~ Rapport de ZHPDiag v2013.12.26.23 - Nicolas Coolman  (26/12/2013)
~ Lancé par Bryan (28/12/2013 10:11:12)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476 (Defaut)
MFIE: Mozilla Firefox 25.0
GCIE: Google Chrome v23.0.1271.97
OPIE: Opera v12.16
OPIE: Opera vStable 18.0.1284.68

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.09 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 367 GB (62%) free of 583 GB

---\\ Mode de connexion au système
~ Computer Name: BRYAN-PC
~ User Name: Bryan
~ All Users Names: UpdatusUser, Sylviane, Lecolonel, HomeGroupUser$, Bryan, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Bryan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Bryan\AppData\Roaming\
~ %Desktop% : C:\Users\Bryan\Desktop\
~ %Favorites% : C:\Users\Bryan\Favorites\
~ %LocalAppData% : C:\Users\Bryan\AppData\Local\
~ %StartMenu% : C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 367 Go of 583 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
H: Hard drive, Flash drive, Thumb drive (Free 294 Go of 932 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/136
~ Mes musiques (My Musics) : 1/10
Mes Videos (My Videos) : 2/2   (Modified) 
~ Mes Favoris (My Favorites) : 1/45
~ Mes Documents (My Documents) : 3/307
~ Mon Bureau (My Desktop) : 1/17305
~ Menu demarrer (Programs) : 1/64
~ Hidden Files:  Scanned in 00mn 26s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.2112]
[MD5.BB4CEE22CFE1C259F5C4279349EB879C] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe   [149824] [PID.3872]
[MD5.9A44D5BBD020F904E18BD1BEAB49BEF2] - (.Orange - Executable Orange Inside.) -- C:\Users\Bryan\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe   [1511424] [PID.3884]
[MD5.66275E52615AF9D2F18EB3442D00CFE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe   [210216] [PID.4392]
[MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe   [13446464] [PID.4172]
[MD5.0FA364C4A86335B2D048953D04363537] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe   [4858968] [PID.5064]
[MD5.E31967B2A0D6061352695873C78FB383] - (.DENIAU F.A.A - Le nettoyeur de trax.) -- C:\Program Files (x86)\Piratrax\piratrax.exe   [3909264] [PID.856]
[MD5.2D08AC1443FFA7FBED9A5EA5FD49AEB3] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [1242728] [PID.15076]
[MD5.870DF389D7676EDBB635141336A867C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8302080] [PID.3416]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65640] [PID.1808]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [55184] [PID.1872]
[MD5.9D519AAA21E622DF7DF27041E0917499] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe   [1966960] [PID.1940]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.2312]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.2404]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.2432]
[MD5.D81CAF952B4F008B98B5B8E4B0434B96] - (.Interactive Brands Malta Limited. - PDF Suite 2013 Helper Service.) -- C:\Program Files (x86)\PDF Suite 2013\HelperService.exe   [1310072] [PID.2128]
[MD5.8D005118490A06A3C4FD87D19B20D3C7] - (.Interactive Brands Malta Limited. - PDF Suite 2013 Conversion Service.) -- C:\Program Files (x86)\PDF Suite 2013\ConversionService.exe   [909176] [PID.3048]
[MD5.999AA77152F16A40A5727FC657EF66C3] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe   [247152] [PID.2372]
[MD5.AFFCADFBC35AA9C4EBB4A51D3BF88D35] - (.Tlapia - sysTPLMonitor.) -- C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe   [395888] [PID.2104]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [136176] [PID.3536]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe   [1153368] [PID.3396]
[MD5.4A5A9DDEF3C7E4E37EB22DE00AE8B9F1] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe   [2458944] [PID.4448]
[MD5.3FB90D9C98D4058E0EDDE3F870555878] - (.Tlapia - sysTPLService.) -- C:\Program Files (x86)\sysTPL\sysTPLService.exe   [394352] [PID.11756]
~ Processes Running:  Scanned in 00mn 35s



---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [Bryan] Home URL=http://start.myplaycity.com/
B1 - OSP: search.ini [Bryan] URL=http://www.bing.com/search?mkt=fr-FR&form=IE0004&q=%s
B1 - OSP: search.ini [Bryan] URL=http://start.myplaycity.com/results.php?category=web&s=%s
~ Opera Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\y6tluc6u.default\prefs.js
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\y6tluc6u.default\user.js
M3 - MFPP: Plugins - [Bryan] -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\y6tluc6u.default\searchplugins\myplaycity.xml
~ Firefox Browser: 15 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 15423



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: File Extractor.lnk . (...)  -- C:\Program Files (x86)\Tweaks\File Extractor\fileextractor.exe
O4 - GS\Program [Public]: Encore plus de jeux.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [UpdatusUser]: RegCleaner.lnk . (...)  -- C:\Program Files (x86)\RegCleaner\RegCleanr.exe
