cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par Book (02/02/2014 20:33:05)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16484
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
System - Enable Open file C:\Users\Book\AppData\Roaming\ZHP\Licence.txt =>.Nicolas Coolman

---\\ Logiciels de protection du système
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.7

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 10
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1973 MB (28% free)
System Restore: Activé (Enable)
System drive C: has 152 GB (70%) free of 215 GB

---\\ Mode de connexion au système
~ Computer Name: BOOK
~ User Name: Book
~ All Users Names: HomeGroupUser$, fbwuser, Book, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Book\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Book\AppData\Roaming\
~ %Desktop% : C:\Users\Book\Desktop\
~ %Favorites% : C:\Users\Book\Favorites\
~ %LocalAppData% : C:\Users\Book\AppData\Local\
~ %StartMenu% : C:\Users\Book\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 152 Go of 215 Go)
D: Hard drive, Flash drive, Thumb drive (Free 192 Go of 251 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.BDE820861D8107C67E182DF66A27074F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/12/2012 - 01:29:16.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.877D60D6E4156EC4A2E0B6871D41BED9] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/11/2012 - 04:52:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [366080]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.11D7A4A4A1DA60F394F53B413DCDF0DE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/01/2013 - 02:29:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1934056]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/33
~ Mes musiques (My Musics) : 1/364
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 3/4068
~ Mon Bureau (My Desktop) : 2/5166
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 50s



---\\ Processus lancés
[MD5.AA2853F85CFDE861D8A9163E92E22DFD] - (.Skillbrains - Lightshot.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe [313120] [PID.3692]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3732]
[MD5.615E58F9963734185756AEE4959BA964] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480] [PID.3832]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3408]
[MD5.3308769DA6E47DB3211489475C3252BF] - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\WINDOWS\SysWOW64\cscript.exe [115712] [PID.4424]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\WINDOWS\syswow64\wwahost.exe [333824] [PID.1876]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Book\AppData\Roaming\Mozilla\Firefox\Profiles\r91gvq7i.default\prefs.js
M2 - MFEP: prefs.js [Book - r91gvq7i.default\battlefieldplay4free@ea.com] [] Battlefield Play4Free v1.0.96.0 (..)
~ Firefox Browser: 9 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 04s
~ Nombre de lignes (Lines number): 16115



