cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.25.52 - Nicolas Coolman (25/05/2015)
~ Lancé par TRI (28/05/2015 02:14:31)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801
MFIE: Mozilla Firefox 38.0.1 (Defaut)
GCIE: Google Chrome v42.0.2311.90

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8097 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 77 GB (38%) free of 200 GB

---\\ Mode de connexion au système
~ Computer Name: TRI-PC
~ User Name: TRI
~ All Users Names: TRI, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\TRI\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\TRI\AppData\Roaming\
~ %Desktop% : C:\Users\TRI\Desktop\
~ %Favorites% : C:\Users\TRI\Favorites\
~ %LocalAppData% : C:\Users\TRI\AppData\Local\
~ %StartMenu% : C:\Users\TRI\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 77 Go of 200 Go)
D: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
J: Hard drive, Flash drive, Thumb drive (Free 97 Go of 97 Go)
K: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/9
~ Mes Videos (My Videos) : 1/24
~ Mes Favoris (My Favorites) : 1/48
~ Mes Documents (My Documents) : 2/464
~ Mon Bureau (My Desktop) : 1/5200
~ Menu demarrer (Programs) : 1/88
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.3AE97CB476F6DF4DFA0B4378E9DD9A81] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960] [PID.2200]
[MD5.B322A3786812E29EBBF37A2AA267F65A] - (...) -- C:\Windows\SysWOW64\C2MP\TrayMenu.exe [208415] [PID.3112]
[MD5.5B990E30951B367F321BD043B2B1DE4B] - (.TechSmith Corporation - Snagit.) -- C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe [7416128] [PID.3476]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.3756]
[MD5.36E0D8C70C71CE90A511E7250C2BD360] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368] [PID.3792]
[MD5.5614C9D4BCFA422F4732E069F82BF6C0] - (...) -- C:\Program Files\Andy\HandyAndy.exe [907144] [PID.3868]
[MD5.AD4A0B88B37E224F2F8047F90E69C334] - (.Microsoft Corporation - Windows Problem Reporting.) -- C:\ProgramData\Microsoft\Windows\WER\system_ex\wermgr.exe [6786560] [PID.3920]
[MD5.7275BF729E7050005328104BED942135] - (...) -- C:\Program Files (x86)\WebMoney Agent\wmagent.exe [210400] [PID.3984]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4220]
[MD5.57E34796C70121624E98ED7F6310036F] - (...) -- C:\Program Files\Andy\AndyPriorityMgr.exe [856968] [PID.7768]
[MD5.446524E508058F2300D0A541D81F80AD] - (.TechSmith Corporation - Snagit RPC Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe [151872] [PID.9032]
[MD5.0A1810F3CF866F67856C8A4E98194493] - (.TechSmith Corporation - TechSmith HTML Help Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 12\TSCHelp.exe [46080] [PID.9324]
[MD5.E22F18C34E374F090A3967BAEF367AAF] - (.TechSmith Corporation - Snagit Editor.) -- C:\Program Files (x86)\TechSmith\Snagit 12\snagiteditor.exe [8593728] [PID.8968]
[MD5.E515ED6000AD27CB380F3AD5F060212A] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [863960] [PID.8228]
[MD5.534E25CDC17690B1B9A7616758DAC39C] - (.MetaQuotes Software Corp. - MetaTrader.) -- C:\Program Files (x86)\FXDD Malta - MetaTrader 4\terminal.exe [12721904] [PID.5696]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.10064]
[MD5.3CB513A4E2D3666282725B09FF66D2B1] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.8408]
[MD5.3B3C83A66B2304D1763236127B25C131] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\bavtray.exe [1988080] [PID.5232]
[MD5.DD562CF2DB1D68301A1C345B239818AA] - (.Foxit Software Inc. - Foxit Reader 7.0, Best Reader for Everyday.) -- C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXITREADER.exe [42164448] [PID.3812]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.2888]
[MD5.F6B0935B23E3C5B54DF33D3C180CA063] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8211968] [PID.3704]
[MD5.49B1E5AF3AA400752A20BE169CB73DFA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410952] [PID.900]
[MD5.909A77678E447339DB1880CDB1EA2F47] - (.Baidu, Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448] [PID.956]
[MD5.FC1D0475DF9F4919BBFE15FDA0174593] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824] [PID.2728]
[MD5.46EC4C71B5838655F08D82F0563FD51E] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328] [PID.3144]
[MD5.58FBDA10FC403CF9F82ABD0A68129BA3] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576] [PID.4064]
[MD5.ED64452B2A8DFED4A14C079EE4FE11EA] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128] [PID.696]
