Compte rendu de ZHPdiag

Bonjour,
J'ai installée le logiciel ZHPdiag suite à un serveur proxy qui refuse de répondre et après avoir effectué le scan, j'ai reçu un rapport dans l'attente d'une aide...
Merci d'avance.

~ Rapport de ZHPDiag v2014.6.28.99 - Nicolas Coolman (28/06/2014)
~ Lancé par Marie (28/06/2014 22:24:12)
~ Adresse du Site Web http://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17126
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
System - Enable Open file C:\Users\Marie\AppData\Roaming\ZHP\Licence.txt =>.Nicolas Coolman

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.9

---\\ Surveillance de Logiciels
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 60

---\\ Informations sur le système
~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1642 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 199 GB (67%) free of 296 GB

---\\ Mode de connexion au système
~ Computer Name: MARIE-HP
~ User Name: Marie
~ All Users Names: Marie, HomeGroupUser$, Adminsav, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marie\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marie\AppData\Roaming\
~ %Desktop% : C:\Users\Marie\Desktop\
~ %Favorites% : C:\Users\Marie\Favorites\
~ %LocalAppData% : C:\Users\Marie\AppData\Local\
~ %StartMenu% : C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 199 Go of 296 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.771CDBC3D62437D6DB070820BB1EDCCF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/05/2014 - 08:21:10.) -- C:\Windows\System32\wininet.dll [1790976]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.04/03/2014 - 10:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/505
~ Mes musiques (My Musics) : 3/206
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/71
~ Mes Documents (My Documents) : 1/546
~ Mon Bureau (My Desktop) : 1/52
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 13s



