cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.24.22 - Nicolas Coolman (24/01/2014)
~ Lancé par Jean-Claude (28/01/2014 18:56:55)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.76

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1 Pro, 32-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v2.2.25
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.09 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin

---\\ Informations sur le système
~ Processor: x86 Family 16 Model 4 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Sans échec (Fail-safe boot)
Total RAM: 3327 MB (86% free)
System Restore: Désactivé (Disabled)
System drive C: has 14 GB (44%) free of 32 GB

---\\ Mode de connexion au système
~ Computer Name: JCH
~ User Name: Jean-Claude
~ All Users Names: UpdatusUser, Jean-Claude, JCH, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jean-Claude\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jean-Claude\AppData\Roaming\
~ %Desktop% : C:\Users\Jean-Claude\Desktop\
~ %Favorites% : C:\Users\Jean-Claude\Favorites\
~ %LocalAppData% : C:\Users\Jean-Claude\AppData\Local\
~ %StartMenu% : C:\Users\Jean-Claude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 14 Go of 32 Go)
D: Hard drive, Flash drive, Thumb drive (Free 26 Go of 56 Go)
E: Hard drive, Flash drive, Thumb drive (Free 380 Go of 932 Go)
F: Hard drive, Flash drive, Thumb drive (Free 270 Go of 330 Go)
G: Hard drive, Flash drive, Thumb drive (Free 4 Go of 7 Go)
H: Hard drive, Flash drive, Thumb drive (Free 14 Go of 20 Go)
I: Hard drive, Flash drive, Thumb drive (Free 38 Go of 98 Go)
J: Hard drive, Flash drive, Thumb drive (Free 280 Go of 635 Go)
K: Hard drive, Flash drive, Thumb drive (Free 30 Go of 39 Go)
L: Hard drive, Flash drive, Thumb drive (Free 58 Go of 134 Go)
M: Hard drive, Flash drive, Thumb drive (Free 348 Go of 569 Go)
N: Floppy drive, Flash card reader, USB Key (Not Inserted)
O: Floppy drive, Flash card reader, USB Key (Not Inserted)
P: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Floppy drive, Flash card reader, USB Key (Not Inserted)
R: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.1A0BC9598E4A58FC84570FFF5A108E58] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 06:40:52.) -- C:\Windows\Explorer.exe [2065448]
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 03:49:55.) -- C:\Windows\System32\Wininit.exe [112640]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/12/2013 - 21:19:35.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.94385F95EF948FB274A70DE3EDE5696D] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 03:48:19.) -- C:\Windows\System32\Winlogon.exe [458752]
[MD5.570A1D37FEECE56BBF7A70A02C817B4E] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 04:20:10.) -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 07:13:54.) -- C:\Windows\system32\Drivers\AFD.sys [455168]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 06:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 05:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 02:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928]
[MD5.D4ADBFC2409EF883164F3AA49B22F366] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 05:09:45.) -- C:\Windows\system32\Drivers\DfsC.sys [101376]
[MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 05:10:12.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632]
[MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 05:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944]
[MD5.2F6A88E76A949AC0A843FE517B8DFA7C] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 06:37:09.) -- C:\Windows\system32\Drivers\IpNat.sys [126464]
[MD5.7CDAA49DFF6837706DE7AA1A43310DD2] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 06:37:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [334848]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 05:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624]
[MD5.813F49CF41F561C52F3CF69A1B09E967] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 07:13:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1676128]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 05:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 05:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 06:26:19.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 07:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040]