[MD5.5B9DB759783A3D94B813F6E477B98635] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\ShellfireVPN\jre7\bin\java.exe [175528] [PID.6456]
[MD5.327FE9707335C6D688F7111187CF9B00] - (...) -- C:\Program Files (x86)\WorldVPN\client\SurfEasyService.exe [3272048] [PID.7056]
[MD5.439BD966130226F464DC15F55ABD266E] - (.TechSmith Corporation - TechSmith Uploader Service.) -- C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384] [PID.6100]
[MD5.4FA842AF1F403F5738BD451D39B79BEF] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [438464] [PID.6412]
[MD5.D8C701D9745777F017818A0B8B358C9F] - (.BlueStack Systems, Inc. - BlueStacks Service.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784] [PID.6664]
[MD5.EB928325E916C3A55AC2840BC4029CFB] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [87744] [PID.5924]
[MD5.67399AB0DFD6C0F8C227767B98C64934] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [359104] [PID.5004]
[MD5.1EAD8E1DA37CA777A8CA2103149A26E6] - (.BlueStack Systems - BlueStacks Network Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe [378072] [PID.7336]
[MD5.9A9F918B4A76746C3903E9691FAD414F] - (.BlueStack Systems - BlueStacks Block Device Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe [260824] [PID.4260]
[MD5.764FC27827E3B6E5ED44858175BC84BF] - (.BlueStack Systems - BlueStacks Shared Folder Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe [366808] [PID.3012]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.7524]
[MD5.A33AF172D07175F765715CFC3F3ABAEF] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe [531232] [PID.4496]
[MD5.FD8A6E2E68FD13DFD99334E5C5B2DF00] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe [2572928] [PID.6984]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\TRI\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
G2 - EXT: C:\Users\TRI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [__MSG_chrome_extension_name__]
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 19s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\TRI\AppData\Roaming\Mozilla\Firefox\Profiles\ucmp4zr5.default\prefs.js
M3 - MFPP: Plugins - [TRI] -- C:\Users\TRI\AppData\Roaming\Mozilla\Firefox\Profiles\ucmp4zr5.default\searchplugins\istartsurf.xml =>PUP.Istart
M3 - MFPP: Plugins - [TRI] -- C:\Users\TRI\AppData\Roaming\Mozilla\Firefox\Profiles\ucmp4zr5.default\searchplugins\mystartsearch.xml =>PUP.StartSearch
M3 - MFPP: Plugins - [TRI] -- C:\Users\TRI\AppData\Roaming\Mozilla\Firefox\Profiles\ucmp4zr5.default\searchplugins\WebSearch.xml
M3 - MFPP: Plugins - [TRI] -- C:\Users\TRI\AppData\Roaming\Mozilla\Firefox\Profiles\ucmp4zr5.default\searchplugins\yahoo_ff.xml
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: prefs.js [TRI - ucmp4zr5.default\7f43@e454Q5.com] [] SalePLus v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [TRI - ucmp4zr5.default\jid1-4P0kohSJxU1qGg@jetpack] [] Hola Better Internet v1.7.824 (..)
M2 - MFEP: prefs.js [TRI - ucmp4zr5.default\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}] [] Cookies Manager+ v1.5.2 (..)
M2 - MFEP: Extension [TRI - ucmp4zr5.default] 7f43@e454Q5.com
M2 - MFEP: Extension [TRI - ucmp4zr5.default] jid1-4P0kohSJxU1qGg@jetpack
M2 - MFEP: Extension [TRI - ucmp4zr5.default] staged
M2 - MFEP: Extension [TRI - ucmp4zr5.default] zt7@mKu6W.com
M2 - MFEP: Extension [TRI - ucmp4zr5.default] {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 37 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: PriceMinus [64Bits] - {424FE94C-AD81-410B-AD99-274A22DDBC7A} . (...) -- C:\Program Files (x86)\PriceMinus\BmuXGULgN09zZP.dll =>PriceMinus
O2 - BHO: bestadblocker [64Bits] - {95D6DDA8-CB25-4594-BF03-AFDE09BC9991} . (...) -- C:\Program Files (x86)\bestadblocker\1ceqSRrBOPyG2i.dll =>PUP.Adblocker
O2 - BHO: WebMoneyAdvisor BHO [64Bits] - {E7D2CB77-6E2D-4C1F-B485-D50506B9FA6B} . (.CJSC Computing Forces - WMAdvisor.) -- C:\Program Files (x86)\WebMoney Advisor\2.2.4\wmadvisor.dll
~ BHO: 32 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{405DFEAE-1D2F-4649-BE08-C92313C3E1CE} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [TRI]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\TRI\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\SystemTools [TRI]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart
O4 - GS\Desktop [TRI]: AlwaysOnPC.lnk . (.Oracle Corporation - Java(TM) Web Start Launcher.) -- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe http://www.alwaysonpc.com
O4 - GS\Desktop [TRI]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\TRI\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKLM\..\Run: [hola] . (.Hola Networks Ltd. - Hola Better Internet.) -- C:\Program Files\Hola\app\hola.exe
O4 - HKCU\..\Run: [ShellfireVPN] . (.Shellfire GbR - ShellfireVPN Executable.) -- C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [SurfEasy] . (...) -- C:\Program Files (x86)\WorldVPN\client\SurfEasyVPN.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_64563597D0DBB7A53FBACC827DF5BC45] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc
O4 - HKLM\..\Wow6432Node\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Andy] . (...) -- C:\Program Files\Andy\HandyAndy.exe
O4 - HKLM\..\Wow6432Node\Run: [wermgr] . (.Microsoft Corporation - Windows Problem Reporting.) -- C:\ProgramData\Microsoft\Windows\WER\system_ex\wermgr.exe
O4 - HKLM\..\Wow6432Node\Run: [wmagent.exe] . (...) -- C:\Program Files (x86)\WebMoney Agent\wmagent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-793746550-25877004-3508716392-1000\..\Run: [ShellfireVPN] . (.Shellfire GbR - ShellfireVPN Executable.) -- C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe
O4 - HKUS\S-1-5-21-793746550-25877004-3508716392-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-793746550-25877004-3508716392-1000\..\Run: [SurfEasy] . (...) -- C:\Program Files (x86)\WorldVPN\client\SurfEasyVPN.exe
O4 - HKUS\S-1-5-21-793746550-25877004-3508716392-1000\..\Run: [GoogleChromeAutoLaunch_64563597D0DBB7A53FBACC827DF5BC45] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.hola.org
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F275053-D089-4C15-BA00-100EB688C183}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA91D7B1-8EE4-4B8D-962F-3E7046953199}: DhcpNameServer = 10.9.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F275053-D089-4C15-BA00-100EB688C183}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA91D7B1-8EE4-4B8D-962F-3E7046953199}: DhcpNameServer = 10.9.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7F275053-D089-4C15-BA00-100EB688C183}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA91D7B1-8EE4-4B8D-962F-3E7046953199}: DhcpNameServer = 10.9.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - ,C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Baidu Antivirus Service (BavSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe
O23 - Service: Hola Better Internet Engine (hola_svc) . (.Hola Networks Ltd. - Hola Better Internet Engine.) - C:\Program Files\Hola\app\hola_svc.exe
O23 - Service: Hola Better Internet Updater (hola_updater) . (.Hola Networks Ltd. - Hola Better Internet Engine.) - C:\Program Files\Hola\app\hola_updater.exe
O23 - Service: Baidu PC Faster Service 5.1.0.0 (PCFasterSvc_{PCFaster_5.1.0.0}) . (.Baidu, Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe
O23 - Service: SurfEasy Service (SurfEasyVPN) . (...) - C:\Program Files (x86)\WorldVPN\client\SurfEasyService.exe
O23 - Service: Update ace race (Update ace race) . (...) - C:\Program Files (x86)\ace race\updateacerace.exe (.not file.) =>Adware.Sambreel
~ Services: 25 Legitimates Filtered in 00mn 17s



---\\ Tâches planifiées en automatique (O39)
[MD5.909A77678E447339DB1880CDB1EA2F47] [APT] [Baidu PC Faster Service] (.Baidu, Inc..) -- C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448]
[MD5.1E5F6A7543B676324A95E4474762F363] [APT] [Baidu PC Faster Update] (.Baidu, Inc..) -- C:\Program Files (x86)\PC Faster\5.1.0.0\Updater.exe [1359120]
[MD5.B5A26595B8ADB4A09BF6F70AD6CCA70C] [APT] [Bidaily Synchronize Task[973b]] (...) -- c:\programdata\{b576452a-c9f0-432b-b576-6452ac9f14ab}\setup installer.exe [2567016] =>PUP.BidailySync
[MD5.B76817AEC3ECE0D51AD81929F4DE766F] [APT] [{8F826ABF-CB0E-4E7E-A9B9-D46B38069C22}] (.BitTorrent Inc..) -- C:\Users\TRI\AppData\Roaming\uTorrent\uTorrent.exe [1741904] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{E3ABEF67-0974-4D91-B32B-689A0C358723}] (...) -- C:\Program Files (x86)\Pro Evolution Soccer 2015\_CommonRedist\vcredist\2010\vcredist_x64.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: Bidaily Synchronize Task[973b] - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[973b].job [340] =>PUP.BidailySync
O39 - APT: Bidaily Synchronize Task[973b] - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] [340] =>PUP.BidailySync