O4 - GS\QuickLaunch [Sylviane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar [Sylviane]: HP MediaSmart.lnk . (...)  -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - GS\TaskBar [Sylviane]: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - GS\TaskBar [Sylviane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Program [Sylviane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Sylviane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Sylviane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop [Sylviane]: RegCleaner.lnk . (...)  -- C:\Program Files (x86)\RegCleaner\RegCleanr.exe
O4 - GS\QuickLaunch [Lecolonel]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Lecolonel]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar [Lecolonel]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar [Lecolonel]: HP MediaSmart.lnk . (...)  -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - GS\TaskBar [Lecolonel]: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - GS\TaskBar [Lecolonel]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar [Lecolonel]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar [Lecolonel]: Opera.lnk . (.Opera Software - Opera Internet Browser.)  -- C:\Program Files (x86)\Opera\launcher.exe 
O4 - GS\TaskBar [Lecolonel]: Orange Portail.lnk . (...)  -- C:\Program Files\Orange\Orange Portail.exe
O4 - GS\Program [Lecolonel]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\SystemTools [Lecolonel]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\SendTo [Lecolonel]: Desk 365.lnk . (...)  -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) =>Hijacker.22Find
O4 - GS\Desktop [Lecolonel]: Assistance Livebox.lnk . (.Orange - Assistance Livebox.)  -- C:\Program Files (x86)\orange\Assistance Livebox\AssistanceLivebox.exe 
O4 - GS\QuickLaunch [Bryan]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch [Bryan]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Bryan]: MP Manager.lnk . (.MPMAN - MP Manager.)  -- C:\Users\Bryan\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe 
O4 - GS\QuickLaunch [Bryan]: PDF Suite 2013.lnk . (.Interactive Brands Malta Limited. - PDF Suite 2013 Application.)  -- C:\Program Files (x86)\PDF Suite 2013\PDF Suite 2013.exe 
O4 - GS\QuickLaunch [Bryan]: Piratrax.lnk . (.DENIAU F.A.A - Le nettoyeur de trax.)  -- C:\Program Files (x86)\Piratrax\piratrax.exe 
O4 - GS\QuickLaunch [Bryan]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.)  -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe 
O4 - GS\QuickLaunch [Bryan]: Star Defender 2.lnk . (...)  -- C:\Program Files (x86)\MyPlayCity.com\Star Defender 2\Star Defender 2.exe
O4 - GS\QuickLaunch [Bryan]: Vos Démarches Administratives.lnk - Clé orpheline
O4 - GS\QuickLaunch [Bryan]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Bryan]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar [Bryan]: HP MediaSmart.lnk . (...)  -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - GS\TaskBar [Bryan]: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - GS\TaskBar [Bryan]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar [Bryan]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar [Bryan]: Opera 15.lnk . (.Opera Software - Opera Internet Browser.)  -- C:\Program Files (x86)\Opera\launcher.exe 
O4 - GS\Program [Bryan]: Create Amazing Presentations.lnk - Clé orpheline
O4 - GS\Program [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Bryan]: Piratrax.lnk . (.DENIAU F.A.A - Le nettoyeur de trax.)  -- C:\Program Files (x86)\Piratrax\piratrax.exe 
O4 - GS\Program [Bryan]: Uninstall .lnk . (.Pantaray Research Ltd. - Setup/Uninstall Engine.)  -- C:\Program Files (x86)\InstallerHP_12345.exe 
O4 - GS\SystemTools [Bryan]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Bryan]: CyberLink PowerDirector.lnk . (.CyberLink Corp. - PowerDirector.)  -- C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.exe 
O4 - GS\Desktop [Bryan]: Les impots - Raccourci.lnk . (...)  -- H:\Les impots 
O4 - GS\Desktop [Bryan]: MP Manager.lnk . (.MPMAN - MP Manager.)  -- C:\Users\Bryan\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe 
O4 - GS\Desktop [Bryan]: Piratrax.lnk . (.DENIAU F.A.A - Le nettoyeur de trax.)  -- C:\Program Files (x86)\Piratrax\piratrax.exe 
O4 - GS\Desktop [Bryan]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 137 Legitimates Filtered in 00mn 32s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe 
O4 - HKCU\..\Run: [Piratrax] . (...) -- C:\Program Files (x86)\Piratrax\piratrax_launch.exe 
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Bryan\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 
O4 - HKCU\..\Run: [TBHostSupport] C:\Users\Bryan\AppData\Local\TBHostSupport\TBHostSupport.dll (.not file.) 
