cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Lancé par XXXX (04/03/2014 23:35:16)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 27.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 24W6P
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.3.0216.0

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3068 MB (68% free)
System Restore: Activé (Enable)
System drive D: has 837 GB (90%) free of 921 GB

---\\ Mode de connexion au système
~ Computer Name: XXX
~ User Name: XXXX
~ All Users Names: XXXX, UpdatusUser, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : D:\
~ %AppZHP% : D:\Users\Valérie\AppData\Roaming\ZHP\
~ %AppData% : D:\Users\Valérie\AppData\Roaming\
~ %Desktop% : D:\Users\Valérie\Desktop\
~ %Favorites% : D:\Users\Valérie\Favorites\
~ %LocalAppData% : D:\Users\Valérie\AppData\Local\
~ %StartMenu% : D:\Users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : D:\Windows\
~ %System% : D:\Windows\System32\

---\\ Enumération des unités disques
D: Hard drive, Flash drive, Thumb drive (Free 837 Go of 921 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Hard drive, Flash drive, Thumb drive (Free 10 Go of 10 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Explorateur Windows.) (.25/09/2013 - 12:07:14.) -- D:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Application de démarrage de Windows.) (.02/11/2006 - 10:45:57.) -- D:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/09/2013 - 12:44:03.) -- D:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.02/11/2006 - 10:45:57.) -- D:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 09:58:43.) -- D:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.25/09/2013 - 12:07:37.) -- D:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 09:30:50.) -- D:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 09:51:44.) -- D:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 09:31:04.) -- D:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.25/09/2013 - 12:00:55.) -- D:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Pilote de port i8042.) (.25/09/2013 - 16:41:12.) -- D:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 09:58:09.) -- D:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.25/09/2013 - 12:41:04.) -- D:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 09:57:20.) -- D:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.25/09/2013 - 12:14:52.) -- D:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- D:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.88587DD843E2059848995B407B67F6CF] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.02/11/2006 - 09:58:13.) -- D:\Windows\system32\Drivers\Rasl2tp.sys [75776]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- D:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 09:57:10.) -- D:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 09:57:35.) -- D:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.80DC0C9BCB579ED9815001A4D37CBFD5] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/09/2013 - 12:07:36.) -- D:\Windows\system32\Drivers\volsnap.sys [211000]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/11
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D004558CE39AA4F01F207627EECF4CFB] - (.TeamViewer GmbH - TeamViewer 9.) -- D:\Program Files\TeamViewer\Version9\TeamViewer.exe [12493152] [PID.3352]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- D:\Windows\system32\conime.exe [68608] [PID.2792]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- D:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.1508]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- D:\Windows\system32\nvvsvc.exe [639776] [PID.844]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.856]
[MD5.3EA6A1A744D79328AE7E2C6FAE4C4420] - (.Microsoft Corporation - Antimalware Service Executable.) -- d:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.956]
[MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- D:\Windows\system32\SLsvc.exe [2605568] [PID.1276]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1516]
[MD5.F9BD48630768BD3413972F2AEB49974F] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) -- D:\Windows\system32\hasplms.exe [4609928] [PID.2644]
[MD5.2B29FD3AF7B4FEB272CD1F6EEC8FE4BA] - (.TeamViewer GmbH - TeamViewer 9.) -- D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.2836]
[MD5.5CD05A591DC60886812D802E7E03A902] - (.TeamViewer GmbH - TeamViewer 9.) -- D:\Program Files\TeamViewer\Version9\tv_w32.exe [202592] [PID.3420]
[MD5.921697331207874649693DDEEDA8C81F] - (.TeamViewer GmbH - TeamViewer 9.) -- d:\program files\teamviewer\version9\TeamViewer_Desktop.exe [4415328] [PID.3544]
[MD5.03E60E0BFA53ED15DC984FA34B44BB0F] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1260320] [PID.3536]
[MD5.34E388A395FEDBA1D0511ED39BBF4074] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- D:\Windows\servicing\TrustedInstaller.exe [27136] [PID.3328]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
D:\Users\Valérie\AppData\Roaming\Mozilla\Firefox\Profiles\0ur29s44.default\prefs.js
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=D:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=D:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- D:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- D:\Program Files\Mozilla Firefox\firefox.exe
