cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)
~ Lancé par jeanpierre (13/03/2014 23:59:12)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v33.0.1750.146

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : H8MQ6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.11 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3909 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 51 GB (18%) free of 279 GB

---\\ Mode de connexion au système
~ Computer Name: LAJONY
~ User Name: jeanpierre
~ All Users Names: jeanpierre, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jeanpierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jeanpierre\AppData\Roaming\
~ %Desktop% : C:\Users\jeanpierre\Desktop\
~ %Favorites% : C:\Users\jeanpierre\Favorites\
~ %LocalAppData% : C:\Users\jeanpierre\AppData\Local\
~ %StartMenu% : C:\Users\jeanpierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 51 Go of 279 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.03/12/2013 - 00:56:24.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/37
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 2/81
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/53
~ Mon Bureau (My Desktop) : 2/352
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.1628]
[MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464] [PID.4900]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.172]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.18620]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jeanpierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [ippenodjaoidmkkfdlmdhofiebnpjddb] BrowseSmart v.1.0.0 (Désactivé) =>PUP.BrowseSmart
G2 - GCE: Preference [User Data\Default] [kaankaoacjlcnkdfagcnnncmeojkoeai] FD Plugin v.1.0.2 (Activé) =>Spyware.FDPlugin
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkjddnjnldjjnbjahcinkhkchijbjcmn] Ask Toolbar v.32.4, (Désactivé) =>Toolbar.Ask
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Désactivé)
~ Google Browser: 21 Legitimates Filtered in 00mn 24s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\jeanpierre\AppData\Roaming\Mozilla\Firefox\Profiles\8crzmwp2.default\prefs.js
C:\Users\jeanpierre\AppData\Roaming\Mozilla\Firefox\Profiles\8crzmwp2.default\user.js
M3 - MFPP: Plugins - [jeanpierre] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\sweet-page.xml =>PUP.SweetPage
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com =>PUP.SweetPage
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com =>PUP.SweetPage
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com =>PUP.SweetPage
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: RightSurf [64Bits] - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} . (.RightSurf - RightSurf.) -- C:\Program Files (x86)\RightSurf\RightSurfBHO.dll =>PUP.RightSurf
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\Program [Public]: Cities in Motion 2.lnk . (...) -- C:\Program Files (x86)\Cities in Motion 2\CIM2.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\Program [Public]: Packard bell User's Manual.lnk . (...) -- C:\OEM\Preload\Autorun\GUI\Packard bell User's Manual\00\User_Manual.pdf
O4 - GS\QuickLaunch [jeanpierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\QuickLaunch [jeanpierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\TaskBar [jeanpierre]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\TaskBar [jeanpierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\TaskBar [jeanpierre]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\TaskBar [jeanpierre]: Packard Bell Device Fast-lane.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe (.not file.)
O4 - GS\TaskBar [jeanpierre]: Packard Bell Power Button.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Power Management\ePowerButton.exe (.not file.)
O4 - GS\TaskBar [jeanpierre]: Word 2013.lnk . (...) -- C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.exe (.not file.)
O4 - GS\Program [jeanpierre]: Corbeille (2).lnk - Clé orpheline
O4 - GS\Program [jeanpierre]: Corbeille (3).lnk - Clé orpheline
O4 - GS\Program [jeanpierre]: Corbeille (4).lnk - Clé orpheline
O4 - GS\Program [jeanpierre]: Corbeille.lnk - Clé orpheline
O4 - GS\Program [jeanpierre]: Free mp3 Wma Converter.lnk . (.Koyote Lab Inc. - Free Audio Converter.) -- C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe
O4 - GS\Program [jeanpierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage
O4 - GS\Desktop [jeanpierre]: Jeux Yahoo.lnk - Clé orpheline
O4 - GS\Desktop [jeanpierre]: MediaCoder.lnk . (.Broad Intelligence - MediaCoder.) -- C:\Program Files (x86)\MediaCoder\mediacoder.exe
O4 - GS\Desktop [jeanpierre]: PSP Video Converter.lnk . (...) -- C:\Program Files (x86)\pspvc\PSPVC.exe
O4 - GS\Desktop [jeanpierre]: Tarobot.lnk . (...) -- C:\Program Files (x86)\Tarobot\tarobot.exe
~ Global Startup: 62 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-3653073904-1663424795-1585463287-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-3653073904-1663424795-1585463287-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC52AB9-816F-4B42-AE82-62001C56B894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE6AF66-71CD-476E-9235-BD376BCF340A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AC52AB9-816F-4B42-AE82-62001C56B894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{FBE6AF66-71CD-476E-9235-BD376BCF340A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Update RightSurf (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf
O23 - Service: Util RightSurf (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: 13 Legitimates Filtered in 59mn 50s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-5.7-firefoxinstaller.job [2150] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-5.7-firefoxinstaller] (...) -- C:\Program Files (x86)\Plus-HD-5.7\Plus-HD-5.7-firefoxinstaller.exe (.not file.) [0] =>Adware.PlusHD
~ Scheduled Task: 17 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: RightSurf - (.RightSurf.) [HKLM][64Bits] -- RightSurf =>PUP.RightSurf
~ Logic: 65 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\RightSurf] =>PUP.RightSurf
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf
~ Key Software: 328 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/02/2014 - 12:35:57 - [0] ----D C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart
O43 - CFD: 04/02/2014 - 13:29:15 - [0] ----D C:\Program Files (x86)\greatSAveR
O43 - CFD: 27/02/2014 - 13:39:24 - [3,717] ----D C:\Program Files (x86)\RightSurf =>PUP.RightSurf
O43 - CFD: 04/02/2014 - 13:21:11 - [0] ----D C:\Program Files (x86)\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 24/02/2014 - 16:26:18 - [0] ----D C:\ProgramData\APN
O43 - CFD: 04/02/2014 - 13:29:15 - [0,082] ----D C:\ProgramData\d3e829b096952b3b
O43 - CFD: 04/02/2014 - 13:34:10 - [0] ----D C:\ProgramData\greatSAveR
O43 - CFD: 22/01/2014 - 10:57:01 - [0,114] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 04/02/2014 - 13:34:10 - [0] ----D C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 19/01/2014 - 15:44:05 - [0,259] ----D C:\Users\jeanpierre\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 04/03/2014 - 13:14:34 - [0] ----D C:\Users\jeanpierre\AppData\Roaming\Shopping Blocks
O43 - CFD: 26/02/2014 - 23:43:17 - [0,147] ----D C:\Users\jeanpierre\AppData\Local\VNT
O43 - CFD: 13/07/2013 - 10:06:39 - [0] ----D C:\Users\jeanpierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux Yahoo
~ Program Folder: 183 Legitimates Filtered in 00mn 51s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/03/2014 - 19:09:04 ---A- . (...) -- C:\dfu.log [0]
~ Files: 2 Legitimates Filtered in 00mn 49s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{b76d3ab8-8261-11e3-bf8a-b888e3569d8b}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{f90b9558-e516-11e2-be7f-b888e3569d8b}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 27/11/2013 - 12:15:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 03/01/2014 - 04:54:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 13/11/2013 - 12:48:37 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:[MD5.2D055FAB756A79F5221ADF56EAE4CB3B] - 10/08/2012 - 09:39:56 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [315280]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 20 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.sweet-page.com =>PUP.SweetPage
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (sweet-page) - http://www.sweet-page.com =>PUP.SweetPage
~ Keys: Scanned in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 37 Legitimates Filtered in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 26/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 04/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 22/08/2012 468624 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Demand 22/08/2012 658576 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SR - | Auto 15/02/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 18/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 18/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 26/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 13/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 18/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/03/2014 348960 | (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf
SR - | Auto 13/03/2014 348960 | (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 31/07/2012 81536 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

