cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.18.31 - Nicolas Coolman (18/04/2014)
~ Lancé par OHYEAH (18/04/2014 07:23:12)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428
MFIE: Mozilla Firefox 28.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Anti-Virus v14.0.0.4651
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft Security Client v4.5.0216.0
Spybot - Search & Destroy v1.6.2
SUPERAntiSpyware v5.7.1018
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 15 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6143 MB (49% free)
System Restore: Activé (Enable)
System drive F: has 16 GB (24%) free of 63 GB

---\\ Mode de connexion au système
~ Computer Name: OHYEAH-PC
~ User Name: OHYEAH
~ All Users Names: OHYEAH, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : F:\
~ %AppZHP% : F:\Users\OHYEAH\AppData\Roaming\ZHP\
~ %AppData% : F:\Users\OHYEAH\AppData\Roaming\
~ %Desktop% : F:\Users\OHYEAH\Desktop\
~ %Favorites% : F:\Users\OHYEAH\Favorites\
~ %LocalAppData% : F:\Users\OHYEAH\AppData\Local\
~ %StartMenu% : F:\Users\OHYEAH\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : F:\Windows\
~ %System% : F:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 32 Go of 128 Go)
E: Hard drive, Flash drive, Thumb drive (Free 85 Go of 338 Go)
F: Hard drive, Flash drive, Thumb drive (Free 16 Go of 63 Go)
G: Hard drive, Flash drive, Thumb drive (Free 844 Go of 1863 Go)
H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 14:24:45.) -- F:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:39:52.) -- F:\Windows\System32\Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.18/04/2014 - 03:54:27.) -- F:\Windows\System32\wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 14:25:30.) -- F:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 14:27:26.) -- F:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- F:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- F:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- F:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- F:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- F:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- F:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:19:57.) -- F:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- F:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- F:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- F:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.24/01/2014 - 03:37:55.) -- F:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 01:00:41.) -- F:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- F:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- F:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- F:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- F:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 14:34:02.) -- F:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/347
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/4
~ Mon Bureau (My Desktop) : 1/2422
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.3564]
[MD5.B96D82EA7BC9A842028559968E9570D4] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe [1004864] [PID.4012]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.1504]
[MD5.70F81D6EEFCA1E1943828306F57EA55C] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- F:\Users\OHYEAH\AppData\Local\Akamai\netsession_win.exe [4672920] [PID.1452]
[MD5.F6041A72058ADD22166C31B5FD5E919C] - (.Spotify Ltd - SpotifyWebHelper.) -- F:\Users\OHYEAH\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000] [PID.4136]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5056]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- F:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3888]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.5724]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.Pas de propriétaire - Core Sync.) -- F:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.5708]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- F:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.6704]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- F:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.2328]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.4044]
[MD5.3CB15914365B3A33F39D6BB1743ACA91] - (.Pas de propriétaire - Générateur aléatoire de mot de passe.) -- F:\Program Files (x86)\GenerateurMotPasse20\Generateurmotpasse.exe [199168] [PID.5680]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- F:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.1356]
[MD5.0ED916983CAF26EF5B3C3A489E43D30C] - (.Nicolas Coolman - ZHPDiag.) -- F:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8217088] [PID.4512]
[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512] [PID.1784]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- F:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1848]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- F:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1884]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1180]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.2204]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2572]
[MD5.6A61DFC83D7BB41F376CBB16124D480B] - (.mobile concepts GmbH - CyberGhost VPN Client Service.) -- F:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128] [PID.6660]
~ Processes Running: Scanned in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=F:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=F:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=F:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 4