~ Global Startup: 40 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- D:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- d:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [Seagull Drivers] . (...) -- D:\Windows\ssdal_nc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- D:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- D:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- D:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D68FCCC7-1473-454E-89F2-2C4DD7C4CAD6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D68FCCC7-1473-454E-89F2-2C4DD7C4CAD6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D68FCCC7-1473-454E-89F2-2C4DD7C4CAD6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- D:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- D:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- D:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - D:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop General: WallPaper - .(...) - D:\Windows\Web\Wallpaper\img18.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: FileParade bundle uninstaller - (.FileParade.) [HKLM] -- FileParade bundle uninstaller
~ Logic: 14 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Teklynx]
[HKLM\Software\mamverifier]
~ Key Software: 76 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/09/2013 - 11:40:45 - [0,275] ----D D:\Program Files\BitLocker
O43 - CFD: 25/09/2013 - 13:17:02 - [0,012] ----D D:\ProgramData\Eticoncept
~ Program Folder: 82 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.801D92F35511824A63847EBF00491003] - 04/03/2014 - 22:45:26 ---A- . (...) -- D:\Windows\DPINST.LOG [16172]
O44 - LFC:[MD5.BEC9DA284C0E401B4A7A83B9BFC3190A] - 04/03/2014 - 23:29:07 ---A- . (...) -- D:\DelFix.txt [509]
~ Files: 14 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.4429EE969E247D0E328A2971EFAA06D4] - 04/03/2014 - 20:05:11 ---A- - D:\Windows\Prefetch\PROXYINSTALLER.EXE-91F56DF7.pf
O45 - LFCP:[MD5.A053F439583BCAE8447C7BCCB75BB5AD] - 04/03/2014 - 22:53:47 ---A- - D:\Windows\Prefetch\DELL_MULTI-DEVICE_A03_R194235-C36213A5.pf
O45 - LFCP:[MD5.D05C26D9EA87AA4DDEB55FD649C5179C] - 04/03/2014 - 23:00:57 ---A- - D:\Windows\Prefetch\FIREFOX%20SETUP%20STUB%2027.0-C4244049.pf
O45 - LFCP:[MD5.123AA7BD7C8F2FC053DB82EC029CE4FA] - 04/03/2014 - 23:01:20 ---A- - D:\Windows\Prefetch\SETUP-STUB.EXE-BCDACD6D.pf
O45 - LFCP:[MD5.E6D3F86746A1A29709B8243E299680DD] - 04/03/2014 - 23:07:03 ---A- - D:\Windows\Prefetch\DOWNLOAD.EXE-E009D920.pf
O45 - LFCP:[MD5.786823B51623217BF55B4C3620BE8434] - 04/03/2014 - 23:07:29 ---A- - D:\Windows\Prefetch\NS8509.TMP-3D291C21.pf
O45 - LFCP:[MD5.BEBCF3187ABE6CE1C1685BC79FA62277] - 04/03/2014 - 23:07:30 ---A- - D:\Windows\Prefetch\NS83A3.TMP-51E0519B.pf
O45 - LFCP:[MD5.751310E88A98E26665DD29CF0D117F56] - 04/03/2014 - 23:07:32 ---A- - D:\Windows\Prefetch\DOTNETFX35LANGPACK_X86FR.EXE-B3D3673F.pf
O45 - LFCP:[MD5.33AA46FD48E0EC0DA0FAD3FE4A271730] - 04/03/2014 - 23:08:10 ---A- - D:\Windows\Prefetch\SPCLITEGFX.EXE-5E874462.pf
~ Prefetcher: 116 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- D:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- D:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- D:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.424093DB99B9AE5982C050B3C5111CEC] - 30/01/2008 - 08:07:44 ---A- . (.Pas de propriétaire - PCI Multi I/O Card Driver x86.) -- D:\Windows\System32\Drivers\snxpcard.sys [17536]
O58 - SDL:[MD5.DF97D366DDE7BF245B41D7B2783C70B3] - 30/01/2008 - 08:07:44 ---A- . (.Pas de propriétaire - Parallel PCI driver for WinXP/2003 x86.) -- D:\Windows\System32\Drivers\snxppalx.sys [78848]
O58 - SDL:[MD5.0954625281C6E89016AE0145527391B6] - 30/01/2008 - 08:07:44 ---A- . (.Pas de propriétaire - Serial PCI driver for WinXP/2003 x86.) -- D:\Windows\System32\Drivers\snxpserx.sys [54912]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- D:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- D:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- D:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- D:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- D:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- D:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- D:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- D:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- D:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- D:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- D:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- D:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- D:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- D:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- D:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- D:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- D:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- D:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 15 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 04/03/2014 - 23:35:48 ---A- . (...) -- D:\Users\Valérie\AppData\Local\GDIPFONTCACHEV1.DAT [61392]
O61 - LFC: 04/03/2014 - 23:36:09 ---A- . (...) -- D:\Users\Valérie\AppData\Roaming\ZHP\Log.txt [15090] =>.Nicolas Coolman
O61 - LFC: 04/03/2014 - 23:36:09 ---A- . (...) -- D:\Users\Valérie\AppData\Roaming\ZHP\TestsZHPDiag.txt [2871] =>.Nicolas Coolman
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxpcard.sys [17536]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxpci.cat [14676]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxpci.inf [8270]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxpcip.inf [4197]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxport.cat [13026]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxppalx.sys [78848]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxprops.dll [27136]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\snxpserx.sys [54912]
O61 - LFC: 04/03/2014 - 23:36:10 ---A- . (...) -- D:\Users\Valérie\Documents\32bit[1]\2K&XP&2003&Vista_32bit_WHQL\version.txt [1194]
~ 12 Fichiers temporaires (Temporary files)
~ Files: 31 Legitimates Filtered in 00mn 23s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 02/11/2006 22016 | D:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - D:\Windows\System32\svchost.exe