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Actionaz.lnk . (...) -- C:\Program Files\Actionaz\actionaz.exe
O4 - GS\Desktop [Public]: Acunetix Web Vulnerability Scanner 9.lnk . (.Acunetix - Web Vulnerability Scanner.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9\wvs.exe
O4 - GS\Desktop [Public]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\Desktop [Public]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - GS\Desktop [Public]: Pipix.lnk . (...) -- C:\Program Files (x86)\Pipix\Pipix-3.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mullvad.lnk . (...) -- C:\Program Files (x86)\Mullvad\mullvad.exe (.not file.)
O4 - GS\QuickLaunch [Book]: Auto Clicker.lnk . (...) -- C:\Program Files (x86)\Auto Clicker\AutoClicker.exe (.not file.)
O4 - GS\QuickLaunch [Book]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\QuickLaunch [Book]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Book]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Book]: Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\QuickLaunch [Book]: Yahoo! Messenger.lnk . (...) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (.not file.)
O4 - GS\TaskBar [Book]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Book]: Hardfight.lnk . (...) -- C:\Users\Book\Downloads\Hardfight.exe
O4 - GS\TaskBar [Book]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Book]: Minecraft (2).lnk . (...) -- C:\Users\Book\Desktop\Launchers\Minecraft.exe
O4 - GS\TaskBar [Book]: Minecraft(1).lnk . (...) -- C:\Users\Book\Desktop\Inutiles\Enorme\Minecraft.exe
O4 - GS\TaskBar [Book]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Book]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - GS\TaskBar [Book]: Sénacraft (3).lnk . (...) -- C:\Users\Book\Desktop\Launchers\Sénacraft (3).exe
O4 - GS\TaskBar [Book]: Sénacraft (4).lnk . (...) -- C:\Users\Book\Downloads\Sénacraft (4).exe
O4 - GS\TaskBar [Book]: Wardfight.lnk . (...) -- C:\Users\Book\Desktop\Wardfight.exe
O4 - GS\TaskBar [Book]: WarFury.lnk . (...) -- C:\Users\Book\Downloads\WarFury.exe
O4 - GS\Program [Book]: Aut2Exe.lnk - Clé orpheline
O4 - GS\Program [Book]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Book]: join.me.lnk . (.LogMeIn, Inc. - join.me.) -- C:\Users\Book\AppData\Local\join.me\join.me.exe
O4 - GS\Program [Book]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - GS\SendTo [Book]: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)
O4 - GS\Desktop [Book]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Book]: join.me.lnk . (.LogMeIn, Inc. - join.me.) -- C:\Users\Book\AppData\Local\join.me\join.me.exe
O4 - GS\Desktop [Book]: Nmap - Zenmap GUI.lnk . (...) -- C:\Program Files (x86)\Nmap\zenmap.exe
~ Global Startup: 63 Legitimates Filtered in 00mn 06s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Book]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Book\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Book]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Book\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [CraftMeBook] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Book\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Microsoft(R) Delayed Launcher] Clé orpheline
O4 - HKCU\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKCU\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [LightShot] . (.Pas de propriétaire - Starter Module.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\LightShot.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\policies\Explorer\Run: [Microsoft(R) Delayed Launcher] Clé orpheline
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Book\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [CraftMeBook] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Book\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Microsoft(R) Delayed Launcher] Clé orpheline
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [LightShot] . (.Pas de propriétaire - Starter Module.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\LightShot.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{434A680E-C66E-4DCF-91FE-DC290F1091DF}: NameServer = 195.60.76.114 195.60.76.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E65384B-BFEF-4826-BF47-CF98D7A88617}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{434A680E-C66E-4DCF-91FE-DC290F1091DF}: NameServer = 195.60.76.114 195.60.76.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E65384B-BFEF-4826-BF47-CF98D7A88617}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Metasploit Pro Service (metasploitProSvc) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe
O23 - Service: Metasploit Thin Service (metasploitThin) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe
O23 - Service: Metasploit Worker (metasploitWorker) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
~ Services: 9 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-S-1-5-21-1957931178-653952670-3862380426-1001.job [396]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-sys.job [396]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd" [198]
[MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (...) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.) [0]
[MD5.71D63875DB82FB0BF3FAA16206761681] [APT] [update-sys] (...) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [112416]
[MD5.984E28E70D1000272A2AB61E34D12D6E] [APT] [{7E0362EF-A72F-47B0-965E-AB5E94B59B05}] (...) -- C:\Users\Book\Desktop\Havij v1.16 Pro Portable.exe [5292723]
[MD5.00000000000000000000000000000000] [APT] [{A10340D9-9D2C-4B70-980B-DEFAA596EB0B}] (...) -- C:\Program Files (x86)\Tiny Firewall\SysReport.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 14s



