cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.17.18 - Nicolas Coolman (2014-01-17)
~ Lancé par SYSTEM (2013-02-17 19:02:18)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7100.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows (TM) Code Name "Longhorn" Preinstallation Environment, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: x86 Family 16 Model 5 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3326 MB (77% free)
System Restore: Inconnu (Unknown)
System drive X: has 0 GB (98%) free of 0 GB

---\\ Mode de connexion au système
~ Computer Name: MININT-PECS58
~ User Name: SYSTEM
~ All Users Names: Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : X:\
~ %AppZHP% : X:\Users\Default\AppData\Roaming\ZHP\
~ %AppData% : X:\Users\Default\AppData\Roaming\
~ %Desktop% : X:\Users\Default\Desktop\
~ %Favorites% : X:\Users\Default\Favorites\
~ %LocalAppData% : X:\Users\Default\AppData\Local\
~ %StartMenu% : X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : X:\Windows\
~ %System% : X:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 180 Go of 575 Go)
D: Hard drive, Flash drive, Thumb drive (Free 6 Go of 20 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
X: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
Y: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFind: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyDocs: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyMusic: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyPics: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
~ Security Center: 30 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.2010-11-20 - 22:29:20.) -- X:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-14 - 02:14:45.) -- X:\Windows\System32\Wininit.exe [96256]
[MD5.44214C94911C7CFB1D52CB64D5E8368D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2010-11-20 - 22:29:12.) -- X:\Windows\System32\wininet.dll [980992]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2010-11-20 - 13:17:54.) -- X:\Windows\System32\Winlogon.exe [286720]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2010-11-20 - 09:40:03.) -- X:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2010-11-20 - 15:41:26.) -- X:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-14 - 00:11:15.) -- X:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 15:41:26.) -- X:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 09:42:32.) -- X:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 15:41:26.) -- X:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2010-11-20 - 15:41:26.) -- X:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2010-11-20 - 09:42:42.) -- X:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 09:39:44.) -- X:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2010-11-20 - 13:30:06.) -- X:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.2010-11-20 - 15:41:26.) -- X:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-14 - 00:54:34.) -- X:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-14 - 00:53:41.) -- X:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 09:39:17.) -- X:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 15:41:26.) -- X:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/4
~ Mon Bureau (My Desktop) : 0/12
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.5823C7BC78F098313C05E4EB4034CF88] - (.Microsoft Corporation - Shell WinPE.) -- X:\windows\system32\winpeshl.exe [565760] [PID.788]
[MD5.068054A979A066C50EAE43167F27EE0C] - (.Home made :) - A shell swapper for WinPE.) -- X:\Program Files\PEShell\PEShell.exe [330752] [PID.1336]
[MD5.5FEAC30D4A25CA1B1F5A063A140746EE] - (.MyDigit.cn - A compact & convenient tool ^_^.) -- X:\Windows\System32\MyUSBEjector.exe [15872] [PID.1452]
[MD5.FA14554C5C6528BD765E66906FF699FD] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- X:\windows\system32\vssvc.exe [1025536] [PID.1768]
[MD5.2ABD166EC31BE154D8CBEEC5D7F5714C] - (.Opera Software - Opera Internet Browser.) -- Y:\Programs\Opera12\opera.exe [879456] [PID.1824]
[MD5.BA5AD7EFD58FA965534BFFFC534CF571] - (.Nicolas Coolman - ZHPDiag.) -- X:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.1432]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=X:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=X:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A75BB0-CA41-489A-9933-974FE33D013B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5A75BB0-CA41-489A-9933-974FE33D013B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- X:\Windows\System32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- X:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Swan River Computers - Hooks for ShutdownPE.) - X:\Windows\System32\SPEHook.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\PENetwork]
[HKLM\Software\PENetwork]
~ Key Software: 18 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-07-11 - 10:12:10 - [0,864] ----D X:\Program Files\PENetwork
O43 - CFD: 2013-07-11 - 09:49:03 - [0,316] ----D X:\Program Files\PEShell
O43 - CFD: 2013-07-11 - 10:15:24 - [2,587] ----D X:\Program Files\TestDisk
O43 - CFD: 2013-02-17 - 18:48:29 - [0,022] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer Management
O43 - CFD: 2013-02-17 - 18:48:29 - [0,001] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST
O43 - CFD: 2013-02-17 - 18:48:29 - [0,001] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTLPE
O43 - CFD: 2013-02-17 - 18:48:29 - [0,002] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Network
O43 - CFD: 2013-02-17 - 18:48:29 - [0,002] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Tasks
O43 - CFD: 2013-02-17 - 18:48:29 - [0,001] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Tools
O43 - CFD: 2013-02-17 - 18:48:29 - [0,001] ---AD X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Tasks
~ Program Folder: 32 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.13249BF0B8B8FE4F35564E842CB6885E] - 2013-02-17 - 18:48:26 ---A- . (...) -- X:\Windows\System32\winpeshl.log [1234]
O44 - LFC:[MD5.45CC0E740EE4F12758F5090C3544F764] - 2013-02-17 - 18:48:38 -SHA- . (...) -- X:\Windows\System32\SCHEMA.DAT.LOG1 [5120]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-02-17 - 18:48:38 -SHA- . (...) -- X:\Windows\System32\SCHEMA.DAT.LOG2 [0]
O44 - LFC:[MD5.C721A7E3848B92EAACEDAB0AD2E281E7] - 2013-02-17 - 18:48:40 ---A- . (...) -- X:\Windows\System32\wpeinit.log [5362]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableMIC"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIPI"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=1
~ MWPS: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSimpleStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecycleFiles"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoClose"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoSMHelp"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoFind"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "StartMenuLogOff"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableLockWorkstation"=0
~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 2010-11-20 - 15:41:26 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- X:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.FAD2EE2D0AB7E5D2F4085DE606CFC0F9] - 2012-03-01 - 21:58:16 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- X:\Windows\System32\Drivers\EtronHub3.sys [47744]
O58 - SDL:[MD5.7F0B99C837F39833617E5A183E48B50E] - 2012-03-01 - 21:58:16 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- X:\Windows\System32\Drivers\EtronXHCI.sys [69120]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 2010-11-20 - 15:41:26 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- X:\Windows\System32\Drivers\stexstor.sys [21072]
~ Drivers: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 1601-01-02 - X:\Windows\system32\vmbusres.dll (vmbus) .(...) - LEGACY_VMBUS
~ Legacy: 99 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : 13024 - (2014-01-17)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow ^
~ Additionnel Scan: 96211 Items scanned in 00mn 32s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
~ MSI: 1 link(s) detected in 00mn 32s



~ 280 Legitimates filtered by white list
End of the scan (265 lines in 00mn 42s)(0)

Publicité


Signaler le contenu de ce document

Publicité