cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.20.54 - Nicolas Coolman (20/10/2013)
~ Lanc� par User (20/10/2013 11:04:15)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 24.0 (Defaut)
OPIE: Opera vStable 17.0.1241.45

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : CHJY2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du syst�me
Kaspersky Anti-Virus v14.0.0.4651
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.06 =>Piriform Ltd
Slowin' Killer - Outil d'optimisation pour Windows v1.3.2

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 45

---\\ Informations sur le syst�me
~ Processor: AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4086 MB (50% free)
System Restore: Activ� (Enable)
System drive C: has 66 GB (38%) free of 171 GB

---\\ Mode de connexion au syst�me
~ Computer Name: USER-PC
~ User Name: User
~ All Users Names: User, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 66 Go of 171 Go)
D: Hard drive, Flash drive, Thumb drive (Free 242 Go of 293 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.3CD6F07E6416ED6E18A1965CD2B9144A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 15:33:53.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/42
~ Mes musiques (My Musics) : 5/203
~ Mes Videos (My Videos) : 1/11
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/2111
~ Mon Bureau (My Desktop) : 1/32204
~ Menu demarrer (Programs) : 1/61
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lanc�s
[MD5.FB0C8699B87F7140BB6201BE7B4B6778] - (.Pas de propri�taire - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe [827392] [PID.2364]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2508]
[MD5.C22792F87481E05FA6538FA405E0975F] - (.Glarysoft Ltd - Glary Utilities 3.) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe [472352] [PID.2516]
[MD5.EE39A16FCDAF62A716F8DF24F0FF4819] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe [990400] [PID.2928]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [274840] [PID.2840]
[MD5.59588AA5DDCB31B8155D49FE11987A69] - (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.exe [409776] [PID.3832]
[MD5.52D1BCAB15FBDB9EC4A52C5D42240F17] - (.Mister Group - System Explorer.) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2851784] [PID.3476]
[MD5.2B19BD1F68108C3A2A3141664904485C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8110080] [PID.5856]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1648]
[MD5.C330710CF95587DCB7806BB6A22CF044] - (.ArcSoft, Inc. - ArcSoft eservutil..) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624] [PID.1688]
[MD5.689664697B08AE2DB4E074F4CA08836E] - (.AMD - AMD RAIDXpert Service.) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [61440] [PID.1752]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1776]
[MD5.E1241EB74D90506310501065A9296F76] - (.AMD - AMD RAIDXpert.) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe [65536] [PID.1788]
[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512] [PID.1964]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.2056]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496] [PID.2764]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280] [PID.2784]
[MD5.BBFCAC1C23B867AE5D7EF96DF40680C5] - (.Realtek - RtlService MFC Application.) -- C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [40960] [PID.2824]
[MD5.4628285687CCADC79E364DC6137BFF92] - (...) -- C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [966656] [PID.2852]
[MD5.51CDD8FC1A33F38F64FE92568DBB417E] - (.AMD - RAIDXpert Event Notifier Server.) -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe [122880] [PID.1088]
[MD5.A9AA40BE63DC29CA82020A34C1718FD5] - (.AMD - RAIDXpert Event Notifier.) -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe [139264] [PID.3336]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ov54bgo9.default-1352383211707\prefs.js
M0 - MFSP: prefs.js [User - ov54bgo9.default-1352383211707] http://www.maxisciences.com
M2 - MFEP: prefs.js [User - ov54bgo9.default-1352383211707\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.17 (..)
M2 - MFEP: prefs.js [User - ov54bgo9.default-1352383211707\{AE93811A-5C9A-4d34-8462-F7B864FC4696}] [] StumbleUpon v20131008 (..)
~ Firefox Browser: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 04s
~ Nombre de lignes (Lines number): 29711