---\\ Logiciels installés (O42)
O42 - Logiciel: DarkComet Remover version 2.0 - (.Phrozen ® Software 2013..) [HKLM][64Bits] -- DarkComet Remover_is1
O42 - Logiciel: Eazfuscator.NET - (.Gapotchenko.) [HKLM][64Bits] -- {FED0C86A-17AA-4157-ABA3-2AD47C815CE8}
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Crypted]
[HKCU\Software\Cyber]
[HKCU\Software\D-Guard]
[HKCU\Software\Eazfuscator.NET]
[HKCU\Software\HEViewer]
[HKCU\Software\NetUtils]
[HKCU\Software\Pando Networks]
[HKCU\Software\frobyd]
[HKCU\Software\user32.dll]
[HKLM\Software\Wow6432Node\Eazfuscator.NET]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 280 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/01/2014 - 20:46:51 - [7,182] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 07/02/2013 - 18:59:06 - [0,004] ----D C:\ProgramData\610D
O43 - CFD: 05/10/2013 - 14:59:48 - [0,002] ----D C:\ProgramData\DYA_EGRQTWOKQVCBJBDAV
O43 - CFD: 13/12/2013 - 21:34:32 - [0,168] ----D C:\ProgramData\Nimoru
O43 - CFD: 18/12/2013 - 21:57:22 - [0] -SH-D C:\ProgramData\{$1284-9213-2940-1289$}
O43 - CFD: 30/12/2013 - 02:24:25 - [191,524] ----D C:\Users\Book\AppData\Roaming\.allfight
O43 - CFD: 22/06/2013 - 22:37:28 - [13,942] ----D C:\Users\Book\AppData\Roaming\.DayOfPvp
O43 - CFD: 19/01/2014 - 15:40:52 - [156,218] ----D C:\Users\Book\AppData\Roaming\.hardfight
O43 - CFD: 26/08/2013 - 15:25:53 - [107,833] ----D C:\Users\Book\AppData\Roaming\.playforcraft
O43 - CFD: 27/12/2013 - 14:34:46 - [59,777] ----D C:\Users\Book\AppData\Roaming\.scclient
O43 - CFD: 28/01/2014 - 22:16:40 - [76,287] ----D C:\Users\Book\AppData\Roaming\.senacraft
O43 - CFD: 01/02/2014 - 20:21:27 - [263,648] ----D C:\Users\Book\AppData\Roaming\.wardfight
O43 - CFD: 19/01/2014 - 02:07:10 - [43,614] ----D C:\Users\Book\AppData\Roaming\.WarFury
O43 - CFD: 18/09/2013 - 17:17:55 - [29,488] ----D C:\Users\Book\AppData\Roaming\.WF
O43 - CFD: 20/04/2013 - 17:01:29 - [0,032] --H-D C:\Users\Book\AppData\Roaming\422816A9
O43 - CFD: 10/03/2013 - 19:12:14 - [0] ----D C:\Users\Book\AppData\Roaming\ARA
O43 - CFD: 27/01/2014 - 23:37:00 - [0,011] ----D C:\Users\Book\AppData\Roaming\FTPCracker
O43 - CFD: 12/07/2013 - 18:38:08 - [0] ----D C:\Users\Book\AppData\Roaming\Target Folder
O43 - CFD: 07/02/2013 - 19:04:33 - [0] ----D C:\Users\Book\AppData\Roaming\TFP
O43 - CFD: 27/01/2014 - 23:30:15 - [0] ----D C:\Users\Book\AppData\Roaming\WebhostChecker
O43 - CFD: 29/08/2013 - 21:13:53 - [0,001] ----D C:\Users\Book\AppData\Local\Gapotchenko
O43 - CFD: 13/07/2013 - 23:23:29 - [0,003] ----D C:\Users\Book\AppData\Local\Oleksiy_Gapotchenko
O43 - CFD: 05/07/2013 - 09:18:21 - [0,001] ----D C:\Users\Book\AppData\Local\PolarByte.net
~ Program Folder: 217 Legitimates Filtered in 01mn 42s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7AD125D220791122A190A95C90C4EF8A] - 25/01/2014 - 22:25:13 ---A- . (...) -- C:\Windows\WVS_InstDBLogFile.csv [96]
O44 - LFC:[MD5.707577FE6926B9DACA5F9B563D8114E4] - 27/01/2014 - 19:10:25 ---A- . (...) -- C:\Windows\Sandboxie.ini [1462]
~ Files: 10 Legitimates Filtered in 00mn 10s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.D168AE57558A6174FB35E0F82B32F62B] - 12/01/2013 - 18:06:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswnet.sys.sum [175]
O58 - SDL:[MD5.571153E09F5A190F534DB1C5CE72A45B] - 07/03/2013 - 15:14:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswvmm.sys.sum [175]
O58 - SDL:[MD5.361BC37EA7865AFA7899471E41DFA8B6] - 12/04/2013 - 19:53:02 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [46280]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 15/12/2011 - 19:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:[MD5.BD08C9D4FDA1ED615DD521B3510B550E] - 10/01/2013 - 20:43:36 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B910B1D8920332DF72A690ACACE88BB9] [SPRF][15/09/2013] (...) -- C:\ProgramData\Setting.dat [278]
