cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.7.19.106 - Nicolas Coolman (19/07/2014)
~ Lancé par Lisa (20/07/2014 21:26:51)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16921 (Defaut)
GCIE: Google Chrome v36.0.1985.125

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 2J8YG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4028 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 601 GB (89%) free of 674 GB

---\\ Mode de connexion au système
~ Computer Name: LISA
~ User Name: Lisa
~ All Users Names: UpdatusUser, Lisa, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Lisa\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Lisa\AppData\Roaming\
~ %Desktop% : C:\Users\Lisa\Desktop\
~ %Favorites% : C:\Users\Lisa\Favorites\
~ %LocalAppData% : C:\Users\Lisa\AppData\Local\
~ %StartMenu% : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 601 Go of 674 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.24/11/2013 - 03:48:59.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.73AB92A1AA104EAF08B7AEA27B10C5CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/05/2014 - 03:47:54.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/09/2013 - 04:34:15.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.24/11/2013 - 03:48:58.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/27
~ Mon Bureau (My Desktop) : 3/882
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.EFC5D323E170D859F26E4666C885484E] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3695912] [PID.2844]
[MD5.FC9095973170EB63BAB2A8554E5D25A5] - (.Pas de propriétaire - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073768] [PID.4436]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.5036]
[MD5.0E84A5A8C621F733621B270C717B4379] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [249320] [PID.5048]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4720]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.1076]
[MD5.DB314CFF0FB931BEEF9AA53B4DBABDC5] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21064] [PID.3264]
[MD5.296498DF17A29339D071D516FD25CB02] - (...) -- C:\Users\Lisa\Desktop\RogueKiller.exe [4770904] [PID.520]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3536]
[MD5.19A0A39635A48351A75D92938586FA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8078848] [PID.5292]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Lisa]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C7065AC-41F4-4198-B572-BAF9FF5AD819}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C7065AC-41F4-4198-B572-BAF9FF5AD819}: DhcpDomain = dartybox.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C7065AC-41F4-4198-B572-BAF9FF5AD819}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C7065AC-41F4-4198-B572-BAF9FF5AD819}: DhcpDomain = dartybox.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AllDaySavingsService64 (AllDaySavingsService64) . (...) - C:\Program Files (x86)\E061490F-E994-4CAC-95B5-87635F824BF7\skwdldhvtp64.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.Pas de propriétaire - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) . (...) - C:\Windows\system32\valWBFPolicyService.exe
~ Services: 20 Legitimates Filtered in 00mn 22s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Optimizer Pro Schedule] (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) [0] =>PUP.OptimizerPro
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
~ Drivers: 44 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Store]
[HKLM\Software\AllDaySavings ]
[HKLM\Software\AllDaySavings]
[HKLM\Software\Wow6432Node\AllDaySavings]
[HKLM\Software\Wow6432Node\mamverifier]
~ Key Software: 253 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2014 - 19:08:45 - [] ----D C:\Program Files (x86)\E061490F-E994-4CAC-95B5-87635F824BF7
O43 - CFD: 09/02/2014 - 14:02:36 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 19/07/2014 - 19:15:26 - [0] ----D C:\Users\Lisa\AppData\Roaming\Store
O43 - CFD: 20/07/2014 - 01:18:45 - [] ----D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 148 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CD7FB7F9DA362D0360A797E241A8DCC1] - 16/07/2014 - 10:39:23 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [45248]
O44 - LFC:[MD5.9E34BF0784E087F7366DBD2BDA01C8EB] - 17/07/2014 - 18:46:38 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 19/07/2014 - 19:39:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 20/07/2014 - 00:18:47 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/07/2014 - 00:19:34 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.7CA09731EB7FC99B910C7F239E57720F] - 20/07/2014 - 19:48:04 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Files: 28 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.643EDA9456AC2F5ECFA78731F20DEBB6] - 19/07/2014 - 23:47:33 ---A- - C:\Windows\Prefetch\ISAFESCAN.EXE-BEDBDBDC.pf =>Trojan.Staser