O4 - HKUS\S-1-5-18\..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (.not file.) 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (.not file.) 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (.not file.) 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1047202056-280954267-3752578598-1000\..\Run: [Piratrax] . (...) -- C:\Program Files (x86)\Piratrax\piratrax_launch.exe 
O4 - HKUS\S-1-5-21-1047202056-280954267-3752578598-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Bryan\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 
O4 - HKUS\S-1-5-21-1047202056-280954267-3752578598-1000\..\Run: [TBHostSupport] C:\Users\Bryan\AppData\Local\TBHostSupport\TBHostSupport.dll (.not file.) 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
O23 - Service: sysTPLService (sysTPLService.exe) . (.Tlapia - sysTPLService.) - C:\Program Files (x86)\sysTPL\sysTPLService.exe
~ Services: 19 Legitimates Filtered in 00mn 17s



---\\ Tâches planifiées en automatique (O39)
[MD5.E31967B2A0D6061352695873C78FB383] [APT] [Piratrax_autorun] (.DENIAU F.A.A.) -- C:\Program Files (x86)\Piratrax\piratrax.exe   [3909264]
[MD5.E31967B2A0D6061352695873C78FB383] [APT] [Piratrax_with_menu] (.DENIAU F.A.A.) -- C:\Program Files (x86)\Piratrax\piratrax.exe   [3909264]
[MD5.00000000000000000000000000000000] [APT] [{0096ED33-15EF-4994-B106-054645E4B231}] (...) -- E:\SPANEL\FRENCH\COPYFAX\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{0968AC9A-5A04-4933-84C4-47BCE8011430}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.C2ED0AF96D6513E5D013B1D7F8B58D06] [APT] [{1DE54E2E-FB78-4A7B-B7B2-B69293C78024}] (...) -- C:\Program Files (x86)\BoontyGames\Heroes of Hellas\game.exe   [2449173]
[MD5.00000000000000000000000000000000] [APT] [{23B2DA82-5A9E-44DB-848F-96477A70D4E3}] (...) -- F:\setup_f.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{261E79AA-5CF2-4976-B5F4-42CC5E68E3C8}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{35E2202A-3377-44E4-82A2-060B21BBFA33}] (...) -- E:\REG\FRENCH\REGISTER.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4348873B-16FD-414F-BDF5-A3FE03A8B9EF}] (...) -- E:\WIN2000\FRENCH\SETUP\OEMINF.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4EEBBF54-B8E5-4F9F-83DF-9A514D281C26}] (...) -- E:\STARTER\FRENCH\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{50A91520-869B-408B-B153-AA65ED191557}] (...) -- C:\Program Files (x86)\EPSON\Creativity Suite\Easy Photo Print\EEasyPhotoPrint.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{57573A95-0E3B-463C-877B-55F5D05415F2}] (...) -- E:\TWAIN\FRENCH\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{589AA203-DE1D-4AB0-B042-5C6EF9A8C6BD}] (...) -- C:\Program Files (x86)\EPSON\EPSON PhotoStarter3.0\EPSON PhotoStarter3.0.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{60DDDAF1-90AB-4141-B15F-AC701AD8FB05}] (...) -- E:\WIN2000\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{653227B9-0CDA-4BED-8063-5F204B0AA3DA}] (...) -- E:\PIXEXP\COMMON\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{65A1F037-5983-48E9-AB04-973A031D082D}] (...) -- E:\ACROBAT\FRENCH\AR505FRA.