[MD5.5F9A69B5C5C34197037A7EA36F4A7BE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 06:24:56.) -- C:\Windows\system32\Drivers\volsnap.sys [265568]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/32
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/11
~ Mon Bureau (My Desktop) : 0/46
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.EC1D9A382C2B14E694102C63BFD47302] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [139776] [PID.1664]
[MD5.EE7C82B0D69F038245CECBCE9EC45A9A] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\DllHost.exe [17760] [PID.2004]
[MD5.8B60C338C7919351E53375447FC68507] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.1608]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Jean-Claude\AppData\Roaming\Mozilla\Firefox\Profiles\n9cghdec.default\prefs.js
M2 - MFEP: prefs.js [Jean-Claude - n9cghdec.default\ALone-live@ya.ru] [] Roomy Bookmarks Toolbar v1.4.4 (..)
M2 - MFEP: prefs.js [Jean-Claude - n9cghdec.default\artur.dubovoy@gmail.com] [] Flash Video Downloader v1.4.4 (..)
M2 - MFEP: prefs.js [Jean-Claude - n9cghdec.default\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}] [] Forecastfox v2.2.2 (..)
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &RoboForm Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: ClipTray 1.61.lnk . (...) -- C:\Program Files\ClipTray\ClipTray.exe
O4 - GS\Program [Public]: ClipTray Help.lnk . (...) -- C:\Program Files\ClipTray\ClipTray.chm
O4 - GS\Program [Public]: ClipTray on the Web.lnk . (...) -- C:\Program Files\ClipTray\ClipTray.url
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: NexusFont 1.2.lnk . (...) -- C:\Program Files\NexusFont\nexusfont.exe
O4 - GS\Program [Public]: Uninstall.lnk . (...) -- C:\Program Files\ClipTray\Uninstall.exe
O4 - GS\QuickLaunch [Jean-Claude]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Jean-Claude]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Jean-Claude]: Explorateur Windows.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Jean-Claude]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Jean-Claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Jean-Claude]: Arrêter.lnk . (.Microsoft Corporation - SlideToShutDown.) -- C:\Windows\System32\SlideToShutDown.exe
O4 - GS\Desktop [Jean-Claude]: Astuces.lnk . (...) -- D:\Astuces
O4 - GS\Desktop [Jean-Claude]: Download.lnk . (...) -- H:\Download
O4 - GS\Desktop [Jean-Claude]: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Jean-Claude]: Redémarrer.lnk . (.Microsoft Corporation - Outil d’arrêt et d’annotation Windows.) -- C:\Windows\System32\shutdown.exe
O4 - GS\Desktop [Jean-Claude]: RocketDock.lnk . (...) -- C:\Program Files\RocketDock\RocketDock.exe
O4 - GS\Desktop [Jean-Claude]: Téléchargement.lnk . (...) -- C:\Users\Jean-Claude\Downloads
O4 - GS\QuickLaunch [JCH]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [JCH]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 59 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: FileBox eXtender.lnk . (.Hyperionics Technology LLC - FileBox eXtender.) -- C:\Program Files\FileBX\FileBX.exe
O4 - GS\Startup [Jean-Claude]: ClipTray.Lnk . (...) -- C:\Program Files\ClipTray\ClipTray.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [EaseUs Watch] . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
O4 - HKLM\..\Run: [EaseUs Tray] . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] . (.Adobe Systems Incorporated - Adobe Photo Downloader 3.0 component.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
O4 - HKLM\..\Run: [USBToolTip] . (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] . (...) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Service Scheduler2 Acronis] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CEC3796C3B747956E30942697559E42F] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Users\Jean-Claude\AppData\Roaming\Google\Google Talk\googletalk.exe
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\Run: [GoogleChromeAutoLaunch_CEC3796C3B747956E30942697559E42F] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Users\Jean-Claude\AppData\Roaming\Google\Google Talk\googletalk.exe
O4 - HKUS\S-1-5-21-935250256-1027553919-1527802221-1001\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Remplir les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Enregistrer les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DFCBD27-6272-42BA-9962-0FCA9D7CAD8E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DFCBD27-6272-42BA-9962-0FCA9D7CAD8E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: FileParade bundle uninstaller - (.FileParade.) [HKLM] -- FileParade bundle uninstaller