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex64.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef64.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys
O41 - Driver: ({ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 108 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 5.1.0.0
O42 - Logiciel: CactusVPN - (.CactusVPN.com.) [HKLM][64Bits] -- CactusVPN
O42 - Logiciel: ContradeAggregator - (.ContradeAggregator.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e94b610} =>Adware.Graftor
O42 - Logiciel: Hola™ 1.7.598 - Better Internet - (.Hola Networks Ltd..) [HKLM][64Bits] -- Hola
O42 - Logiciel: Lego Super Heroes - (...) [HKLM][64Bits] -- {AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
O42 - Logiciel: PriceMinus - (...) [HKLM][64Bits] -- {06B99631-BFA2-3B7A-F58B-D067C2BA59B7} =>PriceMinus
O42 - Logiciel: SaferVPN 2.3.0 - (...) [HKLM][64Bits] -- OpenVPN
O42 - Logiciel: ShellfireVPN 2.5 - (...) [HKLM][64Bits] -- ShellfireVPN
O42 - Logiciel: SurfEasy VPN 3.1.401 - (.SurfEasy Inc.) [HKLM][64Bits] -- SurfEasy VPN
O42 - Logiciel: ThinLinc Client 4.3.0 - (...) [HKLM][64Bits] -- tlclient
O42 - Logiciel: VPN in Touch - (.VPN in Touch.) [HKLM][64Bits] -- {8C542390-F5C7-4610-AB75-0A385363F2C1}_is1
O42 - Logiciel: WebMoney Advisor - (.CJSC Computing Forces.) [HKLM][64Bits] -- WebMoney Advisor
O42 - Logiciel: WebMoney Agent - (.Softomate.) [HKLM][64Bits] -- WebMoney Agent
O42 - Logiciel: WebMoney Keeper WinPro 3.9.9.5 - (.WM Transfer Ltd..) [HKLM][64Bits] -- {6D9A7CEE-054A-437D-99EF-DD7C77E001FD}
O42 - Logiciel: WorldVPN 2.0 - (.WorldVPN.) [HKLM][64Bits] -- WorldVPN
O42 - Logiciel: bestadblocker - (...) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.Adblocker
O42 - Logiciel: gPad Server 2.0 2.0.0 - (.MOBiSTERS.) [HKLM][64Bits] -- 7853-6542-9336-3204
~ Logic: 39 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Andy]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Cendio]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Kromtech]
[HKCU\Software\OB]
[HKCU\Software\ShellfireVPN]
[HKCU\Software\WajIEnhance] =>PUP.Wajam
[HKCU\Software\WebMoney]
[HKLM\Software\Baidu Security]
[HKLM\Software\DtsEncodeTools]
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Cendio]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\PanAm]
[HKLM\Software\Wow6432Node\SaferVPN]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\WajIntEnhance] =>PUP.Wajam
[HKLM\Software\Wow6432Node\baidu]
~ Key Software: 363 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/02/2015 - 01:44:25 - [0] ----D C:\Program Files (x86)\ace race =>Adware.Sambreel
O43 - CFD: 21/03/2015 - 11:12:55 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 28/05/2015 - 01:46:32 - [] ----D C:\Program Files (x86)\bestadblocker =>PUP.Adblocker
O43 - CFD: 26/04/2015 - 19:50:46 - [] ----D C:\Program Files (x86)\CactusVPN
O43 - CFD: 03/03/2015 - 05:04:57 - [] ----D C:\Program Files (x86)\FBS Trader 4
O43 - CFD: 12/05/2015 - 01:00:38 - [] ----D C:\Program Files (x86)\gPadServer
O43 - CFD: 26/05/2015 - 01:44:45 - [] ----D C:\Program Files (x86)\InstaTrader
O43 - CFD: 31/03/2015 - 14:44:07 - [0] ----D C:\Program Files (x86)\LinkProc
O43 - CFD: 31/03/2015 - 14:44:25 - [] ----D C:\Program Files (x86)\Live Earnings Checker for Google AdSense
O43 - CFD: 14/03/2015 - 00:02:49 - [] ----D C:\Program Files (x86)\PC Faster
O43 - CFD: 28/05/2015 - 01:45:58 - [] ----D C:\Program Files (x86)\PriceMiiNus =>PriceMinus
O43 - CFD: 28/05/2015 - 01:46:14 - [] ----D C:\Program Files (x86)\PriceMinus =>PriceMinus
O43 - CFD: 10/03/2015 - 19:36:42 - [] ----D C:\Program Files (x86)\SaferVPN
O43 - CFD: 31/03/2015 - 14:44:25 - [] ----D C:\Program Files (x86)\SalePLus =>PUP.SalePlus
O43 - CFD: 15/04/2015 - 23:29:27 - [] ----D C:\Program Files (x86)\ShellfireVPN
O43 - CFD: 29/03/2015 - 18:08:58 - [0] ----D C:\Program Files (x86)\SystemProtect
O43 - CFD: 08/05/2015 - 17:02:01 - [] ----D C:\Program Files (x86)\ThinLinc Client
O43 - CFD: 11/05/2015 - 21:57:52 - [] ----D C:\Program Files (x86)\VPN in Touch
O43 - CFD: 29/04/2015 - 23:05:18 - [] ----D C:\Program Files (x86)\WebMoney
O43 - CFD: 29/04/2015 - 23:05:19 - [] ----D C:\Program Files (x86)\WebMoney Advisor
O43 - CFD: 29/04/2015 - 23:05:17 - [] ----D C:\Program Files (x86)\WebMoney Agent
O43 - CFD: 15/04/2015 - 20:31:03 - [] ----D C:\Program Files (x86)\WorldVPN