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{65E2FFF6-1D28-4210-B3C2-1608580272D9}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{69F6E749-8EFD-46D5-AB7D-E2AD7767C5EB}] (...) -- E:\WIN2000\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{7681FEB2-6917-48F7-9799-CD62DD8A2AAE}] (...) -- C:\Users\Bryan\Downloads\OOo_3.2.1_Win_x86_install-wJRE_fr.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{7A2CEAD4-6887-49DB-9923-BA96DFEABF77}] (...) -- E:\PIXEXP\FRENCH\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{8DB21EBD-9348-4C2E-AE33-87B9F3D224B3}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.C2ED0AF96D6513E5D013B1D7F8B58D06] [APT] [{97AB24B9-99C9-43FD-974D-B292BB709B15}] (...) -- C:\Program Files (x86)\BoontyGames\Heroes of Hellas\game.exe   [2449173]
[MD5.00000000000000000000000000000000] [APT] [{A3398B58-959A-4F3D-9327-F18126280DBF}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{B27B3356-B849-4461-859F-F6EF83C958DC}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{BE4765C0-0EE9-425D-A472-F8935601A2E4}] (...) -- E:\PI4\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{D0E814E5-FCD2-4DBC-938C-1335ACD72F63}] (...) -- E:\CARDMON\FRENCH\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{D12A7B1D-A7F5-4817-AA1F-6AC866E4C7DF}] (...) -- E:\WIN2000\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{D74C1CE0-B74C-40B9-920B-03CD2C395B88}] (...) -- E:\WIN2000\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.AF2B76458C0976FB125273E1E506E340] [APT] [{DDC8E9F6-7A12-43ED-A315-391B11DD9637}] (...) -- C:\Program Files (x86)\BoontyGames\Treasure Island\treasureisland.exe   [3030810]
[MD5.00000000000000000000000000000000] [APT] [{E014AB25-5D03-4733-B802-6A1E292F4C71}] (...) -- C:\Users\Bryan\Downloads\ONECODE Reflex 4234.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E0B6884D-B398-4ED6-A825-348D2754C20E}] (...) -- E:\WIN9X\FRENCH\SETUP\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E176584B-0F3E-4FE3-963E-7EA33706FCBF}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{ED43B8BF-B234-42DA-9BE0-997A87F182C7}] (...) -- E:\SPANEL\FRENCH\CREAT\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{F14855A1-6642-412C-94A5-E76E94142135}] (...) -- E:\WIN2000\FRENCH\SETUP\E_SCHK02.exe (.not file.)   [0]
~ Scheduled Task: 66 Legitimates Filtered in 00mn 20s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (zqxkcoxk) . (. - .) - C:\Windows\system32\drivers\zqxkcoxk.sys (.not file.)
O41 - Driver:  (aswFW) . (. - .) - C:\Windows\system32\drivers\aswFW.sys (.not file.)
O41 - Driver:  (aswRdr) . (. - .) - C:\Windows\system32\Drivers\aswrdr2.sys (.not file.)
~ Drivers: 65 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Acrobat Reader X Packages - (...) [HKCU][64Bits] -- Acrobat Reader X Packages
O42 - Logiciel: Piratrax - (.DENIAU F.A.A.) [HKCU][64Bits] -- Piratrax
O42 - Logiciel: Solitaire Cruise - (...) [HKLM][64Bits] -- cc220ed79efd7171ca0401ea717b7f41
O42 - Logiciel: Time Riddles: The Mansion - (...) [HKLM][64Bits] -- exent_683150
~ Logic: 56 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Agendaplan]
[HKCU\Software\AmeGami]
[HKCU\Software\HTMLExe]
[HKCU\Software\Hyper-Practical]
[HKCU\Software\IncrediMail]
[HKCU\Software\Micro CONSEIL Services]
[HKCU\Software\Modulo Solutions]
[HKCU\Software\sol]
[HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\FileExtractor]
[HKLM\Software\Wow6432Node\HTMLExe]
[HKLM\Software\Wow6432Node\PCtel,Inc.]