~ Services: Scanned in 00mn 07s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 10
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 4

[HKLM\Software\Google\Chrome\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb] =>PUP.BrowseSmart^
[HKLM\Software\Google\Chrome\Extensions\kaankaoacjlcnkdfagcnnncmeojkoeai] =>Spyware.FDPlugin^
[HKLM\Software\Google\Chrome\Extensions\nkjddnjnldjjnbjahcinkhkchijbjcmn] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf] =>PUP.RightSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf] =>PUP.RightSurf^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\jeanpierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb =>PUP.BrowseSmart^
C:\Users\jeanpierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaankaoacjlcnkdfagcnnncmeojkoeai =>Spyware.FDPlugin^
C:\Users\jeanpierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjddnjnldjjnbjahcinkhkchijbjcmn =>Toolbar.Ask^
C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart^
C:\Program Files (x86)\RightSurf =>PUP.RightSurf^
C:\Program Files (x86)\YoutubeAdblocker =>PUP.Multiplug^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug^
C:\Users\jeanpierre\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Windows\Tasks\Plus-HD-5.7-firefoxinstaller.job =>Adware.PlusHD^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKCU\Software\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf^
~ Additionnel Scan: 216095 Items scanned in 00mn 31s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/39517100-pup-browsesmart =>PUP.BrowseSmart
~ http://nicolascoolman.webs.com/apps/blog/show/30326765-spyware-fdplugin =>Spyware.FDPlugin
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/40584589-pup-sweetpage =>PUP.SweetPage
~ http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf =>PUP.RightSurf
~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27350807-adware-recordnrip =>Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ MSI: 12 link(s) detected in 00mn 31s



~ 951 Legitimates filtered by white list
End of the scan (500 lines in 56mn 24s)(0)

Publicité


Signaler le contenu de ce document

Publicité