---\\ Processus lancés
[MD5.0352CE6A7A21B0A631EA6FEA5676684E] - (.Pas de propriétaire - winsystem.) -- C:\Users\Marie\AppData\Local\MRS\winsystem.exe [21504] [PID.3340]
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.3636]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.3644]
[MD5.2F3663B9564A4965C93B696CDD7DB6D3] - (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe [845984] [PID.3740]
[MD5.8CFFC92FDC8C123C2FBB904F47AA26F6] - (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe [694432] [PID.3916]
[MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944] [PID.3924]
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.2184]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.2636]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.2188]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [21444224] [PID.2092]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11322880] [PID.3824]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11314688] [PID.3904]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.504]
[MD5.3DD5FB1B7D48D2233CDCAD7FF5EC045F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8072192] [PID.4304]
[MD5.A3A35EE79C64A640152B3113E6E254E2] - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\windows\system32\cscript.exe [126976] [PID.4296]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [dffhljlmcohcioeilbnpmbchdcbhifdh] WiseConvert 1.5 v.10.29.0.520, (Désactivé) =>Toolbar.Conduit
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.19 (Activé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 32s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {cfcb809c-3a22-4616-a916-6c007bd9d920} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Zoomex - {17EEDC41-06E8-1EA7-759C-D1B1C5F3D7A3} Clé orpheline =>Adware.ZoomEx
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{CFCB809C-3A22-4616-A916-6C007BD9D920} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Flyer] c:\Ordina13 Help\MessageSCC.exe (.not file.)
O4 - HKLM\..\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (.not file.)
O4 - HKLM\..\Run: [tuto4pc_fr_25] Clé orpheline =>PUP.AgenceExclusive
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Marie\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [Google Update] C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Marie\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2823203330-1570677491-1077528394-1014\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-2823203330-1570677491-1077528394-1014\..\Run: [Akamai NetSession Interface] C:\Users\Marie\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKUS\S-1-5-21-2823203330-1570677491-1077528394-1014\..\Run: [Google Update] C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-2823203330-1570677491-1077528394-1014\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Marie\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2823203330-1570677491-1077528394-1014\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKLM\...\Domains\www] http.mcafeeasap.com
O15 - Trusted Zone: [HKLM\...\EscDomains\www] http.mcafeeasap.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1440C85D-3322-40D8-B99E-DBD183E8241C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A32218B7-433F-4CB5-9A77-CE983A3DD9E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1440C85D-3322-40D8-B99E-DBD183E8241C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A32218B7-433F-4CB5-9A77-CE983A3DD9E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1440C85D-3322-40D8-B99E-DBD183E8241C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A32218B7-433F-4CB5-9A77-CE983A3DD9E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
O23 - Service: SystemUpdatekb70007 (SystemUpdatekb70007) . (.Pas de propriétaire - WindowsUpdater.) - C:\Users\Marie\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe
~ Services: 11 Legitimates Filtered in 00mn 15s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0DFD5370-8E95-4BAB-9AC5-0D1A86610784}] (...) -- D:\625\Lan.exe (.not file.) [0]
[MD5.3125CBE7D2CFF0D4AD6E6F2337AEE678] [APT] [{57238261-35A1-4D70-9167-E0879758F664}] (...) -- C:\Program Files\VPro-HQ-1.71\Uninstall.exe [83304]
[MD5.00000000000000000000000000000000] [APT] [{A912F43D-B9A5-4284-BB07-AED7CFFFA7DA}] (...) -- D:\2010\DRIVERS\Broadcom_BCM43xx_5.10.79.14\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C8DBF953-70C7-4DDE-8CC7-01C71B85CEB9}] (...) -- D:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DD23FC74-BA4E-40CE-AB66-7EA1CFDD3871}] (...) -- C:\AeriaGames\GrandFantasia-FR\aeria_launcher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E1B584D9-CD50-4B6B-8EC9-6DC0FC3E6AED}] (...) -- C:\Program Files\MediaPlayerplus\Uninstall.exe (.not file.) [0] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2823203330-1570677491-1077528394-1014Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2823203330-1570677491-1077528394-1014UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForMarie [320]
~ Scheduled Task: 33 Legitimates Filtered in 00mn 17s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: ({b8a90375-3b37-4954-86de-f96c458c4ce2}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{b8a90375-3b37-4954-86de-f96c458c4ce2}Gw.sys =>PUP.LinkiDoo
~ Drivers: 78 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: System Update kb70007 - (.MRS.) [HKLM] -- {AEB719FD-EDB0-43E9-B524-90F97C1E6499}
O42 - Logiciel: VPro-HQ-1.71 - (.Vpro-HQ.) [HKLM] -- VPro-HQ-1.71
~ Logic: 11 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\360]
[HKCU\Software\47718InstEnd]
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Meitu]
[HKCU\Software\Pando Networks]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\???????????????]
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\MaxPower]
[HKLM\Software\Pando Networks]
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\Tuto4_pc]
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\aducky]
[HKLM\Software\anset]
[HKLM\Software\ec]
[HKLM\Software\supTab] =>PUP.SupTab
~ Key Software: 214 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/11/2012 - 08:33:55 - [0] ----D C:\Program Files\360
O43 - CFD: 24/12/2012 - 13:34:12 - [] ----D C:\Program Files\BitAccelerator =>PUP.BitAccelerator
O43 - CFD: 24/06/2014 - 16:24:42 - [0] ----D C:\Program Files\GetPrivate
O43 - CFD: 22/12/2012 - 22:59:06 - [] ----D C:\Program Files\Meitu
O43 - CFD: 05/06/2014 - 09:27:40 - [] ----D C:\Program Files\MRS
O43 - CFD: 01/06/2013 - 10:13:35 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 05/06/2014 - 09:31:55 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 09/06/2014 - 08:14:58 - [0] ----D C:\Program Files\V-bates =>Adware.Incredibar
O43 - CFD: 06/06/2014 - 12:45:20 - [] ----D C:\Program Files\VPro-HQ-1.71
O43 - CFD: 05/06/2014 - 09:19:55 - [] ----D C:\ProgramData\IePluginServices =>Trojan.SProtector
O43 - CFD: 20/03/2013 - 09:51:13 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 15/06/2014 - 17:58:56 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 15/01/2013 - 20:59:49 - [0] ----D C:\ProgramData\{037EB53E-70CB-4f52-A307-F45618D2A712}.tmp
O43 - CFD: 28/04/2014 - 17:11:50 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 15/01/2013 - 20:59:49 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 13/11/2012 - 06:13:51 - [] ----D C:\Users\Marie\AppData\Roaming\360Login
