =>PUP.CrossRider^
C:\Windows\Installer\172077e.msi =>Toolbar.Bing^
[HKCR\CLSID\{fa8dcc28-b35b-4975-939c-9a677b7343ef}] (youtubeadblocker) =>PUP.Multiplug^
C:\Windows\KMService.exe =>Hijacker.Windows
~ Additionnel Scan: 290966 Items scanned in 00mn 25s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-minimumprice =>PUP.MinimumPrice
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://www.nicolascoolman.fr/blog/ =>PUP.YouTuAdBlocker
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://www.nicolascoolman.fr/blog/ =>PUP.AllCheapPrice
http://www.nicolascoolman.fr/blog/ =>PUP.BitSaver
http://www.nicolascoolman.fr/blog/ =>PUP.CheapMe
http://www.nicolascoolman.fr/blog/ =>PUP.Fun2Save
http://nicolascoolman.fr/pup-newsaver =>PUP.NewSaver
http://www.nicolascoolman.fr/blog/ =>PUP.SaveLots
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/hijacker-windows =>Hijacker.Windows
~ MSI: 18 link(s) detected in 00mn 00s



~ 786 Legitimates filtered by white list
End of the scan (743 lines in 01mn 32s)(0)

Publicité


Signaler le contenu de ce document

Publicité