O45 - LFCP:[MD5.37E038D10C6DE91D6BAE0669B24FAFFE] - 20/07/2014 - 16:34:46 ---A- - C:\Windows\Prefetch\ISAFESVC.EXE-8A12EE57.pf =>Trojan.Staser
O45 - LFCP:[MD5.AA2803883BC00D727F84A1B68B8EA56E] - 20/07/2014 - 00:00:56 ---A- - C:\Windows\Prefetch\ISAFESVC2.EXE-FF57F8B9.pf =>Trojan.Staser
O45 - LFCP:[MD5.CE0025BFC7A3E5A219E0F1D2B188E7F4] - 20/07/2014 - 16:33:55 ---A- - C:\Windows\Prefetch\ISAFETHLP.EXE-9D14CCFB.pf =>Trojan.Staser
O45 - LFCP:[MD5.F772DE96872E5B68C30115C23863B059] - 20/07/2014 - 16:34:33 ---A- - C:\Windows\Prefetch\ISAFETHLP64.EXE-34E5B12D.pf =>Trojan.Staser
O45 - LFCP:[MD5.64F1C8EF73EBDA045360A414D739780A] - 20/07/2014 - 16:18:53 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-F929161B.pf =>Trojan.Staser
O45 - LFCP:[MD5.4A6A1E38F043F6ECC026BBAAADA012FD] - 19/07/2014 - 17:23:12 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FA03D2EB.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.1C46536733F298E76F6A6966700F1F05] - 20/07/2014 - 00:20:34 ---A- - C:\Windows\Prefetch\SHSETUP.EXE-658C5A6C.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.E7D7CDBD46479B64F8C7C62B2C76CCF2] - 20/07/2014 - 00:17:44 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-CD439A77.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.0DECAA2433E8DD3678A0E5C3EE42359A] - 19/07/2014 - 18:04:30 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-7454DAB5.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.28461318FEF765C7370463D5C6AAF08C] - 19/07/2014 - 18:04:34 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-B721973F.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.3B411C003A8C4312E44DAAC9B65634F9] - 19/07/2014 - 17:21:18 ---A- - C:\Windows\Prefetch\UTORRENT (1).EXE-50BC4984.pf =>P2P.µTorrent
O45 - LFCP:[MD5.B9BE9BB1B0B4CE2EE30D80AD4CC4D707] - 19/07/2014 - 17:16:28 ---A- - C:\Windows\Prefetch\UTORRENT [1].EXE-F10FB417.pf =>P2P.µTorrent
O45 - LFCP:[MD5.225B5FB73CA693B40773C1C3929E95B8] - 19/07/2014 - 17:16:13 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-AF011FE2.pf =>P2P.µTorrent
O45 - LFCP:[MD5.C36EE6D1C4012E2BD89ED9DBA198D466] - 19/07/2014 - 18:27:13 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-E9421C8A.pf =>P2P.µTorrent
O45 - LFCP:[MD5.8EC92BEE5BDA7E5E0180BE80F17FAD30] - 20/07/2014 - 00:18:51 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-9DD21410.pf =>Crapware.SpyHunter
~ Prefetcher: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:19/07/2014 - 19:39:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:19/07/2014 - 19:39:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:19/07/2014 - 19:39:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:22/06/2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O58 - SDL:13/02/2013 - 10:28:26 ---A- . (.Pas de propriétaire - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [21048]
O58 - SDL:13/02/2013 - 10:28:28 ---A- . (.Pas de propriétaire - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [21048]
O58 - SDL:16/07/2014 - 10:39:23 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [45248]
O58 - SDL:13/02/2013 - 10:28:28 ---A- . (.Pas de propriétaire - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46568]
O58 - SDL:17/07/2014 - 18:46:38 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:05/02/2013 - 12:59:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [544768]
O58 - SDL:20/07/2014 - 19:48:04 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
O58 - SDL:20/07/2014 - 20:21:21 ---A- . (...) -- C:\Windows\SysWOW64\drivers\TrueSight.sys [29160]
~ Drivers: 70 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 14/07/2014 - 21:27:41 ---A- . (...) -- C:\Users\Lisa\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin [257704]
O61 - LFC: 15/07/2014 - 21:27:39 ---A- . (...) -- C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll [132424]
O61 - LFC: 19/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\BitLordInstaller - Qu'est-ce qu'on a fait au Bon Dieu[2014]DVDRip.XviD[French].exe [689632] =>Adware.WhenUSave
O61 - LFC: 19/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\Player_Setup.exe [1385152]
O61 - LFC: 19/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\Qu'est-ce_qu'on_a_fait_au_Bon_Dieu(2014)DVDRip.XviD(French).exe [370736]
O61 - LFC: 19/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\Quest-ce_quon_a_fait_au_Bon_Dieu[2014]DVDRip_XviD[French].exe [370736]
O61 - LFC: 19/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\Setup (3).exe [1385160]