O43 - CFD: 13/11/2012 - 06:16:04 - [] ---AD C:\Users\Marie\AppData\Roaming\360se
O43 - CFD: 05/06/2014 - 09:25:37 - [] ----D C:\Users\Marie\AppData\Roaming\GetPrivate
O43 - CFD: 05/06/2014 - 09:27:21 - [] ----D C:\Users\Marie\AppData\Roaming\MRS
O43 - CFD: 05/06/2014 - 09:33:54 - [] ----D C:\Users\Marie\AppData\Roaming\v9
O43 - CFD: 05/06/2014 - 09:25:28 - [] ----D C:\Users\Marie\AppData\Roaming\wi_upd
O43 - CFD: 28/04/2014 - 17:51:34 - [] ----D C:\Users\Marie\AppData\Local\com
O43 - CFD: 05/06/2014 - 09:27:22 - [] ----D C:\Users\Marie\AppData\Local\MRS
O43 - CFD: 11/11/2012 - 13:42:58 - [] ----D C:\Users\Marie\AppData\Local\uptt4pcin4 =>PUP.Eorezo
~ 168 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 404 Legitimates Filtered in 00mn 14s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0B813086A3400AAFA1639D08823FBD46] - 19/06/2014 - 11:54:53 ---A- . (.ClientConnect - Search Protect.) -- C:\Windows\System32\condt.exe [145928] =>PUP.SearchProtect
O44 - LFC:[MD5.E226EB32FA61093116D398694EAE8F0B] - 19/06/2014 - 13:02:47 R--A- . (...) -- C:\Pre_Scan_19_06_2014_14_02_47.txt [32016]
O44 - LFC:[MD5.E5AA86E2889B2C6F6B01BC862A2D4D2D] - 21/06/2014 - 08:37:12 ---A- . (...) -- C:\Windows\ntbtlog.txt [423798]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 25/06/2014 - 17:12:28 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.8D969F8E807263D5E35BC20973A26A08] - 28/06/2014 - 20:41:19 R--A- . (...) -- C:\Pre_Scan_28_06_2014_21_41_19.txt [27232]
~ Files: 17 Legitimates Filtered in 00mn 52s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Meitu\KanKan\KanKan.exe" [Enabled] .(...) -- C:\Program Files\Meitu\KanKan\KanKan.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Users\Marie\AppData\Roaming\cacaoweb\cacaoweb.exe" [Enabled] .(...) -- C:\Users\Marie\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Keys Export: 2 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:17/12/2013 - 07:57:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:17/12/2013 - 07:57:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:24/04/2014 - 11:31:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{b8a90375-3b37-4954-86de-f96c458c4ce2}Gw.sys [52928] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 90 Legitimates Filtered in 01mn 24s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{b8a90375-3b37-4954-86de-f96c458c4ce2}Gw.sys ({b8a90375-3b37-4954-86de-f96c458c4ce2}Gw) .(.StdLib - StdLib.) - LEGACY_{B8A90375-3B37-4954-86DE-F96C458C4CE2}GW =>PUP.LinkiDoo
~ Legacy: 111 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <360SE.exe> <360SE Browser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Marie\AppData\Roaming\360se\bin\360SE.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {537DBF23-3207-4E51-A3EC-0988419D5CAA} - (Privitize VPN) - http://searchab.com =>Hijacker.PrivitizeVPN
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DCD6D9CF2D61AD997930FB51F2498839] [SPRF][19/06/2014] (...) -- C:\Users\Marie\Desktop\Pre_Scan.exe [2595840]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BitAcceleratorDDLRinstaller_RASAPI32 =>PUP.BitAccelerator
HKLM\SOFTWARE\Microsoft\Tracing\BitAcceleratorDDLRinstaller_RASMANCS =>PUP.BitAccelerator
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent (1)_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent (1)_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\Fortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Microsoft\Tracing\Fortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_20121115_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_20121115_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_kreapixel_14650_RASAPI32 =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_kreapixel_14650_RASMANCS =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\majt4pcfr_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Microsoft\Tracing\majt4pcfr_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Microsoft\Tracing\majtuto4pcfrdyn_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Microsoft\Tracing\majtuto4pcfrdyn_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Microsoft\Tracing\ProtectedSearch_RASAPI32 =>Spyware.ProtectedSearch
HKLM\SOFTWARE\Microsoft\Tracing\ProtectedSearch_RASMANCS =>Spyware.ProtectedSearch
HKLM\SOFTWARE\Microsoft\Tracing\savings sidekick-bg_RASAPI32 =>Adware.GamePlayLabs
HKLM\SOFTWARE\Microsoft\Tracing\savings sidekick-bg_RASMANCS =>Adware.GamePlayLabs
HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32 =>Adware.GamePlayLabs
HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS =>Adware.GamePlayLabs
HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2210-1be9878d_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2210-1be9878d_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\trolatunt_RASAPI32 =>PUP.Trolatunt
HKLM\SOFTWARE\Microsoft\Tracing\trolatunt_RASMANCS =>PUP.Trolatunt
HKLM\SOFTWARE\Microsoft\Tracing\tuto4pc_fr_25_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Microsoft\Tracing\tuto4pc_fr_25_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Microsoft\Tracing\tuto4pc_fr_7_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Microsoft\Tracing\tuto4pc_fr_7_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Microsoft\Tracing\updateFortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Microsoft\Tracing\updateFortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Microsoft\Tracing\updatetrolatunt_RASAPI32 =>PUP.Trolatunt
HKLM\SOFTWARE\Microsoft\Tracing\updatetrolatunt_RASMANCS =>PUP.Trolatunt
HKLM\SOFTWARE\Microsoft\Tracing\upt4pc_fr_25_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Microsoft\Tracing\upt4pc_fr_25_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Microsoft\Tracing\utilFortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Microsoft\Tracing\utilFortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent (1)_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent (1)_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_5_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_5_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\YontooSetup-S-13C0_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooSetup-S-13C0_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\ZoomEx_RASAPI32 =>Adware.ZoomEx
HKLM\SOFTWARE\Microsoft\Tracing\ZoomEx_RASMANCS =>Adware.ZoomEx
~ BTK: 422 Legitimates Filtered in 00mn 01s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
~ BCK: 5858 Legitimates Filtered in 00mn 32s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/07/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 22/10/2011 85152 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files\Bluetooth Suite\adminservice.exe
SR - | Auto 17/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 05/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
SR - | Auto 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 29/05/2014 29184 | (SystemUpdatekb70007) . (...) - C:\Users\Marie\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/10/2011 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 37s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/06/2014)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 14
Fichiers trouvés (Files found) : 16