O43 - CFD: 28/05/2015 - 01:46:48 - [] ----D C:\ProgramData\17222546766577495141
O43 - CFD: 27/01/2015 - 00:03:44 - [] ----D C:\ProgramData\APN
O43 - CFD: 21/03/2015 - 11:12:59 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 21/03/2015 - 11:13:10 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 31/03/2015 - 14:45:46 - [0] ----D C:\ProgramData\BavSvc_exe
O43 - CFD: 21/03/2015 - 11:13:38 - [0] ----D C:\ProgramData\BCloudScan_exe
O43 - CFD: 28/05/2015 - 01:45:41 - [] ----D C:\ProgramData\kbodaipcofllmmafneeljajonimoeckh
O43 - CFD: 14/03/2015 - 00:03:09 - [] ----D C:\ProgramData\PC Faster
O43 - CFD: 15/04/2015 - 20:38:15 - [] ----D C:\ProgramData\SurfEasy VPN
O43 - CFD: 15/04/2015 - 23:23:40 - [] ----D C:\ProgramData\SurfEasyService
O43 - CFD: 28/05/2015 - 01:45:19 - [] ----D C:\ProgramData\{b576452a-c9f0-432b-b576-6452ac9f14ab}
O43 - CFD: 11/04/2015 - 16:38:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
O43 - CFD: 27/05/2015 - 11:39:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 06/03/2015 - 20:20:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CactusVPN
O43 - CFD: 12/05/2015 - 00:56:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPad Server 2.0
O43 - CFD: 26/05/2015 - 01:44:26 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstaTrader
O43 - CFD: 21/02/2015 - 23:15:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaferVPN
O43 - CFD: 06/04/2015 - 05:09:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShellfireVPN
O43 - CFD: 12/04/2011 - 11:27:56 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 08/05/2015 - 17:02:01 - [] -S--D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinLinc
O43 - CFD: 10/03/2015 - 21:15:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN in Touch
O43 - CFD: 29/04/2015 - 23:04:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMoney
O43 - CFD: 10/03/2015 - 23:49:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldVPN
O43 - CFD: 11/04/2015 - 16:39:07 - [] ----D C:\Users\TRI\AppData\Roaming\Andy
O43 - CFD: 13/04/2015 - 01:52:27 - [] ----D C:\Users\TRI\AppData\Roaming\baidu
O43 - CFD: 01/02/2015 - 20:09:58 - [] ----D C:\Users\TRI\AppData\Roaming\CoinMiner
O43 - CFD: 14/05/2015 - 22:24:19 - [] ----D C:\Users\TRI\AppData\Roaming\GRID Workspace
O43 - CFD: 10/03/2015 - 01:02:04 - [] ----D C:\Users\TRI\AppData\Roaming\HaiYuInst
O43 - CFD: 14/03/2015 - 00:02:58 - [] ----D C:\Users\TRI\AppData\Roaming\PC Faster
O43 - CFD: 06/04/2015 - 14:27:58 - [] ----D C:\Users\TRI\AppData\Roaming\ShellfireVpn
O43 - CFD: 07/04/2015 - 18:47:54 - [] ----D C:\Users\TRI\AppData\Roaming\teknikforce
O43 - CFD: 10/04/2015 - 01:53:47 - [] ----D C:\Users\TRI\AppData\Roaming\ThinkSky
O43 - CFD: 07/03/2015 - 16:55:46 - [0] ----D C:\Users\TRI\AppData\Roaming\ThinLinc
O43 - CFD: 07/03/2015 - 16:56:39 - [0] ----D C:\Users\TRI\AppData\Roaming\vnc
O43 - CFD: 30/04/2015 - 00:10:24 - [] ----D C:\Users\TRI\AppData\Roaming\WebMoney
O43 - CFD: 15/04/2015 - 20:39:18 - [] ----D C:\Users\TRI\AppData\Local\com.surfeasy.se0200
O43 - CFD: 15/04/2015 - 16:25:52 - [] -SH-D C:\Users\TRI\AppData\Local\EmieBrowserModeList
O43 - CFD: 21/02/2015 - 23:16:11 - [] ----D C:\Users\TRI\AppData\Local\SaferVPN
O43 - CFD: 21/02/2015 - 23:16:07 - [] ----D C:\Users\TRI\AppData\Local\Safer_Social_Ltd
O43 - CFD: 07/04/2015 - 18:48:02 - [] ----D C:\Users\TRI\AppData\Local\TubeRank_Jeet
O43 - CFD: 18/05/2015 - 21:31:40 - [] ----D C:\Users\TRI\AppData\Local\YTMonster
O43 - CFD: 14/03/2015 - 00:03:07 - [] ----D C:\Users\TRI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 06/03/2015 - 20:20:12 - [] ----D C:\Users\TRI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CactusVPN
O43 - CFD: 15/04/2015 - 20:31:03 - [] ----D C:\Users\TRI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SurfEasy VPN
O43 - CFD: 10/03/2015 - 23:49:44 - [0] ----D C:\Users\TRI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldVPN
~ Program Folder: 276 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:09/01/2012 - 05:13:12 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
O58 - SDL:20/04/2015 - 12:05:59 ---A- . (.Pas de propriétaire - bdark.) -- C:\Windows\System32\Drivers\bdark64.sys [78792]
O58 - SDL:05/03/2015 - 06:12:10 ---A- . (.Baidu, Inc. - Baidu Antivirus Sandbox.) -- C:\Windows\System32\Drivers\BdSandbox.sys [236920]
O58 - SDL:28/04/2015 - 16:52:10 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [62920]