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Combat Arms EU.lnk . (.Nexon - Combat Arms Launcher.) -- C:\Nexon\Combat Arms EU\CombatArms.exe
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Epson Stylus SX110_TX110 Manuel.lnk . (...) -- C:\Program Files (x86)\epson\TPMANUAL\ESSX110_TX110\FRA\USE_G\index.htm
O4 - GS\Desktop [Public]: foobar2000.lnk . (.Piotr Pawlowski - foobar2000.) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
O4 - GS\Program [Public]: Ava Find.lnk . (...) -- C:\Windows\Installer\{909577E9-BFB5-48E2-8237-71DCA373F147}\_4ae13d6c.exe
O4 - GS\Program [Public]: foobar2000.lnk . (.Piotr Pawlowski - foobar2000.) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
O4 - GS\Program [Public]: KRISTAL.lnk . (.Kreatives.org - KRISTAL Audio Engine.) -- C:\Program Files (x86)\Kreatives.org\KRISTAL Audio Engine\KRISTAL.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\QuickLaunch [User]: Autorun Manager.lnk . (.Online Solutions - OSAM: Autorun Manager.) -- C:\Program Files (x86)\Online Solutions\OSAM\osam.exe
O4 - GS\QuickLaunch [User]: Driver Cleaner Pro.lnk . (...) -- C:\Program Files (x86)\Driver Cleaner Pro\DCleaner.exe
O4 - GS\QuickLaunch [User]: ijji REACTOR.lnk . (.NHN Corporation - Reactor Application.) -- C:\Program Files (x86)\REACTOR\REACTOR.exe
O4 - GS\QuickLaunch [User]: SolidWorks 2011 x64 Edition.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{4F113377-0BA1-4552-9ABB-9BF220FAF132}\i386_SldWorks.exe
O4 - GS\TaskBar [User]: LFS.lnk . (...) -- C:\LFS\LFS.exe
O4 - GS\TaskBar [User]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [User]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\SystemTools [User]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [User]: BeamNG Techdemo.lnk . (...) -- C:\Users\User\AppData\Local\BeamNG\BeamNG-Techdemo-0.3\BeamNGSandbox.x86.exe
~ Global Startup: 61 Legitimates Filtered in 00mn 00s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - HKLM\..\Run: [snpstd3] . (.Pas de propri�taire - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kbrd.ico
O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6FDE930-2281-4CA3-81F1-71317199C1B7}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B2759C-394A-4226-B523-9E826CC2890A}: NameServer = 194.158.122.10,194.158.122.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6FDE930-2281-4CA3-81F1-71317199C1B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B2759C-394A-4226-B523-9E826CC2890A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6FDE930-2281-4CA3-81F1-71317199C1B7}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8B2759C-394A-4226-B523-9E826CC2890A}: NameServer = 194.158.122.10,194.158.122.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6FDE930-2281-4CA3-81F1-71317199C1B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8B2759C-394A-4226-B523-9E826CC2890A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6FDE930-2281-4CA3-81F1-71317199C1B7}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8B2759C-394A-4226-B523-9E826CC2890A}: NameServer = 194.158.122.10,194.158.122.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6FDE930-2281-4CA3-81F1-71317199C1B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8B2759C-394A-4226-B523-9E826CC2890A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Simraceway Update Service (Simraceway Update Service) . (...) - C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
~ Services: 14 Legitimates Filtered in 00mn 05s



---\\ Enum�re les donn�es de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{448984C9-B91B-406A-A2AE-F7A743903D62}] (...) -- E:\TL-WN353G\Setup\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{57C4E2D3-AB0D-4AED-84EC-D5288F10B0C8}] (...) -- C:\Program Files (x86)\CCleaner\CCleaner.exe (.not file.) [0] =>Piriform Ltd
[MD5.00000000000000000000000000000000] [APT] [{E78B74F6-E405-4465-AC34-1E1B5C9BDE75}] (...) -- C:\Program Files (x86)\Java\jre6\bin\javacpl.exe (.not file.) [0]
~ Scheduled Task: 41 Legitimates Filtered in 00mn 01s