SR - | Auto 09/08/2013 4609928 | (hasplms) . (.SafeNet Inc..) - D:\Windows\system32\hasplms.exe
SR - | Auto 18/07/2013 22216 | (MsMpSvc) . (.Microsoft Corporation.) - d:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - D:\Windows\system32\nvvsvc.exe
SR - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 17/02/2014 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 02/11/2006 22016 | D:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - D:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 01s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by XXXX at 04/03/2014 23:36:21

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys nvrd32.sys hal.dll storport.sys nvstor32.sys
D:\Windows\system32\DRIVERS\nvrd32.sys NVIDIA Corporation NVIDIA nForce(TM) RAID Driver
D:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x81C27F3B] >> \Device\Harddisk0\DR0[0x865EAAD8]
3 nt[0x81CB07E2] >> ntkrnlpa!IofCallDriver[0x81C27F3B] >> \Device\00000054[0x85C74180]
5 nvrd32[0x807A56A8] >> ntkrnlpa!IofCallDriver[0x81C27F3B] >> \Device\00000050[0x84FCBCA0]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by XXXX at 04/03/2014 23:36:23

********* Dump file Name *********
D:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

D:\Users\Valérie\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
~ Additionnel Scan: 138639 Items scanned in 00mn 17s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 1 link(s) detected in 00mn 17s



~ 812 Legitimates filtered by white list
End of the scan (413 lines in 01mn 25s)(0)

Publicité


Signaler le contenu de ce document

Publicité