O58 - SDL:28/04/2015 - 16:52:10 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [38344]
O58 - SDL:11/02/2015 - 03:07:19 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\Bnbasex.sys [61112]
O58 - SDL:28/04/2015 - 16:52:10 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex64.sys [62792]
O58 - SDL:11/02/2015 - 03:07:19 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\Bndef.sys [483288]
O58 - SDL:28/04/2015 - 16:52:10 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef64.sys [485672]
O58 - SDL:28/04/2015 - 16:52:10 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [169416]
O58 - SDL:09/04/2015 - 14:21:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [93512]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:27/03/2015 - 01:10:52 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [192984]
O58 - SDL:14/08/2014 - 10:18:28 ---A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [43088]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:05/11/2014 - 14:16:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0).) -- C:\Windows\System32\Drivers\tap0901.sys [27136]
O58 - SDL:05/03/2015 - 09:17:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tapse01.sys [39048]
O58 - SDL:15/08/2014 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:31/01/2015 - 06:28:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:26/08/2013 - 10:52:56 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19032]
O58 - SDL:26/08/2013 - 10:52:54 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12384]
~ Drivers: 97 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 21/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\la plus grand a et b et c.exe [370716]
O61 - LFC: 21/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\number positif ou necatef.exe [370889]
O61 - LFC: 21/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\number positif ou necatif.exe [370716]
O61 - LFC: 21/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\plus grand.exe [370686]
O61 - LFC: 21/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\test again.exe [370686]
O61 - LFC: 22/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Desktop\some+def+pro+rest.exe [370708]
O61 - LFC: 22/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\la some les deux nomber egal un number.exe [370729]
O61 - LFC: 22/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\pair un impair.exe [370686]
O61 - LFC: 22/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\Documents\test againnnnnnnnnnnnnnn.exe [370715]
O61 - LFC: 26/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\AppData\Roaming\MetaQuotes\Terminal\CCD68BFB06049A8615C607C3F6AD69B7\MQL4\Libraries\IFX_MB.exe [2231808]
O61 - LFC: 26/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\AppData\Roaming\MetaQuotes\Terminal\CCD68BFB06049A8615C607C3F6AD69B7\MQL4\Libraries\ifx_mb.dll [454144]
O61 - LFC: 26/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\AppData\Roaming\MetaQuotes\Terminal\CCD68BFB06049A8615C607C3F6AD69B7\MQL4\Libraries\jjhgdjh.dll [445440]
O61 - LFC: 26/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\AppData\Roaming\MetaQuotes\Terminal\CCD68BFB06049A8615C607C3F6AD69B7\MQL4\Libraries\khjhhdh.dll [445440]
O61 - LFC: 26/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\AppData\Roaming\MetaQuotes\Terminal\CCD68BFB06049A8615C607C3F6AD69B7\MQL4\Libraries\one_click_full.dll [444928]
O61 - LFC: 26/05/2015 - 02:15:34 ---A- . (...) -- C:\Users\TRI\AppData\Roaming\MetaQuotes\Terminal\CCD68BFB06049A8615C607C3F6AD69B7\MQL4\Libraries\one_click_full.exe [3223552]
O61 - LFC: 28/05/2015 - 02:15:33 ---A- . (...) -- C:\Users\TRI\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 28/05/2015 - 02:15:33 ---A- . (...) -- C:\Users\TRI\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [236]
O61 - LFC: 28/05/2015 - 02:15:35 ---A- . (...) -- C:\Users\TRI\Downloads\StockMarketEye-3.3.10-Setup.exe [28110624]
~ 130 Fichiers temporaires (Temporary files)
~ 312 Fichiers cookies (Cookies files)
~ Files: 30 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/04/2015 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 20/04/2015 - C:\Windows\system32\drivers\bdark64.sys (bdark64) .(.Pas de propriétaire - bdark.) - LEGACY_BDARK64