O61 - LFC: 19/07/2014 - 21:27:52 ---A- . (.Elex do Brasil Participações Ltda.) -- C:\Users\Lisa\Desktop\yet_another_cleaner_sk.exe [12788128]
O61 - LFC: 20/07/2014 - 21:27:38 ---A- . (...) -- C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [128]
O61 - LFC: 20/07/2014 - 21:27:50 R--A- . (...) -- C:\Users\Lisa\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe [110080]
O61 - LFC: 20/07/2014 - 21:27:50 R--A- . (...) -- C:\Users\Lisa\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe [110080]
O61 - LFC: 20/07/2014 - 21:27:50 R--A- . (...) -- C:\Users\Lisa\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe [110080]
O61 - LFC: 20/07/2014 - 21:27:51 ---A- . (...) -- C:\Users\Lisa\Desktop\AdwCleaner.exe [1354223]
O61 - LFC: 20/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Desktop\Norton_Removal_Tool.exe [870728]
O61 - LFC: 20/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Desktop\RogueKiller.exe [4770904]
O61 - LFC: 20/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Desktop\ZHPCleaner (1).exe [1136976] =>.Nicolas Coolman
O61 - LFC: 20/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Desktop\ZHPCleaner.exe [1138428] =>.Nicolas Coolman
O61 - LFC: 20/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\IDM2.exe [1074316]
O61 - LFC: 20/07/2014 - 21:27:52 ---A- . (...) -- C:\Users\Lisa\Downloads\sc-cleaner.exe [437212]
~ 9464 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 86 Legitimates Filtered in 00mn 15s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][20/07/2014] (...) -- C:\Users\Lisa\Desktop\AdwCleaner.exe [1354223]
[MD5.9631FA36F4784888F0918394778B8B07] [SPRF][20/07/2014] (...) -- C:\Users\Lisa\Desktop\Norton_Removal_Tool.exe [870728]
[MD5.296498DF17A29339D071D516FD25CB02] [SPRF][20/07/2014] (...) -- C:\Users\Lisa\Desktop\RogueKiller.exe [4770904]
[MD5.1288EE952EF1A1972A75DAA625215314] [SPRF][19/07/2014] (.Elex do Brasil Participações Ltda - Setup.) -- C:\Users\Lisa\Desktop\yet_another_cleaner_sk.exe [12788128]
[MD5.5FFF4CED88B8755099B40CB63961B585] [SPRF][20/07/2014] (...) -- C:\Users\Lisa\Desktop\ZHPCleaner (1).exe [1136976]
[MD5.BB8DDA144B98C95BFC773971E4E65346] [SPRF][20/07/2014] (...) -- C:\Users\Lisa\Desktop\ZHPCleaner.exe [1138428]
~ Files: 14 Legitimates Filtered in 00mn 07s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASMANCS =>PUP.RightSurf
~ BTK: 64 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 24/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 07/01/2013 401856 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 27/09/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/07/2014 172544 | (AllDaySavingsService64) . (...) - C:\Program Files (x86)\E061490F-E994-4CAC-95B5-87635F824BF7\skwdldhvtp64.exe
SR - | Auto 19/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 31/01/2013 1626872 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 10/01/2013 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 07/02/2013 1641768 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 01/03/2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 01/02/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 22/02/2013 129848 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 13/02/2013 180200 | (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 22/02/2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 22/02/2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 07/03/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 09/01/2014 1025408 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 05/02/2013 332800 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 19/03/2013 28160 | (valWBFPolicyService) . (...) - C:\Windows\system32\valWBFPolicyService.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Lisa at 20/07/2014 21:29:56
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Lisa at 20/07/2014 21:29:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 7

[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Users\Lisa\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
C:\Users\Lisa\AppData\Local\Temp\IminentSetup.exe =>Adware.IMBooster
C:\Users\Lisa\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit
C:\Users\Lisa\AppData\Local\Temp\GCVerifier.dll =>Toolbar.Conduit
~ Additionnel Scan: 284831 Items scanned in 00mn 20s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/adware-whenusave =>Adware.WhenUSave
http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.fr/pup-rightsurf =>PUP.RightSurf
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
~ MSI: 10 link(s) detected in 00mn 00s



~ 720 Legitimates filtered by white list
End of the scan (495 lines in 03mn 27s)(0)

Publicité


Signaler le contenu de ce document

Publicité