cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.9.16 - Nicolas Coolman (09/04/2014)
~ Lancé par Dom (10/04/2014 18:28:34)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : VT8JQ
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8143 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 859 GB (93%) free of 919 GB

---\\ Mode de connexion au système
~ Computer Name: DOMINIQUE
~ User Name: Dom
~ All Users Names: UpdatusUser, HomeGroupUser$, Dom, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dom\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dom\AppData\Roaming\
~ %Desktop% : C:\Users\Dom\Desktop\
~ %Favorites% : C:\Users\Dom\Favorites\
~ %LocalAppData% : C:\Users\Dom\AppData\Local\
~ %StartMenu% : C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 859 Go of 919 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
X: Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
Y: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.27/03/2014 - 07:05:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/03/2014 - 07:05:38.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/03/2014 - 07:05:38.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/03/2014 - 11:35:58.) -- C:\Windows\system32\Drivers\ntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:12:11.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/5
~ Mes musiques (My Musics) : 1/20
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/27
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.11982DA3029BF90CF23A69B0C1AD84D0] - (.Microsoft Corporation - Microsoft Office Document Cache Sync Client.) -- C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.exe [78576] [PID.5268]
[MD5.10EF557CEBF0F1D19F48855133F5F7E8] - (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe [194224] [PID.6492]
[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.8280]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.8888]
[MD5.150BB63D132E6F3D83692A74D61BCF75] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.exe [490344] [PID.9060]
[MD5.74A964A5060AE4DC23242092480C67C2] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4136976] [PID.8820]
[MD5.9FBB2F038A2DDCE696BDEE7080241C0C] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808112] [PID.6956]
[MD5.F4651164AA1330735ADEA50AD0A326F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208896] [PID.2660]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\wncntbxu.default\prefs.js
M0 - MFSP: prefs.js [Dom - wncntbxu.default] http://le-petit-monde-de-dom.over-blog.com
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Lightroom 5.4 64 bits.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.4\lightroom.exe (.not file.) =>.Adobe Systems Incorporated
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\QuickLaunch [Dom]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Dom]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 35 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Dom]: Envoyer à OneNote.lnk . (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21\..\Run: [resource] Clé orpheline
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Clé orpheline
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74D71E4F-1FB8-499B-9BCC-898D7A0149E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74D71E4F-1FB8-499B-9BCC-898D7A0149E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: SecureAssist (SECUREASSIST) . (.SecureAssist - Pas de description.) - c:\Program Files\SupraSavings\SecureAssist.exe =>PUP.SupraSavings
O23 - Service: xmkysecqun64 (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe
~ Services: 29 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{23623B00-F0A4-4CFB-864B-DD19DA3C4C76}] (...) -- D:\Player.exe (.not file.) [0]
~ Scheduled Task: 7 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: SupraSavings - (.SupraSavings.) [HKLM][64Bits] -- {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Filseclab]
[HKCU\Software\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Rr Savings]
[HKLM\Software\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Filseclab]
[HKLM\Software\Wow6432Node\HQVid1.9h] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\NewPlayer]
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\anset]
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2014 - 21:38:27 - [0,045] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 05/04/2014 - 18:54:46 - [0,001] ----D C:\Users\Dom\AppData\Local\com
~ Program Folder: 115 Legitimates Filtered in 00mn 18s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F60BB7489BDDA351360C95AE94290376] - 02/04/2014 - 12:41:37 --HA- . (...) -- C:\DBAR_Ver.txt [114]
O44 - LFC:[MD5.0DE593914F0268FB2B4DE7B9C7B33057] - 02/04/2014 - 18:02:34 ---A- . (.SecureAssist - WFP driver.) -- C:\Windows\System32\Drivers\SAWFP64.sys [41768] =>PUP.SupraSavings
O44 - LFC:[MD5.A30EE6AE3D334CD7C6D6AF20052E3C09] - 02/04/2014 - 18:08:28 ---A- . (...) -- C:\Windows\DirectX.log [9938]
O44 - LFC:[MD5.DF7F10E35A52E1E35589F3ECAACCB380] - 03/04/2014 - 17:04:47 ---A- . (...) -- C:\Windows\wininit.ini [60]
O44 - LFC:[MD5.2100B28C34C4FCE916A4A61F58E31198] - 05/04/2014 - 17:59:14 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [9701]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 05/04/2014 - 17:59:32 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.ED989C9F996783D91B75CD1AF2BB2E7E] - 08/04/2014 - 20:42:42 ---A- . (...) -- C:\Windows\System32\SecureAssist.ini [5624] =>PUP.SupraSavings
O44 - LFC:[MD5.CE5F4E5F2FED3EBE1EE54191C32BDE18] - 08/04/2014 - 20:42:42 ---A- . (...) -- C:\Windows\System32\SecureAssistOff.ini [2576] =>PUP.SupraSavings
O44 - LFC:[MD5.A5BA19176354ECF1DA9508D7134B2B1E] - 09/04/2014 - 08:52:45 ---A- . (...) -- C:\DelFix.txt [961]