~ Key Software: 583 Legitimates Filtered in 00mn 03s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/02/2011 - 13:23:14 - [52,851] ----D C:\Program Files (x86)\Modulo-Planner
O43 - CFD: 17/01/2012 - 10:47:35 - [0,005] ----D C:\Program Files (x86)\PCtel,Inc
O43 - CFD: 18/12/2013 - 16:51:33 - [5,607] ----D C:\Program Files (x86)\Piratrax
O43 - CFD: 15/02/2011 - 14:09:32 - [0,079] ----D C:\Program Files (x86)\SpaceShadows
O43 - CFD: 15/08/2013 - 09:08:05 - [0,077] ----D C:\Program Files (x86)\User's Guide
O43 - CFD: 10/02/2011 - 05:41:21 - [0,030] ----D C:\ProgramData\SZ
O43 - CFD: 25/10/2011 - 14:54:21 - [0,002] ----D C:\ProgramData\Terrafarmers
O43 - CFD: 23/07/2013 - 12:59:21 - [1,063] ----D C:\Users\Bryan\AppData\Roaming\0A1Q1B1P1T1C1R1M1P1B
O43 - CFD: 17/01/2013 - 17:49:41 - [1,063] ----D C:\Users\Bryan\AppData\Roaming\0F0C1V0F1L1I1P0E2V2Z1C1T1R2Z1F1C
O43 - CFD: 22/12/2013 - 08:56:45 - [0] ----D C:\Users\Bryan\AppData\Roaming\0V1L2Z2Z1T1I1L1T
O43 - CFD: 18/10/2011 - 13:34:34 - [0,040] ----D C:\Users\Bryan\AppData\Roaming\Akhra
O43 - CFD: 05/07/2013 - 21:36:54 - [-1998,615] ----D C:\Users\Bryan\AppData\Roaming\aMule
O43 - CFD: 21/06/2011 - 16:19:43 - [0,016] ----D C:\Users\Bryan\AppData\Roaming\Dreamsdwell Stories
O43 - CFD: 19/05/2011 - 17:25:33 - [0,302] ----D C:\Users\Bryan\AppData\Roaming\Dreamsdwell Stories 2
O43 - CFD: 10/02/2011 - 15:16:03 - [0] ----D C:\Users\Bryan\AppData\Roaming\Hyperpractical
O43 - CFD: 27/12/2013 - 21:48:23 - [1,228] ----D C:\Users\Bryan\AppData\Roaming\newnext.me
O43 - CFD: 08/02/2011 - 11:33:08 - [0,011] ----D C:\Users\Bryan\AppData\Roaming\Peace Craft
O43 - CFD: 07/04/2011 - 14:32:51 - [0,003] ----D C:\Users\Bryan\AppData\Roaming\TheScruffs
O43 - CFD: 15/12/2010 - 17:32:59 - [0,001] ----D C:\Users\Bryan\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 27/12/2013 - 18:40:36 - [1,224] ----D C:\Users\Bryan\AppData\Local\genienext
O43 - CFD: 27/12/2013 - 22:22:30 - [0,029] ----D C:\Users\Bryan\AppData\Local\piratrax
O43 - CFD: 31/12/2010 - 11:01:42 - [1,799] ----D C:\Users\Bryan\AppData\Local\PokerStars.FR
O43 - CFD: 30/08/2012 - 17:35:43 - [0,001] ----D C:\Users\Bryan\AppData\Local\Taidoc
O43 - CFD: 31/03/2012 - 14:27:32 - [0] ----D C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Champions en s'amusant
O43 - CFD: 18/12/2013 - 16:51:33 - [0,004] ----D C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Piratrax
~ Program Folder: 434 Legitimates Filtered in 01mn 28s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A54E255F98A3026A6C9073F2C0130CB5] - 22/12/2013 - 09:10:03 ---A- . (...) -- C:\Windows\wininit.ini   [17572]
O44 - LFC:[MD5.CB8572E790FCE09714143741C20E9934] - 27/12/2013 - 18:38:59 ---A- . (...) -- C:\Windows\System32\sasnative64.exe   [16896]
~ Files: 17 Legitimates Filtered in 02mn 43s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F581C31FBAFED289BB94A224282CED9A] - 26/12/2013 - 17:49:08 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-638A2BA8.pf
O45 - LFCP:[MD5.B89C1597C886E1C60614F3F7D7FF0ACB] - 27/12/2013 - 08:19:33 ---A- - C:\Windows\Prefetch\ORANGE PORTAIL.EXE-F6580E55.pf
O45 - LFCP:[MD5.FE2BAF16B1C09B81F5E79E9A6C3363AC] - 27/12/2013 - 10:55:10 ---A- - C:\Windows\Prefetch\BFGPROCESS.EXE-0E273DC5.pf
O45 - LFCP:[MD5.A736BB9CCB5ACAA64CF7A9ACF05C1B97] - 27/12/2013 - 10:55:20 ---A- - C:\Windows\Prefetch\STARDEFENDER3.EXE-421DDBD5.pf
O45 - LFCP:[MD5.2209F9F91B0AE66477BD34E7641BE59F] - 27/12/2013 - 10:55:25 ---A- - C:\Windows\Prefetch\CFFTCXX.EXE-F2A25211.pf
O45 - LFCP:[MD5.319620601192DAC0AB44EE10EA0A9BF3] - 27/12/2013 - 10:55:27 ---A- - C:\Windows\Prefetch\STAR DEFENDER 2.EXE-07F97101.pf
O45 - LFCP:[MD5.1705AB8109FF8E4912AFF85C7DDD1FDA] - 27/12/2013 - 10:55:39 ---A- - C:\Windows\Prefetch\GMACTIVATOR.EXE-A7AE8A30.pf
O45 - LFCP:[MD5.C31960874E440C3F00E0B7883E14A03E] - 27/12/2013 - 21:09:23 ---A- - C:\Windows\Prefetch\DUP.EXE-E3FF5006.pf
~ Prefetcher: 131 Legitimates Filtered in 00mn 02s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2023eba2-dd6b-11e2-a7b3-c80aa90b9185}\AutoRun\command. (...) -- F:\ICM_Manager.exe (.not file.)
O51 - MPSK:{bea17eab-df18-11e2-9740-c80aa90b9185}\AutoRun\command. (...) -- F:\ICM_Manager.exe (.not file.)
O51 - MPSK:{c546b214-2bf1-11e3-8dd9-c80aa90b9185}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{cfebdceb-d7f0-11e2-9ef2-c80aa90b9185}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
O51 - MPSK:{ff0e9891-ec52-11e2-b3a0-c80aa90b9185}\AutoRun\command. (...) -- F:\ICM_Manager.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Exetender  [Key] . (...) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon  [Key] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Nektra WLMailApi  [Key] . (...) -- C:\Program Files (x86)\Goto Software\Vade Retro\WLMApiLauncher\WLMailApiAgent.exe
O53 - SMSR:HKLM\...\startupreg\NextLive  [Key] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Bryan\AppData\Roaming\newnext.me\nengine.dll
O53 - SMSR:HKLM\...\startupreg\Pense-bête  [Key] . (...) -- C:\Program Files (x86)\AXEL\Pense-bête\pensebet.exe (.not file.)  =>.Microsoft Corporation
O53 - SMSR:HKLM\...\startupreg\TBHostSupport  [Key] . (...) -- C:\Users\Bryan\AppData\Local\TBHostSupport\TBHostSupport.dll (.not file.)
O53 - SMSR:HKLM\...\startupreg\USB Storage Toolbox  [Key] . (.ali - usb1.) -- C:\Windows\UMStor\Res.exe
O53 - SMSR:HKLM\...\startupreg\VRManager  [Key] . (.Goto Software - Vaderetro Manager.) -- C:\Program Files (x86)\Common Files\Goto Software\Vaderetro_Mgr.exe
~ SMSR Keys: 27 Legitimates Filtered in 00mn 04s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0F9FA4FA5879427E54F13F82DB1CDBCE] - 15/05/2010 - 14:47:38 ---A- . (.ITE Technologies - AF9035 Hybrid Driver.) -- C:\Windows\System32\Drivers\AF9035HB.sys   [907904]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 29/06/2013 - 08:01:43 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 29/06/2013 - 08:01:44 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 29/06/2013 - 08:01:44 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum   [175]
O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 29/05/2012 - 14:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys   [27456]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.B3944D06EB4B64D57BD7E5FE89415F58] - 07/05/2010 - 18:43:30 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys   [30304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys   [16448]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 24/07/2006 - 15:05:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys   [5632]
O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys   [16448]
O58 - SDL:[MD5.E02540273564C17B8D1337A07945C19A] - 21/11/2003 - 18:09:08 ----- . (.USB Compliance - USB Mass Storage Driver.) -- C:\Windows\SysWOW64\drivers\UMSTOR.sys   [201736]
~ Drivers: 19 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 26/12/2013 - 10:21:54 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_2   [1056768]
O61 - LFC: 26/12/2013 - 10:21:55 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage   [74752]
O61 - LFC: 26/12/2013 - 10:21:55 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage-journal   [3608]
O61 - LFC: 26/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Origin Bound Certs   [24576]
O61 - LFC: 26/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Origin Bound Certs-journal   [4640]
O61 - LFC: 27/12/2013 - 10:19:56 ---A- . (...) -- C:\Users\Bryan\AppData\Local\piratrax\1321132797deb_pack_cluster.txt   [6282]
O61 - LFC: 27/12/2013 - 10:19:56 ---A- . (...) -- C:\Users\Bryan\AppData\Local\piratrax\1949415127deb_pack_cluster.txt   [6403]
O61 - LFC: 27/12/2013 - 10:19:56 ---A- . (...) -- C:\Users\Bryan\AppData\Local\piratrax\2224920943deb_pack_cluster.txt   [5478]
O61 - LFC: 27/12/2013 - 10:19:56 ---A- . (...) -- C:\Users\Bryan\AppData\Local\piratrax\data_patch.tmp.doc.zip   [321]
O61 - LFC: 27/12/2013 - 10:20:53 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Awem\Star Defender 2\Config.xml   [364]
O61 - LFC: 27/12/2013 - 10:20:53 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Awem\Star Defender 2\GameData.dat   [168]
O61 - LFC: 27/12/2013 - 10:20:54 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Awem\Star Defender 2\UserData.dat   [1584]
O61 - LFC: 27/12/2013 - 10:20:54 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Awem\Star Defender 2\log.html   [120305]