O64 - Services: CurCS - 28/04/2015 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 28/04/2015 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 28/04/2015 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 28/04/2015 - C:\Windows\System32\drivers\bnbasex64.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 28/04/2015 - C:\Windows\system32\drivers\bndef64.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
O64 - Services: CurCS - 28/04/2015 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\Bnmon64.sys (BNmon) .(.Baidu, Inc. - Baidu Antivirus Bnmon.) - LEGACY_BNMON
O64 - Services: CurCS - 28/04/2015 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 09/04/2015 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 09/04/2015 - C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O64 - Services: CurCS - 31/01/2015 - C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64.sys ({ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64) .(.StdLib - StdLib.) - LEGACY_{EBF755A7-A244-4BC6-AC93-A366F9ECCF49}GW64 =>PUP.LinkiDoo
~ Legacy: 106 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [TRI - ucmp4zr5.default] user_pref("extensions.crossrider.bic", "14b842879eb19e73cb9b8e2be938ded0"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {81A665BA-3EC0-4293-9C4E-57ED397D42A0} [DefaultScope] - (Yahoo) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.coolsearches.info =>PUP.CoolSearches
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\TRI\Desktop\tri4\Notions de mathématiques appliquées à linformatique\VMware Workstation 7.0 Build.203739\vmware 7 keygen.zip =>.Crack,Keygen
C:\Users\TRI\Downloads\Compressed\AlwaysOnPC Chrome, Firefox, Java v2.7.1 free, full, cracked.rar =>.Crack,Keygen
C:\Users\TRI\Desktop\tri4\Notions de mathématiques appliquées à linformatique\VMware Workstation 7.0 Build.203739\vmware 7 keygen.zip =>.Crack,Keygen
C:\Users\TRI\Downloads\Compressed\AlwaysOnPC Chrome, Firefox, Java v2.7.1 free, full, cracked.rar =>.Crack,Keygen
~ Files: Scanned in 00mn 21s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.64140032358BDF814DCA39BCF5D6B7F2] [SPRF][19/05/2015] (...) -- C:\Users\TRI\Desktop\conjug.exe [371372]
[MD5.E1CC385CD2B3A1033D75BCC0D801E5A7] [SPRF][22/05/2015] (...) -- C:\Users\TRI\Desktop\some+def+pro+rest.exe [370708]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{954BBF99-0701-417C-AF88-8D610C9E7931}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\TRI\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{42DDC05E-3008-44EB-B00F-98EC1106A980}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\TRI\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:51d2f2ea="RlAp/X2/GlAv/Xt/blAq/XJ/bxAC/X6/bxAu////"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:65114b36="Vl/l////"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23\31294196287131855\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserExtensionsSetup_RASAPI32 =>PUP.BrowserExtensions
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserExtensionsSetup_RASMANCS =>PUP.BrowserExtensions
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_by SaiD-SofT_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_by SaiD-SofT_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpc_mystartsearch_RASAPI32 =>PUP.StartSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpc_mystartsearch_RASMANCS =>PUP.StartSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
~ BTK: 260 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{6f981451-e4bb-434b-9228-048b0e6b143d}] (youtubeadblocker) =>PUP.Multiplug
[HKCR\CLSID\{7cf65a9b-4afc-43ab-ac5b-e329bda4167f}] (SalePlus) =>PUP.SalePlus
[HKCR\CLSID\{95D6DDA8-CB25-4594-BF03-AFDE09BC9991}] (bestadblocker) =>PUP.Adblocker
~ BCK: 6372 Legitimates Filtered in 00mn 12s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 09/01/2012 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Demand 05/03/2015 490528 | (BdSandboxSrv) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdSandboxSrv64.exe
SS - | Demand 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 26/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 17/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 08/12/2014 29696 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files (x86)\SaferVPN\bin\openvpnserv.exe
SS - | Demand 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Auto 22/07/1658 0 | (Update ace race) . (...) - C:\Program Files (x86)\ace race\updateacerace.exe =>Adware.Sambreel