---\\ Logiciels install�s (O42)
O42 - Logiciel: 4Story (4STORY) - (.ZEMI INTERACTIVE INC.) [HKLM][64Bits] -- 4Story
O42 - Logiciel: Algodoo Phun edition v5.28 - (.Algoryx.) [HKLM][64Bits] -- Phun_is1
O42 - Logiciel: CEDARLS 1.5 beta - (.Cedarville University.) [HKLM][64Bits] -- CEDAR Logic Simulator_is1
O42 - Logiciel: KRISTAL Audio Engine - (...) [HKLM][64Bits] -- KRISTAL Audio Engine
O42 - Logiciel: MITCalc-Technical Formulas 1.19 (Excel XP,2003,2007) - (.MITCalc.) [HKLM][64Bits] -- MITCalc01_is1
O42 - Logiciel: MediaFeed - (.MediaFeed.me.) [HKLM][64Bits] -- MediaFeed
O42 - Logiciel: NSpire Text Editor 2.2b - (.Blue_Key [swisstonic@gmail.com].) [HKLM][64Bits] -- {4395E06B-6A2C-4370-BE8A-DFABA4BDF72C}_is1
O42 - Logiciel: Simraceway 28.70 - (.Simraceway.) [HKLM][64Bits] -- Simraceway
O42 - Logiciel: Wolfram CDF Player (M-WIN-D 9.0.1 4092685) - (.Wolfram Research, Inc..) [HKLM][64Bits] -- M-WIN-D 9.0.1 4092685_is1
~ Logic: 141 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APDFR]
[HKCU\Software\FDM]
[HKCU\Software\LyX]
[HKCU\Software\MITCalc]
[HKCU\Software\MediaFeed.me]
[HKCU\Software\Omnius]
[HKLM\Software\Wow6432Node\BR529.Br530Ctrl.2]
[HKLM\Software\Wow6432Node\BR529.Br530Ctrl.3]
[HKLM\Software\Wow6432Node\GSYSLoader]
[HKLM\Software\Wow6432Node\MITCalc]
~ Key Software: 332 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/04/2011 - 16:48:49 - [20,468] ----D C:\Program Files (x86)\Algodoo Phun Edition
O43 - CFD: 26/05/2013 - 15:21:41 - [2,243] ----D C:\Program Files (x86)\AvaFind
O43 - CFD: 26/05/2012 - 18:32:38 - [10,148] ----D C:\Program Files (x86)\CEDAR Logic
O43 - CFD: 25/02/2011 - 14:39:46 - [4,202] ----D C:\Program Files (x86)\ExtraTools
O43 - CFD: 05/10/2011 - 14:34:25 - [15,766] ----D C:\Program Files (x86)\MediaFeed
O43 - CFD: 25/01/2013 - 10:04:57 - [4,942] ----D C:\Program Files (x86)\MITCalc
O43 - CFD: 10/11/2011 - 09:09:18 - [1,626] ----D C:\Program Files (x86)\NSpireTextEditor
O43 - CFD: 07/10/2013 - 20:53:51 - [5,292] ----D C:\Program Files (x86)\Privacyware
O43 - CFD: 22/12/2011 - 18:43:28 - [0,127] ----D C:\Program Files (x86)\Resource Kit
O43 - CFD: 07/07/2012 - 15:29:09 - [1666,678] ----D C:\Program Files (x86)\Simraceway
O43 - CFD: 07/07/2012 - 15:26:24 - [1,253] ----D C:\Program Files (x86)\SimracewayUpdater
O43 - CFD: 20/10/2010 - 14:16:47 - [0,001] ----D C:\Program Files (x86)\Throttle
O43 - CFD: 18/01/2013 - 11:36:10 - [0,004] ----D C:\ProgramData\Plugin
O43 - CFD: 07/10/2013 - 20:53:51 - [0,322] ----D C:\ProgramData\Privacyware
O43 - CFD: 17/06/2013 - 07:56:12 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 18/10/2013 - 18:44:05 - [32,684] ----D C:\Users\User\AppData\Roaming\AvaFind Data
O43 - CFD: 19/05/2013 - 14:43:08 - [5,429] ----D C:\Users\User\AppData\Roaming\Simraceway
O43 - CFD: 07/07/2012 - 20:27:29 - [0,002] ----D C:\Users\User\AppData\Local\Klaus_Moster
O43 - CFD: 21/07/2012 - 11:54:29 - [0,001] ----D C:\Users\User\AppData\Local\SkyRecon
O43 - CFD: 30/05/2011 - 20:43:40 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Story
O43 - CFD: 05/10/2011 - 14:34:24 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaFeed
O43 - CFD: 07/07/2012 - 15:26:16 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simraceway
~ Program Folder: 367 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.F47DE86112F4B79920D27E04F5A696EB] - 07/10/2013 - 19:53:54 ---A- . (...) -- C:\Windows\ODBC.INI [146]