O44 - LFC:[MD5.73FD0FA4353C6EF6B133295E0EDD59AA] - 27/03/2014 - 06:17:16 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3467927]
O44 - LFC:[MD5.FD6CC699BD9BE090D6E96C06CA960AE4] - 27/03/2014 - 06:26:16 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesmapro.dat [463760]
O44 - LFC:[MD5.FE3422EDDA0E2580DF8D0F8B18DA8552] - 27/03/2014 - 06:26:16 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesmaprocap.dat [19501]
O44 - LFC:[MD5.F2ED8D7665256DB2CD113F90C65D835E] - 27/03/2014 - 06:26:16 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesskdy.dat [849522]
O44 - LFC:[MD5.0505315076F50DE128B8256927B94722] - 27/03/2014 - 06:33:17 ---A- . (...) -- C:\Windows\Core.xml [35851]
O44 - LFC:[MD5.422093445C71B6F92CF7BA4BC52E402C] - 27/03/2014 - 06:34:10 ---A- . (...) -- C:\Windows\csup.txt [12]
O44 - LFC:[MD5.951ED124565B6CAC8C1B59C88CE3F21F] - 27/03/2014 - 06:38:31 ---A- . (...) -- C:\Windows\System32\Drivers\1028_Dell_XPS_8700.mrk [3274]
O44 - LFC:[MD5.D364ED2E8CA42D79EDFE8B3BB878E22D] - 27/03/2014 - 06:38:37 ---A- . (.Waves Audio - MaxxAudioVienna2.) -- C:\Windows\System32\MaxxAudioVienna264.dll [194816]
O44 - LFC:[MD5.4B29094391996376B369CFD8D49CE434] - 27/03/2014 - 06:38:41 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [626293]
O44 - LFC:[MD5.709041B0125EC06F351BE7F6BC5DA1F0] - 27/03/2014 - 06:38:43 ---A- . (...) -- C:\Windows\System32\Drivers\rtvienna.dat [5694760]
O44 - LFC:[MD5.DC1EE682314D4FDA32525E02F6DA6DCE] - 27/03/2014 - 06:40:13 ---A- . (...) -- C:\Windows\System32\NvIFROpenGL.dll [357152]
O44 - LFC:[MD5.E386762CB0D0AB5D0C9FEEE6108DBA1F] - 27/03/2014 - 06:40:13 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [23754]
O44 - LFC:[MD5.5FCEADA00C24ED01D2CCD00BF76DE97A] - 27/03/2014 - 06:43:16 ----- . (...) -- C:\Windows\System32\athwbx.cat [11192]
O44 - LFC:[MD5.DEE4040039CCFB996A2412EB9D9B03C1] - 27/03/2014 - 06:43:16 ----- . (...) -- C:\Windows\System32\athwbx.inf [21440]
O44 - LFC:[MD5.691EF5966CE866B766CE00BECFCFA589] - 27/03/2014 - 06:56:25 ---A- . (...) -- C:\Windows\System32\Drivers\mfencbdc.inf [5442]
O44 - LFC:[MD5.12F0F8D3F84FAB8F31D073286FE131CB] - 27/03/2014 - 06:56:25 ---A- . (...) -- C:\Windows\System32\Drivers\mfencrk.inf [2641]
O44 - LFC:[MD5.60CDAF0811BF825164C0E246F4F5620D] - 27/03/2014 - 06:56:46 ---A- . (...) -- C:\Windows\win.ini [124]
O44 - LFC:[MD5.F7BFECB383537CD85645CFC4FF457991] - 27/03/2014 - 07:06:00 ---A- . (...) -- C:\Windows\System32\DISMLog.log [66299]
O44 - LFC:[MD5.E104B52536C56A6D2F7032610214CC06] - 27/03/2014 - 07:11:47 R-HA- . (...) -- C:\dell.sdr [27795]
O44 - LFC:[MD5.9669DB5FC5F0E724A86ED2DBA7F7AE43] - 27/03/2014 - 07:13:26 ---A- . (...) -- C:\Windows\DtcInstall.log [1955]
~ Files: 550 Legitimates Filtered in 01mn 29s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{956c9bb8-b56e-11e3-824c-806e6f6e6963}\AutoRun\command. (...) -- D:\Player.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.0DE593914F0268FB2B4DE7B9C7B33057] - 18/03/2014 - 14:12:04 ---A- . (.SecureAssist - WFP driver.) -- C:\Windows\System32\Drivers\SAWFP64.sys [41768] =>PUP.SupraSavings
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 20 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files (x86)\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\Windows\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 67 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][08/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\f6f812.msi [3162112] =>PUP.SupraSavings
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][08/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\f906ce.msi [4997120] =>PUP.SupraSavings
~ WIS: 66 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 15/01/2014 149496 | (DellUpdate) . (.Dell Inc..) - C:\Program Files (x86)\Dell Update\DellUpService.exe
SS - | Demand 12/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 25/07/2013 334608 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 30/07/2013 328928 | (McOobeSv2) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 31/07/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 14/01/2014 198664 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 12/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 04/09/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 04/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 04/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/07/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 27/01/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 27/01/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 11/11/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 26/03/2013 253776 | (RichVideo) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 19/06/2013 246488 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 12/03/2014 1558032 | (SECUREASSIST) . (.SecureAssist.) - c:\Program Files\SupraSavings\SecureAssist.exe =>PUP.SupraSavings
SR - | Auto 22/11/2013 1915920 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 02/04/2014 706560 | (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe

~ Services: Scanned in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 7

[HKLM\SYSTEM\CurrentControlSet\Services\SECUREASSIST] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
[HKCU\Software\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\HQVid1.9h] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings^
C:\Windows\Installer\f6f812.msi =>PUP.SupraSavings^
C:\Windows\Installer\f906ce.msi =>PUP.SupraSavings^
~ Additionnel Scan: 207917 Items scanned in 00mn 11s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 2 link(s) detected in 00mn 00s



~ 1378 Legitimates filtered by white list
End of the scan (440 lines in 02mn 35s)(0)

Publicité


Signaler le contenu de ce document

Publicité