SS - | Auto 20/11/2014 12730560 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 28/04/2015 2572928 | (BavSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe
SR - | Auto 28/04/2015 531232 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe
SR - | Auto 10/03/2015 429784 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SR - | Auto 10/03/2015 388824 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 10/03/2015 794328 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
SR - | Auto 11/01/2012 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 01/10/2014 1349576 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
SR - | Auto 19/01/2015 1148560 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 28/04/2015 7766472 | (hola_svc) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_svc.exe
SR - | Auto 28/04/2015 7766472 | (hola_updater) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_updater.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 13/02/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/01/2015 1706128 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 19/01/2015 21833872 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 05/02/2015 935056 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/05/2015 1714448 | (PCFasterSvc_{PCFaster_5.1.0.0}) . (.Baidu, Inc..) - C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe
SR - | Demand 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/12/2014 175528 | (ShellfireVPN2Service) . (.Oracle Corporation.) - C:\Program Files (x86)\ShellfireVPN\jre7\bin\java.exe
SR - | Auto 05/02/2015 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 05/03/2015 3272048 | (SurfEasyVPN) . (...) - C:\Program Files (x86)\WorldVPN\client\SurfEasyService.exe
SR - | Auto 26/01/2015 3408384 | (TechSmith Uploader Service) . (.TechSmith Corporation.) - C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
SR - | Demand 20/11/2014 87744 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 22/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 18/11/2014 912576 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 22/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 13s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by TRI at 28/05/2015 02:16:18
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by TRI at 28/05/2015 02:16:20
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (25/05/2015)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 11

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D6DDA8-CB25-4594-BF03-AFDE09BC9991}] =>PUP.Adblocker^
[HKLM\SYSTEM\CurrentControlSet\Services\Update ace race] =>Adware.Sambreel^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e94b610}] =>Adware.Graftor^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.Adblocker^
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
C:\Users\TRI\AppData\Roaming\Mozilla\Firefox\Profiles\ucmp4zr5.default\extensions\7f43@e454Q5.com =>PUP.SalePlus^
C:\Program Files (x86)\ace race =>Adware.Sambreel^
C:\Program Files (x86)\bestadblocker =>PUP.Adblocker^
C:\Program Files (x86)\SalePLus =>PUP.SalePlus^
c:\programdata\{b576452a-c9f0-432b-b576-6452ac9f14ab}\setup installer.exe =>PUP.BidailySync^
C:\Users\TRI\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
C:\Windows\System32\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
[HKCU\Software\WajIEnhance] =>PUP.Wajam^
[HKLM\Software\Wow6432Node\879faf35-39e1-f399-5fac-1e9516a3cc23] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\WajIntEnhance] =>PUP.Wajam^
[HKCR\CLSID\{6f981451-e4bb-434b-9228-048b0e6b143d}] (youtubeadblocker) =>PUP.Multiplug^
[HKCR\CLSID\{7cf65a9b-4afc-43ab-ac5b-e329bda4167f}] (SalePlus) =>PUP.SalePlus^
[HKCR\CLSID\{95D6DDA8-CB25-4594-BF03-AFDE09BC9991}] (bestadblocker) =>PUP.Adblocker^
~ Additionnel Scan: 353226 Items scanned in 00mn 23s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SalePlus
http://www.nicolascoolman.fr/blog/ =>PriceMinus
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://www.nicolascoolman.fr/blog/ =>Adware.Sambreel
http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://www.nicolascoolman.fr/blog/ =>Adware.Graftor
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.CoolSearches
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
~ MSI: 22 link(s) detected in 00mn 00s



~ 1239 Legitimates filtered by white list
End of the scan (834 lines in 02mn 14s)(4.11)

Publicité


Signaler le contenu de ce document

Publicité