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\DVDAuthor1]
[HKCU\Software\DVDAuthor2]
[HKCU\Software\Roscoteck]
~ Key Software: 211 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/12/2013 - 23:32:11 - [0,580] ----D C:\Program Files\ClipTray
O43 - CFD: 15/01/2014 - 17:10:33 - [23,673] ----D C:\Program Files\DVDlab
O43 - CFD: 19/12/2013 - 19:13:15 - [0,943] ----D C:\Program Files\FileBX
O43 - CFD: 24/01/2014 - 23:18:18 - [0,160] ----D C:\ProgramData\ClassicShell
O43 - CFD: 19/12/2013 - 19:13:01 - [4,630] --H-D C:\ProgramData\{D2C1DCAC-1F75-4A11-A6CF-D1554255F34E}
O43 - CFD: 18/12/2013 - 23:14:59 - [27,641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 28/01/2014 - 18:52:44 - [0,669] ----D C:\Users\Jean-Claude\AppData\Roaming\ClassicShell
~ Program Folder: 166 Legitimates Filtered in 00mn 23s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.71B71D254A02BD6BD3B792B57273227F] - 19/01/2014 - 17:33:49 ---A- . (...) -- C:\Windows\ODBCINST.INI [209]
O44 - LFC:[MD5.B937E0CE27736ABF404A4A8330938336] - 23/01/2014 - 19:06:40 -SHA- . (...) -- C:\EUMONBMP.SYS [264192]
O44 - LFC:[MD5.F56259CED6B2CECEF91CDC1B984CAD34] - 23/01/2014 - 19:11:04 -SHA- . (...) -- C:\{242824B0-FF90-40CC-80D1-9B82FB4C9D3F}.CBM [4096]
O44 - LFC:[MD5.BB41482B2A57D2E722F96ABD068BEEF8] - 28/01/2014 - 18:56:55 ---A- . (...) -- C:\Windows\ntbtlog.txt [1014524]
~ Files: 31 Legitimates Filtered in 00mn 04s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.596DB7E4D0DB6AC32DF142C861001979] - 13/08/2013 - 00:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088]
O58 - SDL:[MD5.828BD9826072BC10A20093BE4CD560F3] - 04/09/2013 - 11:23:38 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [51784]
O58 - SDL:[MD5.994A95AD44D20D32D8C81D7AA16D3DB4] - 04/09/2013 - 11:23:38 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [41544]
O58 - SDL:[MD5.52D87663A265D135CF8F0E76A427C2FD] - 04/09/2013 - 11:23:38 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [15944]
O58 - SDL:[MD5.D14960E39B570AAB8C58EC54A94D217D] - 04/09/2013 - 11:23:38 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [186952]
O58 - SDL:[MD5.B4489EA5810BF73778CD8BDC305109CE] - 22/08/2013 - 06:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 18/12/2013 - 18:16:50 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 18/12/2013 - 18:16:50 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 18/12/2013 - 18:16:50 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 18/12/2013 - 18:16:50 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 18/12/2013 - 18:16:50 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 18/12/2013 - 18:16:50 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.CB4EE86C87F4C03FAC7E14F30D57153E] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:[MD5.30A64B24DABF0483DDF6759D4F58A180] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:[MD5.112BFAEA0B8AD1AAB4484BBBE1DA9B40] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.BE6FE759FC5B154243914AA330BAADE6] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:[MD5.37BA9F0CB578362516C64344ECEC8ADC] - 18/12/2013 - 18:16:51 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 09/07/2011 846656 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
SS - | Auto 14/09/2006 102400 | (AdobeActiveFileMonitor5.0) . (...) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
SS - | Auto 11/10/2013 69192 | (EaseUS Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
SS - | Auto 04/09/2013 23624 | (Guard Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
SS - | Auto 18/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 07/12/2012 645992 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 17/12/2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SS - | Demand 22/08/2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Demand 22/08/2013 22240 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe

~ Services: Scanned in 00mn 12s



---\\ Scan Additionnel (O88)
Database Version : 13027 - (24/01/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 218529 Items scanned in 00mn 09s



~ 865 Legitimates filtered by white list
End of the scan (373 lines in 01mn 05s)(0)

Publicité


Signaler le contenu de ce document

Publicité