[HKLM\Software\Google\Chrome\Extensions\booedmolknjekdopkepjjeckmjkdpfgl] =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\dffhljlmcohcioeilbnpmbchdcbhifdh] =>Toolbar.Conduit^
[HKLM\Software\Google\Chrome\Extensions\flpcjncodpafbgdpnkljologafpionhb] =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf] =>PUP.CacaoWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17EEDC41-06E8-1EA7-759C-D1B1C5F3D7A3}] =>Adware.ZoomEx^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Boxore] =>Adware.Boxore
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Tuto4_pc] =>Spyware.AgenceExclusive
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_25 =>PUP.AgenceExclusive^
C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\booedmolknjekdopkepjjeckmjkdpfgl =>PUP.Manager^
C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffhljlmcohcioeilbnpmbchdcbhifdh =>Toolbar.Conduit^
C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpcjncodpafbgdpnkljologafpionhb =>PUP.Manager^
C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf =>PUP.CacaoWeb^
C:\Program Files\BitAccelerator =>PUP.BitAccelerator^
C:\Program Files\SupTab =>PUP.SupTab^
C:\Program Files\V-bates =>Adware.Incredibar^
C:\ProgramData\IePluginServices =>Trojan.SProtector^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\Marie\AppData\Local\uptt4pcin4 =>PUP.Eorezo^
C:\Program Files\Software =>Adware.Boxore
C:\ProgramData\Software =>Adware.Boxore
C:\Users\Marie\AppData\Local\Software =>Adware.Boxore
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
C:\Users\Marie\Downloads\cacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 265653 Items scanned in 01mn 57s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-manager =>PUP.Manager
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/adware-zoomex =>Adware.ZoomEx
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-pricemeter =>PUP.PriceMeter
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/33020731-pup-bitaccelerator =>PUP.BitAccelerator
http://nicolascoolman.fr/adware-incredibar =>Adware.Incredibar
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/27068497-hijacker-privitizevpn =>Hijacker.PrivitizeVPN
http://nicolascoolman.fr/pup-fortunitas =>PUP.Fortunitas
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/pup-specialsavings =>Adware.GamePlayLabs
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/pup-specialsavings =>PUP.SpecialSavings
http://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox
~ MSI: 30 link(s) detected in 00mn 00s