O61 - LFC: 27/12/2013 - 10:21:02 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\fr.orange.assistancelivebox\Local Store\ALB.db   [6144]  =>.Orange Corporation
O61 - LFC: 27/12/2013 - 10:21:40 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\newnext.me\nengine.cookie   [3072]
O61 - LFC: 27/12/2013 - 10:21:52 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Cookies   [919552]
O61 - LFC: 27/12/2013 - 10:21:52 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Cookies-journal   [16384]
O61 - LFC: 27/12/2013 - 10:21:52 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Favicons   [2686976]
O61 - LFC: 27/12/2013 - 10:21:52 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Favicons-journal   [16384]
O61 - LFC: 27/12/2013 - 10:21:54 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_0   [45056]
O61 - LFC: 27/12/2013 - 10:21:54 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_1   [270336]
O61 - LFC: 27/12/2013 - 10:21:55 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\History   [3624960]
O61 - LFC: 27/12/2013 - 10:21:55 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\History Provider Cache   [21350]
O61 - LFC: 27/12/2013 - 10:21:55 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\History-journal   [16384]
O61 - LFC: 27/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Preferences   [130880]
O61 - LFC: 27/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\session.db   [524288]
O61 - LFC: 27/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\session.db-journal   [16384]
O61 - LFC: 27/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\session.dbak   [524288]
O61 - LFC: 27/12/2013 - 10:21:56 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db   [1376256]
O61 - LFC: 27/12/2013 - 10:21:57 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Visited Links   [131072]
O61 - LFC: 27/12/2013 - 10:21:57 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Web Data   [79872]
O61 - LFC: 27/12/2013 - 10:21:57 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal   [16384]
O61 - LFC: 27/12/2013 - 10:21:57 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db-journal   [16384]
O61 - LFC: 27/12/2013 - 10:22:43 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\ZHPADSReport.txt   [351]  =>.Nicolas Coolman
O61 - LFC: 27/12/2013 - 10:22:43 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\ZHPDiag.txt   [84791]  =>.Nicolas Coolman
O61 - LFC: 27/12/2013 - 10:22:45 ---A- . (...) -- C:\Users\Bryan\daemonprocess.txt   [376]
O61 - LFC: 27/12/2013 - 10:23:01 ---A- . (...) -- C:\Users\Bryan\Downloads\adwcleaner-3-012-es-en-br-fr-de-win-setup.exe   [616648]
O61 - LFC: 27/12/2013 - 10:23:04 ---A- . (...) -- C:\Users\Bryan\Downloads\adwcleaner-3-012-es-en-br-fr-de-win.exe   [1085542]
O61 - LFC: 27/12/2013 - 10:23:12 ---A- . (...) -- C:\Users\Bryan\Downloads\la-boum-2-french-dvdrip-1982.torrent   [30579]
O61 - LFC: 27/12/2013 - 10:23:12 R--A- . (...) -- C:\Users\Bryan\Downloads\La.Boum.2.1982.FRENCH.BRRiP.XviD.AC3-HuSh\La.Boum.2.1982.FRENCH.BRRiP.XviD.AC3-HuSh.nfo   [10329]
O61 - LFC: 28/12/2013 - 10:18:48 ---A- . (...) -- C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [267490]
O61 - LFC: 28/12/2013 - 10:19:00 ---A- . (...) -- C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Local State   [59486]
O61 - LFC: 28/12/2013 - 10:22:42 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\Log.txt   [50115]  =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 10:22:43 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2853]  =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 10:22:44 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\ZHPExportRegistry-28-12-2013-09-37-03.txt   [10172688]  =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 10:22:44 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\ZHPFixQuarantine.txt   [87862]  =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 10:22:44 ---A- . (...) -- C:\Users\Bryan\AppData\Roaming\ZHP\ZHPFix[R1].txt   [57479]  =>.Nicolas Coolman
~ 2 Fichiers temporaires (Temporary files)
~ Files: 584 Legitimates Filtered in 05mn 40s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <OperaStable>[HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe
O68 - StartMenuInternet: <OperaStable> <Opera Stable>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0FBDD22C-31CC-4CB1-B3CF-694A6CFA98CD} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://r.orange.fr
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C66A29CFBA70B1B7C7ABCF6D76F6C205] [SPRF][20/05/2013] (...) -- C:\Users\Bryan\AppData\Roaming\wklnhst.dat   [524]
[MD5.683903AB6C40F5BB22269B59306D4450] [SPRF][28/12/2013] (...) -- C:\Users\Bryan\Desktop\RogueKillerX64.exe   [4406784]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "C1045E100E2DCEF4A97329CA8D58F218" . (.User's Guide.) -- C:\Windows\Installer\{01E5401C-D2E0-4FEC-9A37-92ACD8852F81}\NoticesManuals_1.exe
O90 - PUC: "C5DCD2F8B572E5040868FB1B3BEC20EF" . (.PixEasy.) -- C:\Windows\Installer\{8F2DCD5C-275B-405E-8086-BFB1B3CE02FE}\ARPPRODUCTICON.exe
~ Update Products: 120 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.78F18145764DC4D4E66B51D3D0F2FB64] [WIS][24/01/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\68ea31.msi   [20717568]
[MD5.0265B19452BBF8E7B94F96E3B3A9C0F4] [WIS][26/01/2010] (.HP Remote Solution - HP Remote Solution Installation.) -- C:\Windows\Installer\957c.msi   [267776]
~ WIS: 131 Legitimates Filtered in 00mn 23s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/12/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 19/12/2010 69120 |  (Boonty Games) . (.BOONTY.) - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
SS - | Demand 21/11/2013 227936 |  (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 01/01/2011 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/01/2011 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/03/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/08/2012 1001376 |  (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 26/10/2013 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 29/08/2013 1073160 |  (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Demand 04/02/2013 155824 |  (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 05/09/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/03/2009 92160 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 11/08/2012 55184 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/06/2013 1966960 |  (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/09/2012 86528 |  (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  =>.Hewlett-Packard Co
SR - | Auto 20/08/2009 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/10/2013 23808 |  (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 06/03/2012 889664 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 07/03/2012 2458944 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 13/12/2012 1310072 |  (PDF Suite 2013 Helper Service) . (.Interactive Brands Malta Limited..) - C:\Program Files (x86)\PDF Suite 2013\HelperService.exe
SR - | Auto 13/12/2012 909176 |  (PDF Suite 2013 Service) . (.Interactive Brands Malta Limited..) - C:\Program Files (x86)\PDF Suite 2013\ConversionService.exe
SR - | Auto 31/12/2008 247152 |  (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 |  (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 22/09/2010 249136 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 12/12/2013 395888 |  (sysTPLMonitor.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
SR - | Auto 12/12/2013 394352 |  (sysTPLService.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLService.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 26s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Bryan at 28/12/2013 10:27:22
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Bryan at 28/12/2013 10:27:24

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (26/12/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 8
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}]   =>Toolbar.Orange
[HKLM\Software\Wow6432Node\Duuqu]   =>PUP.Duuqu^
~ Additionnel Scan: 411616 Items scanned in 00mn 42s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy    =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6   =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find   =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu   =>PUP.Duuqu
~ MSI: 4 link(s) detected in 00mn 42s



~ 2427 Legitimates filtered by white list
End of the scan (682 lines in 16mn 55s)(0)