cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.9.14.133 - Nicolas Coolman (10/09/2014)
~ Lancé par Christian (14/09/2014 21:33:15)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v37.0.2062.103 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Internet Security v9.0.2021
Malwarebytes Anti-Malware version 2.0.2.1012

---\\ Logiciels d'optimisation du système
CCleaner

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 ActiveX
Adobe Reader 8.1.2 Security Update 1
Java 7 Update 55

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec (Fail-safe boot)
Total RAM: 2037 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 74 GB (51%) free of 144 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-CHRISTIAN
~ User Name: Christian
~ All Users Names: Christian, Administrateur, Admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Christian\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Christian\AppData\Roaming\
~ %Desktop% : C:\Users\Christian\Desktop\
~ %Favorites% : C:\Users\Christian\Favorites\
~ %LocalAppData% : C:\Users\Christian\AppData\Local\
~ %StartMenu% : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 74 Go of 144 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.BAE2B45ED648DEA784A2048BDB22F3F8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/08/2014 - 15:37:03.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.F5272A105F59A7B3B345D9D6D87DA7AD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:53:22.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/601
~ Mes musiques (My Musics) : 3/284
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 1/273
~ Mon Bureau (My Desktop) : 1/42
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.F8BFA29D0F02CB800F48CD90091B95B8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8104448] [PID.628]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://google.com
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [TVT Scheduler Proxy] . (.Lenovo Group Limited - scheduler_proxy Application.) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [PMHandler] . (.Lenovo - PMHandler.) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] . (.Lenovo Group Limited - Lenovo Care Manager.) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] . (.lenovo - FirstRunOffersLauncher.) -- c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] . (.Authentec,Inc - Pas de description.) -- C:\Program Files\Lenovo Fingerprint Software\fpapp.exe
O4 - HKLM\..\Run: [cssauth] . (.Lenovo Group Limited - CSS Authentication Provider.) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
O4 - HKLM\..\Run: [AwaySch] . (.Lenovo Group Limited - Maintenance Manager Scheduler.) -- C:\Program Files\Lenovo\AwayTask\AwaySch.exe
O4 - HKLM\..\Run: [AMSG] . (.LENOVO - Message Center.) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [snp2uvc] . (.Sonix - CameraMonitor Application.) -- C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] . (.Pas de propriétaire - CameraApplicationLaunchPadLauncher.) -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Labtec Inc, - Communications Manager.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Labtec\WebCam10\WebCam10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-21-3938741510-3761761687-1418677488-1004\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3938741510-3761761687-1418677488-1004\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3938741510-3761761687-1418677488-1004\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{095BE78B-F744-4AED-B65F-C60BAB4770A1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{095BE78B-F744-4AED-B65F-C60BAB4770A1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 3 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Access - Aide - (...) [HKLM] -- {C6FA39A7-26B1-480A-BC74-6D17531AC222}
O42 - Logiciel: ESSPDock - (.Nom de votre société.) [HKLM] -- {FCDB1C92-03C6-4C76-8625-371224256091}
O42 - Logiciel: Help Center - (...) [HKLM] -- {986F64DC-FF15-449D-998F-EE3BCEC6666A}
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\40594InstEnd]
[HKLM\Software\DDNI]
[HKLM\Software\IncrediMail]
~ Key Software: 296 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/09/2014 - 17:57:09 - [] ----D C:\Program Files\Uninstaller
O43 - CFD: 29/09/2011 - 18:27:16 - [] ----D C:\ProgramData\TaskMgr
~ Program Folder: 206 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.E88454904649AB395CA2C242AB94877A] - 13/09/2014 - 16:28:15 ---A- . (...) -- C:\Windows\System32\scorelog.txt [164377]
O44 - LFC:[MD5.B7DAD61B8172460823557FA36E33BF47] - 14/09/2014 - 13:08:44 ---A- . (...) -- C:\DelFix.txt [654]
O44 - LFC:[MD5.44B3F4EE8C7594E3F01BC52B7B8D5795] - 14/09/2014 - 17:16:15 ---A- . (...) -- C:\sc-cleaner.txt [5184]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/09/2014 - 17:32:30 ---A- . (...) -- C:\essai.txt [0]
O44 - LFC:[MD5.FDBF467A3C9CE19EDDAB292D90A65039] - 14/09/2014 - 19:19:05 ---A- . (...) -- C:\Windows\System32\PROCDB.INI [5402]
O44 - LFC:[MD5.69746FE74257D029D538C3B8429EA0F4] - 14/09/2014 - 19:19:09 ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408]
O44 - LFC:[MD5.67B23A85644592C0079A04792F304295] - 14/09/2014 - 19:35:11 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [4016]
O44 - LFC:[MD5.67B23A85644592C0079A04792F304295] - 14/09/2014 - 19:35:12 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [4016]
O44 - LFC:[MD5.62FF8D11778330E6E37E9C7D3C58869A] - 14/09/2014 - 20:33:09 ---A- . (...) -- C:\Windows\ntbtlog.txt [322782]
~ Files: 48 Legitimates Filtered in 00mn 56s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\ACGina.dll
~ LSA: 8 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/08/2014 - 14:59:27 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:07/09/2010 - 16:24:46 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:06/08/2014 - 14:59:28 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:06/08/2014 - 14:59:28 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:06/03/2007 - 16:50:30 ---A- . (...) -- C:\Windows\System32\Drivers\Lvckap.sys [1669664]
O58 - SDL:28/04/2003 - 11:31:18 R--A- . (.OEM - OX16C95x Serial Device Driver.) -- C:\Windows\System32\Drivers\OXSER.SYS [51169]
O58 - SDL:24/02/2007 - 13:42:22 ---A- . (.REDC - RICOH SD Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys [39936]
O58 - SDL:23/01/2007 - 15:40:20 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys [42496]
O58 - SDL:21/03/2007 - 21:02:04 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:16/02/2007 - 14:09:06 ---A- . (.Pas de propriétaire - USB2.0 PC Camera driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [9598080]
O58 - SDL:21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:29/09/2011 - 17:27:16 RSH-- . (...) -- C:\Windows\System32\80946586D3.sys [88]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:29/09/2011 - 17:27:21 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [5642]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 116 Legitimates Filtered in 00mn 17s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7FFB7332BB63BCF6688E0D3658EB3ECB] [SPRF][11/06/2008] (...) -- C:\ProgramData\pswi_preloaded.exe [1402448]
[MD5.390477D3E0C4B76CE88907579531A472] [SPRF][23/12/2011] (...) -- C:\Users\Christian\Desktop\epson324601eu.exe [16389632]
[MD5.1027DF7F909776789D9D1C2C30410166] [SPRF][09/04/2011] (...) -- C:\Users\Christian\Desktop\OOo_3.3.0_Win_x86_install-wJRE_fr.exe [152474936]
[MD5.C35DC4CD10D51F516AD6BB6468F0D609] [SPRF][14/09/2014] (.Pas de propriétaire - Réparations IE, Windows Update et IP-DNS.) -- C:\Users\Christian\Desktop\RepWin.exe [1205760]
[MD5.C1974F029A2E6A44E6BB5A75762235B8] [SPRF][14/09/2014] (.Bleeping Computer, LLC - Windows shortcut cleaner..) -- C:\Users\Christian\Desktop\sc-cleaner.exe [441592]
[MD5.795ED6E48454ED25030E41F567314C4D] [SPRF][14/09/2014] (.Pas de propriétaire - ZHPCleaner.) -- C:\Users\Christian\Desktop\ZHPCleaner.exe [1307648]
~ Files: 10 Legitimates Filtered in 00mn 04s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/07/1658 0 | (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 10/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/10/2006 9216 | (AgereModemAudio) . (.Agere Systems.) - C:\Windows\system32\agrsmsvc.exe
SS - | Auto 06/08/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Auto 06/08/2014 106488 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SS - | Auto 05/08/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/08/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
SS - | Auto 30/01/2007 108080 | (IPSSVC) . (.Lenovo Group Limited.) - C:\Windows\System32\IPSSVC.exe
SS - | Auto 06/03/2007 105248 | (LVSrvLauncher) . (.Labtec Inc..) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
SS - | Auto 16/03/2007 57344 | (PMSveH) . (.Lenovo.) - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
SS - | Auto 02/11/2006 174656 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SS - | Auto 20/12/2006 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Auto 10/12/2013 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\system32\rpcnet.exe
SS - | Auto 18/04/2011 28672 | (SUService) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\System Update\SUService.exe
SS - | Auto 09/08/2007 644408 | (ThinkVantage Registry Monitor Service) . (.Lenovo Group Limited.) - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
SS - | Auto 09/08/2007 722232 | (TSSCoreService) . (.IBM.) - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
SS - | Disabled 08/01/2007 569344 | (TVT Backup Protection Service) . (...) - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
SS - | Auto 08/01/2007 950272 | (TVT Backup Service) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
SS - | Auto 04/03/2008 1122304 | (TVT Scheduler) . (.Lenovo Group Limited.) - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (10/09/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 353683 Items scanned in 00mn 51s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



~ 814 Legitimates filtered by white list
End of the scan (414 lines in 02mn 57s)(0)

Publicité


Signaler le contenu de ce document

Publicité