~ 1029 Legitimates filtered by white list
End of the scan (647 lines in 07mn 33s)(0)
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.9

---\\ Surveillance de Logiciels
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 60

---\\ Informations sur le système
~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1642 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 199 GB (67%) free of 296 GB

---\\ Mode de connexion au système
~ Computer Name: MARIE-HP
~ User Name: Marie
~ All Users Names: Marie, HomeGroupUser$, Adminsav, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marie\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marie\AppData\Roaming\
~ %Desktop% : C:\Users\Marie\Desktop\
~ %Favorites% : C:\Users\Marie\Favorites\
~ %LocalAppData% : C:\Users\Marie\AppData\Local\
~ %StartMenu% : C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 199 Go of 296 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.771CDBC3D62437D6DB070820BB1EDCCF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/05/2014 - 08:21:10.) -- C:\Windows\System32\wininet.dll [1790976]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.04/03/2014 - 10:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/505
~ Mes musiques (My Musics) : 3/206
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/142
~ Mes Documents (My Documents) : 1/1092
~ Mon Bureau (My Desktop) : 1/105
~ Menu demarrer (Programs) : 1/54
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.0352CE6A7A21B0A631EA6FEA5676684E] - (.Pas de propriétaire - winsystem.) -- C:\Users\Marie\AppData\Local\MRS\winsystem.exe [21504] [PID.3340]
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.3636]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.3644]
[MD5.2F3663B9564A4965C93B696CDD7DB6D3] - (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe [845984] [PID.3740]
[MD5.8CFFC92FDC8C123C2FBB904F47AA26F6] - (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe [694432] [PID.3916]
[MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944] [PID.3924]
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.2184]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.2636]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.2188]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [21444224] [PID.2092]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11322880] [PID.3824]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11314688] [PID.3904]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.504]
[MD5.3DD5FB1B7D48D2233CDCAD7FF5EC045F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8072192] [PID.4304]
~ Processes Running: Scanned in 00mn 07s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [dffhljlmcohcioeilbnpmbchdcbhifdh] WiseConvert 1.5 v.10.29.0.520, (Désactivé) =>Toolbar.Conduit
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.19 (Activé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 34 Legitimates Filtered in 00mn 33s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {cfcb809c-3a22-4616-a916-6c007bd9d920} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Zoomex - {17EEDC41-06E8-1EA7-759C-D1B1C5F3D7A3} Clé orpheline =>Adware.ZoomEx
~ BHO: 36 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{CFCB809C-3A22-4616-A916-6C007BD9D920} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Flyer] c:\Ordina13 Help\MessageSCC.exe (.not file.)
O4 - HKLM\..\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (.not file.)
O4 - HKLM\..\Run: [tuto4pc_fr_25] Clé orpheline =>PUP.AgenceExclusive
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSV