cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.3.2.6 - Nicolas Coolman (03/03/2014)
~ Lancé par amine chelsea (10/03/2014 17:13:58)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.146 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
McAfee Security Scan Plus v3.8.141.11

---\\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1215 MB (44% free)
System Restore: Activé (Enable)
System drive D: has 9 GB (45%) free of 19 GB

---\\ Mode de connexion au système
~ Computer Name: AMINE-A8B0FEC53
~ User Name: amine chelsea
~ All Users Names: SUPPORT_388945a0, HelpAssistant, amine chelsea, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : D:\
~ %AppZHP% : D:\Documents and Settings\amine chelsea\Application Data\ZHP\
~ %AppData% : D:\Documents and Settings\amine chelsea\Application Data\
~ %Desktop% : D:\Documents and Settings\amine chelsea\Bureau\
~ %Favorites% : D:\Documents and Settings\amine chelsea\Favoris\
~ %LocalAppData% : D:\Documents and Settings\amine chelsea\Local Settings\Application Data\
~ %StartMenu% : D:\Documents and Settings\amine chelsea\Menu Démarrer\
~ %Windir% : D:\WINDOWS\
~ %System% : D:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 4 Go of 20 Go)
D: Hard drive, Flash drive, Thumb drive (Free 9 Go of 19 Go)
E: Hard drive, Flash drive, Thumb drive (Free 13 Go of 20 Go)
F: Hard drive, Flash drive, Thumb drive (Free 16 Go of 18 Go)
G: Hard drive, Flash drive, Thumb drive (Free 4 Go of 13 Go)
H: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.2A7BD330924252A2FD80344FC949BB72] - (.Microsoft Corporation - Explorateur Windows.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\Explorer.exe [1036288]
[MD5.4E958B97EFC3D801F49283D1820F48B7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\wininet.dll [660480]
[MD5.123EEA158F74D0F67A51DCDF065D1091] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 22:01:16.) -- D:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.19/08/2004 - 16:54:52.) -- D:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.09/12/2007 - 07:16:00.) -- D:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/432
~ Mon Bureau (My Desktop) : 0/87
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.7FE34FD5652C54BDA8D2DF8AC92E833A] - (.ESET - ESET Service.) -- D:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664] [PID.1288]
[MD5.49721B74366EBADC1F48C50781CE0593] - (.TorchMedia Inc. - TorchCrashHandler.) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1214472] [PID.1400]
[MD5.0DE704D9C51794F114A311EC460FC30B] - (.S3 Graphics, Inc. - Pas de description.) -- D:\WINDOWS\system32\VTTimer.exe [45056] [PID.300]
[MD5.64CA9CA1D5D42072A5D964009BCCD98E] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- D:\WINDOWS\SOUNDMAN.exe [65024] [PID.308]
[MD5.4C6A4295CA665406F81E7DF031E3BD20] - (.ESET - ESET Main GUI.) -- D:\Program Files\ESET\ESET Smart Security\egui.exe [5078504] [PID.388]
[MD5.4E7D8BF30DCC0BDA2A250769169C878D] - (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe [1667584] [PID.448]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- D:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.512]
[MD5.A4B1E950403DB9C3CBC9D951112A26C7] - (.VIA Technologies - VIA RAID Tool.) -- D:\Program Files\VIA\RAID\raid_tool.exe [565248] [PID.520]
[MD5.FC21787F32E3793A4C7C02D2BFAA5AE0] - (.Microsoft Corporation - Mises à jour automatiques.) -- D:\WINDOWS\system32\wuauclt.exe [112640] [PID.2072]
[MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- D:\Program Files\Google\Chrome\Application\chrome.exe [859464] [PID.1864]
[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- D:\Program Files\ZHPDiag\ZHPDiag.exe [8349696] [PID.3168]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
~ Google Browser: 19 Legitimates Filtered in 00mn 16s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=D:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=D:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Pas de propriétaire - AcroIEHelper Module.) -- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
~ BHO: 4 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- D:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- D:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [amine chelsea]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [amine chelsea]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- D:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [amine chelsea]: new shortcut.lnk . (...) -- D:\uninstall.exe (.not file.)
O4 - GS\Program [amine chelsea]: Torch.lnk . (.Torch Media Inc. - Torch.) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Application\torch.exe
~ Global Startup: 13 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- D:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - GS\Program [AllUsers]: VIA RAID TOOL.lnk . (.VIA Technologies - VIA RAID Tool.) -- D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] . (.S3 Graphics, Inc. - Pas de description.) -- D:\WINDOWS\system32\VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- D:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- D:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1060284298-1292428093-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1292428093-725345543-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{70AC44A3-6B77-4CA6-88AF-2715F6B6558E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{70AC44A3-6B77-4CA6-88AF-2715F6B6558E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- D:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- D:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- D:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- D:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- D:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- D:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Torch Crash Handler (TorchCrashHandler) . (.TorchMedia Inc. - TorchCrashHandler.) - D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
~ Services: 3 Legitimates Filtered in 00mn 06s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Liter]
[HKLM\Software\S3Inc]
~ Key Software: 115 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/08/2013 - 14:16:44 - [0,105] ----D D:\Program Files\S3Inc
O43 - CFD: 10/03/2014 - 17:09:28 - [0,004] ----D D:\Documents and Settings\All Users\Application Data\TorchCrashHandler
~ Program Folder: 74 Legitimates Filtered in 00mn 27s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D4A03F33C5893D0AB84BE7BA4CBC73B6] - 01/03/2014 - 16:59:48 ---A- . (...) -- D:\تعلم اللغة الفرنسية - المحاضرة الاولى - المستوى A1 - YouTube.htm [387242]
O44 - LFC:[MD5.283A99166BB60E700989755E208AC787] - 01/03/2014 - 17:41:11 ---A- . (...) -- D:\1001 Recettes.htm [521009]
O44 - LFC:[MD5.223B24022481D36F35AD3B95B1FAAFCC] - 01/03/2014 - 17:45:26 ---A- . (...) -- D:\Esterkitchen - Que se passe-t-il dans ma cuisine .htm [63662]
O44 - LFC:[MD5.FEEE4D41A8A82E86E21ECADBEB94EC3A] - 01/03/2014 - 17:47:26 ---A- . (...) -- D:\Toutes les recettes vues à la TV.htm [128039]
O44 - LFC:[MD5.7ED5C61D84FBC43A3944FEFD8E0EA9B6] - 01/03/2014 - 17:51:03 ---A- . (...) -- D:\اغنية بسم الله بالفرنسية - Recherche Google.htm [366569]
O44 - LFC:[MD5.CE7B99EB97B12720FD10190D0E4F1583] - 02/03/2014 - 10:00:47 ---A- . (...) -- D:\le brioche più soffici del mondo - Recherche Google.htm [260226]
O44 - LFC:[MD5.7874BD396A51CDDA9D42659D65E67070] - 02/03/2014 - 16:12:34 ---A- . (...) -- D:\Histoire de Paul, pâtisserie et boulangerie Française depuis 1889.htm [20048]
O44 - LFC:[MD5.535DBCC055CF84D0F2A88AB49C6B476B] - 03/03/2014 - 15:03:40 ---A- . (...) -- D:\pain d'épice au miel - Recherche Google.htm [324210]
O44 - LFC:[MD5.74E5A2983D77EE8A9FF3A4DB1E459818] - 10/03/2014 - 17:14:02 ---A- . (...) -- D:\Documents [160]
O44 - LFC:[MD5.2FE547FBB3EF8503AD179FB59F1D2CAA] - 26/02/2014 - 20:33:14 ---A- . (...) -- D:\Bhal05ACUAA0xJy.jpg [36309]
O44 - LFC:[MD5.FBADD4CBBBA0654D9A24ED553A8D2E1B] - 27/02/2014 - 09:37:58 ---A- . (...) -- D:\La tarte sur le bout de la mangue Les blogs.htm [71062]
O44 - LFC:[MD5.A9868EEAA3745D6E9D7204A4AC1BEC60] - 27/02/2014 - 11:08:30 ---A- . (...) -- D:\koulibiac,recette,russes,slave,originale,viande,porc,plats,cuisine,cuisiner.htm [59577]
O44 - LFC:[MD5.595FC25C686EC1A963D13496DD7B93FB] - 27/02/2014 - 11:13:56 ---A- . (...) -- D:\SUCRISSIME 08 2006.htm [155779]
O44 - LFC:[MD5.C05B87310210DE421E89D682CC7C5A25] - 27/02/2014 - 11:21:16 ---A- . (...) -- D:\Raviolis russe (au fromage) recette polonaise - tite du 84 c'est moi ;).htm [120035]
O44 - LFC:[MD5.42033C128A0E57E3797E084708D9A23F] - 27/02/2014 - 11:27:21 ---A- . (...) -- D:\Disney.htm [68701]
O44 - LFC:[MD5.C0A71563D36CE1EFCE285BC46888D2A9] - 27/02/2014 - 11:28:37 ---A- . (...) -- D:\Bricks à la russe 15 recettes russes - Journal des Femmes Cuisiner.htm [146202]
O44 - LFC:[MD5.4F80596A950E0B2811EB261C17A75D3F] - 27/02/2014 - 11:30:29 ---A- . (...) -- D:\Galettes des rois 2013, avec ou sans chocolat, mais toujours avec gourmandises ! Le Salon du chocolat – Le blog.htm [40466]
O44 - LFC:[MD5.3708D7901732274EF058EB0D0F0FDA78] - 27/02/2014 - 11:33:12 ---A- . (...) -- D:\Recette gateau franco-russe napoleon Facile et rapide.htm [25985]
O44 - LFC:[MD5.9EC04384A5528CAB8A6A32F3C7CE3ED0] - 27/02/2014 - 11:51:31 ---A- . (...) -- D:\À la une aujourd'hui sur hellocoton !.htm [112014]
O44 - LFC:[MD5.91B78F50A98B24A6A5CFBA7B4AC3C65E] - 27/02/2014 - 11:59:26 ---A- . (...) -- D:\Recettes de Gâteau Russe de Pechechka.htm [46086]
O44 - LFC:[MD5.0B0B71B2CB238A0B3E1994EAA062AB52] - 27/02/2014 - 12:11:29 ---A- . (...) -- D:\Castel, Recette de Castel par Cha R. - Food Reporter.htm [67865]
O44 - LFC:[MD5.89A60697402F50DD65FE42B361C73218] - 27/02/2014 - 12:12:46 ---A- . (...) -- D:\Gâteau feuillet russe Napoleon - Les gourmandises d'Angel.htm [116428]
O44 - LFC:[MD5.C1D9F5160806165D4B91B88F99536E96] - 27/02/2014 - 12:13:53 ---A- . (...) -- D:\Le russe.htm [45929]
O44 - LFC:[MD5.B137A32CD37C4891FC97AE20A36695F4] - 27/02/2014 - 12:14:51 ---A- . (...) -- D:\Le Russe, le vrai! Cuisine by Linette.htm [197455]
O44 - LFC:[MD5.5D05E707AFB1D06178B201DE38362386] - 28/02/2014 - 18:45:25 ---A- . (...) -- D:\1507931_708400799182953_1644034535_n.jpg [43772]
O44 - LFC:[MD5.60B9E6108D6D32ABD09D97A292A11AC2] - 28/02/2014 - 18:45:38 ---A- . (...) -- D:\1907563_708400805849619_239181584_n.jpg [45157]
O44 - LFC:[MD5.AC66934FD86B6D09F65F6ABAE4191308] - 28/02/2014 - 18:45:46 ---A- . (...) -- D:\1621957_708400789182954_302355400_n.jpg [38221]
O44 - LFC:[MD5.394A54FF61C8F8BD0771067731339B54] - 28/02/2014 - 18:45:54 ---A- . (...) -- D:\1620931_708400802516286_510715133_n.jpg [38812]
~ Files: 34 Legitimates Filtered in 00mn 25s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Application\torch.exe" [Enabled] .(.Torch Media Inc..) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Application\torch.exe
O47 - AAKE:Key Export SP - "D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe" [Enabled] .(.Hola Networks Ltd..) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe
O47 - AAKE:Key Export SP - "D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe" [Enabled] .(...) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe (.not file.)
O47 - AAKE:Key Export DP - "D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Application\torch.exe" [Enabled] .(.Torch Media Inc..) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Application\torch.exe
O47 - AAKE:Key Export DP - "D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe" [Enabled] .(.Hola Networks Ltd..) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe
O47 - AAKE:Key Export DP - "D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe" [Enabled] .(...) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe (.not file.)
~ Keys Export: 9 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{7031cb35-06f5-11e3-b1a7-806d6172696f}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.FBBCB95F677CBAA924140B6EA2D9A97B] - 11/12/2003 - 16:54:14 ---A- . (.Sensaura Ltd - Sensaura WDM 3D Audio Driver.) -- D:\WINDOWS\system32\Drivers\ALCXSENS.SYS [391424]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 09/12/2007 - 07:16:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- D:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 09/12/2007 - 07:16:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- D:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.D26E26EA516450AF9D072635C60387F4] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\Drivers\secdrv.sys [27440]
O58 - SDL:[MD5.432D9D823C4C26B6070C41BAD4404CE4] - 22/08/2013 - 13:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- D:\WINDOWS\system32\Drivers\tap0901.sys [35288]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 09/12/2007 - 07:16:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- D:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 09/12/2007 - 07:16:00 ---A- . (...) -- D:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 14/01/2014 - D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe (TorchCrashHandler) .(.TorchMedia Inc. - TorchCrashHandler.) - LEGACY_TORCHCRASHHANDLER
~ Legacy: 107 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- D:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- D:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\old_chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\old_chrome.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Torch Media Inc. - Torch.) -- D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Application\torch.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
E:\RECYCLER\S-1-5-21-1454471165-1482476501-1801674531-1003\Dd1.6-ByZak\PES.6-ByZak\keygen.exe
F:\PES.6-ByZak\keygen.exe
~ Files: Scanned in 01mn 29s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6B43E9020A7F64C9DCEBBAE345DEC988] [SPRF][31/07/2013] (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\IDMan.exe [3624528]
[MD5.EC90E01B32D2E8C1EA14B6BD30BE2B91] [SPRF][31/07/2013] (.Tonec Inc. - Internet Download Manager installer.) -- D:\Program Files\Internet Download Manager 6.17 Build 6 Final.exe [5195448]
[MD5.EAD503C73CE3BB5B8D47C6996C603ACE] [SPRF][04/08/2013] (...) -- D:\Program Files\vlc-media-player_2-0-8_fr_10829.exe [23008542]
~ Files: 4 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 09/12/2007 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - D:\WINDOWS\system32\dmadmin.exe
SS - | Auto 17/08/2013 116648 | (gupdate) . (.Google Inc..) - D:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2013 116648 | (gupdatem) . (.Google Inc..) - D:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - D:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 21/03/2013 1341664 | (ekrn) . (.ESET.) - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
SR - | Auto 14/01/2014 1214472 | (TorchCrashHandler) . (.TorchMedia Inc..) - D:\Documents and Settings\amine chelsea\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe

~ Services: Scanned in 00mn 01s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by amine chelsea at 10/03/2014 17:17:28

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E3D45] >> \Device\Harddisk0\DR0[0x88B40AB8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by amine chelsea at 10/03/2014 17:17:30

********* Dump file Name *********
D:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (03/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\Software\APN PIP] =>Toolbar.Ask
~ Additionnel Scan: 78414 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 35s



~ 598 Legitimates filtered by white list
End of the scan (471 lines in 04mn 09s)(2)

Publicité


Signaler le contenu de ce document

Publicité