O44 - LFC:[MD5.917FD1B9DB46A1402522772102ED7FBD] - 09/10/2013 - 02:46:56 ---A- . (.Pas de propri�taire - BootDefrag.exe.) -- C:\Windows\SysNative\RegBootDefrag.exe [24352]
O44 - LFC:[MD5.917FD1B9DB46A1402522772102ED7FBD] - 09/10/2013 - 02:46:56 ---A- . (.Pas de propri�taire - BootDefrag.exe.) -- C:\Windows\System32\RegBootDefrag.exe [24352]
O44 - LFC:[MD5.88866E602B7EDC621D72081CB487419A] - 20/10/2013 - 07:00:02 ---A- . (...) -- C:\service.log [55]
~ Files: 124 Legitimates Filtered in 00mn 02s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5cb25f08-5d7c-11e0-9edc-1c6f6541132b}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enum�ration des cl�s de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\4StoryPrePatch [Key] . (.Zemi Interactive Inc. - Pas de description.) -- C:\Program Files (x86)\Zemi Interactive\4Story_US\PrePatch.exe
~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "AllowLegacyWebView"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "AllowUnhashedWebView"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.19590C095F7735F3FF56D53B0DC1AFD4] - 04/03/2011 - 15:36:50 ---A- . (...) -- C:\Windows\System32\Drivers\clearshield64.sys [272560]
O58 - SDL:[MD5.9CC1029D3B2238C58439D5C129EC1D12] - 24/12/2010 - 14:57:54 R--A- . (...) -- C:\Windows\System32\WinIo64.sys [14416]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 20/10/2013 - C:\Windows\gdrv.sys (gdrv) .(.Windows (R) Server 2003 DDK provider - GIGABYTE Tools.) - LEGACY_GDRV
~ Legacy: 97 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [User - ov54bgo9.default-1352383211707] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {78A832FC-4B01-4C25-A19B-C04289081BF5} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.6B232BF6180BBDAFE25FA0D03AEAFD16] [SPRF][24/12/2012] (...) -- C:\ProgramData\NTUser.dat [262144]
[MD5.29AD3CEEC70CC0D38840BC6A25ECA0B1] [SPRF][16/10/2013] (...) -- C:\Users\User\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.B02B88A80A7F384423CF8F1601086931] [SPRF][20/10/2013] (...) -- C:\Users\User\AppData\Local\Temp\~gu3-ver.dat [107]
[MD5.08512BFFB233FFA2D77379B74C4EBB54] [SPRF][20/10/2013] (...) -- C:\Users\User\AppData\Local\Temp\~upgrade.dat [936]
[MD5.EA8EA8365D355A77E6AD58EF4BC96248] [SPRF][25/09/2013] (...) -- C:\Users\User\AppData\Roaming\1D959CA221C7573.sys [24]
[MD5.C61C8F7975B7F7902D09F9516B25D7F9] [SPRF][30/08/2013] (.Robert Simpson, et al. - System.Data.SQLite Interop Assembly.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll [773632]
[MD5.B2D9858E496768974C8B5C8CFBACA656] [SPRF][29/08/2013] (...) -- C:\Users\User\AppData\Roaming\System3192SettingsDB.dat [24]
[MD5.EA8EA8365D355A77E6AD58EF4BC96248] [SPRF][25/09/2013] (...) -- C:\Users\User\AppData\Roaming\System5908ConfigCollection.dat [24]
[MD5.CCF0F6C0E9D75341E2D69A8DA4D028F3] [SPRF][23/03/2013] (...) -- C:\Users\User\AppData\Roaming\Windows1569_SettingsRepository.bin [22]
[MD5.EB5D11A1A5C8DDC012AD3926DBB33D1B] [SPRF][20/10/2013] (...) -- C:\Users\User\Desktop\adwcleaner.exe [1056666]
[MD5.658404715CC8496E2E9D68C4C6DD7591] [SPRF][18/01/2013] (.Pas de propri�taire - Nettoyage des fichiers temporaires.) -- C:\Users\User\Desktop\SFTG.exe [984167]
~ Files: 12 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{42F872A1-5EEC-40BB-9551-973A663D5BF9}C:\lfs\lfs.exe" | In - Private - P6 - TRUE | .(...) -- C:\lfs\lfs.exe
O87 - FAEL: "UDP Query User{897FE70E-6665-48A2-802F-B2E4AF59B5A6}C:\lfs\lfs.exe" | In - Private - P17 - TRUE | .(...) -- C:\lfs\lfs.exe
~ Firewall: 251 Legitimates Filtered in 00mn 00s