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- F:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\Desktop [Public]: herdProtect.lnk . (.Reason Software Company Inc. - herdProtect Anti-Malware Scanner.) -- F:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe
O4 - GS\Desktop [Public]: LG PC Suite IV.lnk . (.Mobile Leader Co.,Ltd. - Pas de description.) -- F:\Program Files (x86)\LG Electronics\LG PC Suite IV\LGUX.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Shadow Defender.lnk . (...) -- F:\Program Files (x86)\Shadow Defender\Defender.exe (.not file.)
O4 - GS\Desktop [Public]: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- F:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [OHYEAH]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- F:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [OHYEAH]: LG PC Suite IV.lnk . (.Mobile Leader Co.,Ltd. - Pas de description.) -- F:\Program Files (x86)\LG Electronics\LG PC Suite IV\LGUX.exe
O4 - GS\QuickLaunch [OHYEAH]: Shadow Defender.lnk . (...) -- F:\Program Files (x86)\Shadow Defender\Defender.exe (.not file.)
O4 - GS\QuickLaunch [OHYEAH]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- F:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch [OHYEAH]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- F:\Users\OHYEAH\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [OHYEAH]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [OHYEAH]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- F:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\TaskBar [OHYEAH]: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - GS\TaskBar [OHYEAH]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- F:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\TaskBar [OHYEAH]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- F:\Users\OHYEAH\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [OHYEAH]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- F:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [OHYEAH]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- F:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [OHYEAH]: Achiwa.lnk . (.SARL tibSys - Surveillance du réseau.) -- F:\Program Files (x86)\Achiwa\achiwant.exe
O4 - GS\Desktop [OHYEAH]: Easy File Locker.lnk . (.XOSLAB.COM - Easy File Locker.) -- F:\Program Files\Easy File Locker\FileLocker.exe
O4 - GS\Desktop [OHYEAH]: Générateur de Mot de Passe.lnk . (...) -- F:\Program Files (x86)\GenerateurMotPasse20\Generateurmotpasse.exe
O4 - GS\Desktop [OHYEAH]: Photoshop - Shortcut.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) -- F:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe =>.Adobe Systems Incorporated
O4 - GS\Desktop [OHYEAH]: SF4AE.lnk . (...) -- G:\Jeux\Capcom\Super Street Fighter IV arcade Edition\unl.exe (.not file.)
O4 - GS\Desktop [OHYEAH]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- F:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\Desktop [OHYEAH]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- F:\Users\OHYEAH\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 100 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: Adobe Gamma Loader.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- F:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- F:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Shadow Defender Daemon] . (.SHADOWDEFENDER.COM - Shadow Defender Daemon Application.) -- F:\Program Files\Shadow Defender\DefenderDaemon.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- F:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- F:\Users\OHYEAH\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- F:\Users\OHYEAH\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- F:\Users\OHYEAH\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- F:\Users\OHYEAH\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [CyberGhost VPN] . (.CyberGhost SRL - CyberGhost VPN Client.) -- F:\Program Files\CyberGhost VPN\Cyberghost.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- F:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [Achiwa] . (.SARL tibSys - Surveillance du réseau.) -- F:\Program Files (x86)\Achiwa\achiwant.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- F:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- F:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- F:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- F:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- F:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- F:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- F:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- F:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- F:\Users\OHYEAH\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- F:\Users\OHYEAH\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- F:\Users\OHYEAH\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- F:\Users\OHYEAH\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-4196701106-1349789709-3021118661-1001\..\Run: [CyberGhost VPN] . (.CyberGhost SRL - CyberGhost VPN Client.) -- F:\Program Files\CyberGhost VPN\Cyberghost.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kbrd.ico
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- f:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{035CF2DC-D05A-41BF-9A82-C23DDF71FD7D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{035CF2DC-D05A-41BF-9A82-C23DDF71FD7D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{035CF2DC-D05A-41BF-9A82-C23DDF71FD7D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- F:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- F:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Skullgirls ∞Endless Beta∞ - (...) [HKLM][64Bits] -- Steam App 208610
O42 - Logiciel: herdProtect Anti-Malware Scanner - (.Reason Company Software Inc..) [HKLM][64Bits] -- herdProtectScan
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\MLSync]
[HKCU\Software\ucantseeme]
~ Key Software: 225 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.61C58590FB445C2EF6F6B5F4E76A8558] - 10/04/2014 - 20:19:56 ---A- . (...) -- F:\Windows\System32\e1e6232e.din [2716]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/04/2014 - 00:40:22 ---A- . (...) -- F:\Windows\ativpsrm.bin [0]
O44 - LFC:[MD5.4EF44915E522F3ECD1A3FF540AA64126] - 14/04/2014 - 01:09:05 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- F:\Windows\System32\Drivers\tap0901.sys [29696]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 15/04/2014 - 18:39:05 ---A- . (...) -- F:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 15/04/2014 - 18:40:04 ---A- . (...) -- F:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 15/04/2014 - 18:44:31 ---A- . (...) -- F:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.53FDA4AF81E7C4895357A50E848B7CFE] - 15/04/2014 - 18:44:56 ---A- . (.Pas de propriétaire - RemoteFX Helper.) -- F:\Windows\System32\RDVGHelper.exe [95744]
O44 - LFC:[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - 15/04/2014 - 22:03:16 ----- . (...) -- F:\Windows\System32\SetupBD.din [1904]
O44 - LFC:[MD5.C8C7EAD8098EA7468D651F3459657240] - 17/04/2014 - 22:44:45 ---A- . (...) -- F:\Windows\System32\Drivers\RTAIODAT.DAT [681905]
O44 - LFC:[MD5.E92FE50722C1BCEEAB73EB07014E5712] - 18/04/2014 - 03:24:19 ---A- . (...) -- F:\Windows\IE10_main.log [8219]
O44 - LFC:[MD5.7DA65E189AEB34CF9897402CECB1FA7C] - 18/04/2014 - 03:53:22 ---A- . (...) -- F:\Windows\msxml4-KB954430-enu.LOG [291500]
O44 - LFC:[MD5.BD533ECEEB4FC429A9EB1B30B71575EF] - 18/04/2014 - 03:53:27 ---A- . (...) -- F:\Windows\msxml4-KB973688-enu.LOG [290914]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 18/04/2014 - 03:54:26 ---A- . (...) -- F:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.A086DEC516E64F540F359321122E6469] - 18/04/2014 - 03:56:04 ---A- . (...) -- F:\Windows\IE11_main.log [12885]
O44 - LFC:[MD5.B05B88402AD016B1147A6A3FDE9D29B2] - 18/04/2014 - 05:09:36 ---A- . (...) -- F:\Windows\xlkfs.dll [23552]
O44 - LFC:[MD5.136F86BBEC285B0CC7EE71FB1E93398F] - 18/04/2014 - 05:11:12 ---A- . (...) -- F:\Windows\diskpt.crt [64]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/04/2014 - 05:12:09 ---A- . (...) -- F:\Windows\diskpt.dat [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/04/2014 - 05:12:09 ---A- . (...) -- F:\Windows\diskptex.dat [0]
O44 - LFC:[MD5.CF34F25C6C6C2789AB3A278F92E4BAE7] - 18/04/2014 - 06:17:02 ---A- . (...) -- F:\Windows\xlkfs.dat [1244]
O44 - LFC:[MD5.AF841B5F36A0529473BFDD9227695698] - 18/04/2014 - 06:17:02 ---A- . (...) -- F:\Windows\xlkfs.ini [80]
~ Files: 1076 Legitimates Filtered in 00mn 51s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{c50bd2e4-c37e-11e3-932d-001bfcd089f7}\AutoRun\command. (...) -- I:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- F:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- F:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.DE7FCC77F4A503AF4CA6A47D49B3713D] - 01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- F:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- F:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.4EF44915E522F3ECD1A3FF540AA64126] - 25/02/2010 - 16:51:02 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- F:\Windows\System32\Drivers\tap0901.sys [29696]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 05/10/2010 - 00:59:32 ---A- . (...) -- F:\Windows\SysWOW64\StarOpen.sys [5632]
~ Drivers: 16 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 05/12/1746 - ??\Fdrivers\mwac.sys (MBAMWebAccessControl) .(. - .) - LEGACY_MBAMWEBACCESSCONTROL
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- F:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "50EE24DF9F81F95439D577E0573BEB5E" . (..) -- F:\Windows\Installer\{FD42EE05-18F9-459F-935D-770E75B3BEE5}\ARPPRODUCTICON.exe
O90 - PUC: "5923976166327F040A543A4EA21863E5" . (.Bing Bar.) -- F:\Windows\Installer\{16793295-2366-40F7-A045-A3E42A81365E}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 66 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASAPI32 =>PUP.Manager
HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASMANCS =>PUP.Manager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 110 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/02/2012 193816 | (BBSvc) . (.Microsoft Corporation..) - F:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - F:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - F:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 09/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - F:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 14/07/2009 27136 | F:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - F:\Windows\System32\svchost.exe

SR - | Auto 10/10/2013 144152 | (!SASCORE) . (.SUPERAntiSpyware.com.) - F:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 06/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - F:\Windows\System32\atiesrxx.exe
SR - | Auto 11/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
SR - | Demand 13/02/2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - F:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe =>Toolbar.Bing
SR - | Demand 06/12/2011 2430128 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - F:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SR - | Auto 11/03/2014 260360 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - F:\Windows\system32\IProsetMonitor.exe
SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - F:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - F:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 16/10/2013 289496 | (RtkAudioService) . (.Realtek Semiconductor.) - F:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - F:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | F:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - F:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (18/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
~ Additionnel Scan: 330901 Items scanned in 00mn 41s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager =>PUP.Manager
~ MSI: 1 link(s) detected in 00mn 00s



~ 2031 Legitimates filtered by white list
End of the scan (430 lines in 03mn 30s)(0)

Publicité


Signaler le contenu de ce document

Publicité