[MD5.91921A85B411BE4DC133B57518A0BC32] [SPRF][26/10/2013] (...) -- C:\Users\Book\AppData\Roaming\Booklog.dat [143650]
[MD5.494FCD1061795018107893DF77385E1A] [SPRF][02/08/2013] (...) -- C:\Users\Book\Desktop\Ascentia.exe [833424]
[MD5.A3F64DCF50255ED2D684DD8ECB1FFDED] [SPRF][02/01/2014] (.Isidar eBooks - CP Wizardry.) -- C:\Users\Book\Desktop\CPWizardry.exe [34952292]
[MD5.51ACE1640CCC63653C0B02D8EBC69863] [SPRF][30/01/2014] (...) -- C:\Users\Book\Desktop\HaskCraft.exe [1573034]
[MD5.984E28E70D1000272A2AB61E34D12D6E] [SPRF][22/09/2012] (...) -- C:\Users\Book\Desktop\Havij v1.16 Pro Portable.exe [5292723]
[MD5.446F134A7CCD3C74CF5CA97193D60942] [SPRF][27/12/2013] (...) -- C:\Users\Book\Desktop\Icon Changer.exe [714666]
[MD5.5E6B471E46B32F49F651157D68C371E5] [SPRF][01/01/2014] (...) -- C:\Users\Book\Desktop\ICryptex Binder.exe [1394848]
[MD5.0926ED1E5F0B5E4E99BDD47AACCD6970] [SPRF][26/01/2014] (...) -- C:\Users\Book\Desktop\minecraft_server.1.6.4.exe [6542715]
[MD5.97E729FD12D2B20E95719C3E32B21419] [SPRF][06/08/2012] (.Yui Hirasawa - Omegle Spreader.) -- C:\Users\Book\Desktop\Omegle Spreader.exe [1021440]
[MD5.2A7CF13ACB76BD371FC77250462DEB7D] [SPRF][25/12/2013] (.Gary's Hood - Pas de description.) -- C:\Users\Book\Desktop\rsclient.exe [61440]
[MD5.6BCDD719DD53DA2F0E9F9D292C46D0E3] [SPRF][24/11/2013] (...) -- C:\Users\Book\Desktop\Shell Finder.exe [738304]
[MD5.EBB746C9F3804C2ADB1E27B64147E35B] [SPRF][03/01/2014] (...) -- C:\Users\Book\Desktop\Wardfight.exe [411693]
[MD5.BF8015E314305305D514E7C4D6529995] [SPRF][18/01/2014] (...) -- C:\Users\Book\Desktop\WarFury.exe [3756988]
~ Files: 19 Legitimates Filtered in 00mn 09s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{6E9AA82C-D760-477B-9EFD-2AA16C5DEAB7}" | In - Public - P6 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
O87 - FAEL: "{6ED6C293-2BEF-4958-B7D2-BB49F213F7BD}" | In - Public - P17 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
O87 - FAEL: "{0747BDBF-467C-41DE-AB3D-9CAA7372C643}" | In - Domain - P6 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
O87 - FAEL: "{B864E2E9-E377-434C-B49E-F7793D33A33C}" | In - Domain - P17 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
~ Firewall: 269 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 28/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SS - | Demand 19/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 26/04/2011 14848 | (OpenVPNService) . (...) - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
SS - | Demand 10/07/1658 0 | (rpcapd) . (...) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 28/09/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 07/12/2013 79872 | (metasploitPostgreSQL) . (.PostgreSQL Global Development Group.) - C:\metasploit\postgresql\bin\pg_ctl.exe
SR - | Auto 24/11/2013 70239 | (metasploitProSvc) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe
SR - | Auto 24/11/2013 70239 | (metasploitThin) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe
SR - | Auto 24/11/2013 70239 | (metasploitWorker) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe
SR - | Auto 16/10/2013 186056 | (SbieSvc) . (.Sandboxie Holdings, LLC.) - C:\Program Files\Sandboxie\SbieSvc.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 11s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 262132 Items scanned in 00mn 27s



~ 1045 Legitimates filtered by white list
End of the scan (452 lines in 04mn 29s)(0)

Publicité


Signaler le contenu de ce document

Publicité