---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "08F11A9FAD940E115B770062E9D87C18" . (.H-Series_ASIO64.) -- C:\Windows\Installer\{F9A11F80-49DA-11E0-B577-00269E8DC781}\ARPPRODUCTICON.exe
O90 - PUC: "2C08A4A81B78BF44CB42198639E01B05" . (.RAIDXpert.) -- C:\Windows\Installer\{8A4A80C2-87B1-44FB-BC24-9168930EB150}\ARPPRODUCTICON.exe
O90 - PUC: "2F4085549A07DB64EB8B590700CE024D" . (..) -- C:\Windows\Installer\{455804F2-70A9-46BD-BEB8-957000EC20D4}\eModelViewer1.exe
O90 - PUC: "6CE41A99FAF2290428B40091C28A7868" . (..) -- C:\Windows\Installer\{99A14EC6-2FAF-4092-824B-00192CA88786}\ARPPRODUCTICON.exe
O90 - PUC: "B77536FE5FC05684B916823B52D0A671" . (.OSAM: Online Solutions Autorun Manager v5.0.) -- C:\Windows\Installer\{EF63577B-0CF5-4865-9B61-28B3250D6A17}\setup.ico
~ Update Products: 127 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.24210C3604ABB3721A678CA91EF3F10C] [WIS][01/11/2010] (.RigsOfRods - Visual C++ Runtime.) -- C:\Windows\Installer\1a2a464.msi [1695744]
[MD5.85ECC36672E4321928D603AA2672291A] [WIS][07/10/2005] (.Activision - Call of Duty(R) 2.) -- C:\Windows\Installer\1f9fd23.msi [8458196]
[MD5.AF389F67FAE782420A3D78E6F3DC4BB4] [WIS][21/11/2012] (.Online Solutions - OSAM: Online Solutions Autorun Manager v5.0.) -- C:\Windows\Installer\5ea20d.msi [9858048]
~ WIS: 134 Legitimates Filtered in 00mn 13s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 14/08/2012 43624 | (ADExchange) . (.ArcSoft, Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/08/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2013 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 06/09/2012 61440 | (AMD_RAIDXpert) . (.AMD.) - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 12/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 24/08/2009 68136 | (ES lite Service) . (...) - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.exe
SS - | Demand 05/05/2012 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 04/05/2012 1431888 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Disabled 25/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 27/09/2011 359192 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SR - | Auto 08/09/2013 2654544 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe
SR - | Auto 07/12/2009 40960 | (Realtek8185) . (.Realtek.) - C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe
SS - | Demand 02/10/2008 71832 | (SandraAgentSrv) . (.SiSoftware.) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe
SR - | Auto 02/07/2012 966656 | (Simraceway Update Service) . (...) - C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
SS - | Disabled 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SR - | Demand 25/11/2012 821720 | (SystemExplorerHelpService) . (.Mister Group.) - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by User at 20/10/2013 11:06:25
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by User at 20/10/2013 11:06:27

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12958 - (20/10/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

~ Additionnel Scan: 415226 Items scanned in 00mn 17s



~ 1699 Legitimates filtered by white list
End of the scan (506 lines in 02mn 29s)(0)

Publicité


Signaler le contenu de ce document

Publicité