cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.11.30.168 - Nicolas Coolman (30/11/2014)
~ Lancé par boyer (01/12/2014 16:02:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 33.1.1
GCIE: Google Chrome v39.0.2171.71 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : D9G42
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Microsoft Security Client v4.6.0305.0
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 ActiveX
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 403 GB (86%) free of 466 GB

---\\ Mode de connexion au système
~ Computer Name: BOYER-PC
~ User Name: boyer
~ All Users Names: HomeGroupUser$, boyer, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\boyer\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\boyer\AppData\Roaming\
~ %Desktop% : C:\Users\boyer\Desktop\
~ %Favorites% : C:\Users\boyer\Favorites\
~ %LocalAppData% : C:\Users\boyer\AppData\Local\
~ %StartMenu% : C:\Users\boyer\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 403 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F170B4A061C9E026437B193B4D571799] - (.Microsoft Corporation - Explorateur Windows.) (.03/08/2009 - 07:17:37.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4
~ Mes Favoris (My Favorites) : 1/73
~ Mes Documents (My Documents) : 2/999
~ Mon Bureau (My Desktop) : 1/4230
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.66B1C09A03323BC0142B62769ACB195E] - (.NVIDIA Corporation - NVIDIA Update Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056] [PID.2476]
[MD5.6C005350B008087DFED3A7F61101CA79] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366576] [PID.2516]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2668]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.2676]
[MD5.887CAA31048EB8ED09A0CBD0E6F46F09] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776] [PID.2688]
[MD5.D706A6F8532AA65F3B40C8749F57B79A] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424] [PID.2696]
[MD5.411DB6D68BD91D5058C76A2FD40ED8B0] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [264176] [PID.2372]
[MD5.42D4456168E4A85AE1C29CCB008DC803] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8135680] [PID.4840]
[MD5.D2230317777033CD0456990BFC4994E5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.736]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1440]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\boyer\AppData\Roaming\Mozilla\Firefox\Profiles\wlj2yyit.default\prefs.js
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Update Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2688559226-782584002-2030347470-1001\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O4 - HKUS\S-1-5-21-2688559226-782584002-2030347470-1001\..\Run: [EPSON SX110 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E35C8A80-FF48-4CAC-A2DF-0906954FD395}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E35C8A80-FF48-4CAC-A2DF-0906954FD395}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E35C8A80-FF48-4CAC-A2DF-0906954FD395}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{45759CB4-0563-49BB-B072-1AD76F5CB6E3}] (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4894D2A0-8BC9-4734-BFD2-ECEF15C26253}] (...) -- D:\CK_Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{75FBF572-5A48-4233-93F9-A8D949584932}] (...) -- D:\Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D5E24145-9E3A-4983-AF3E-DA711C4588AA}] (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F90DA442-31D4-4DF4-8159-AC0467506089}] (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
~ Key Software: 170 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/11/2014 - 18:34:46 - [] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 23/11/2014 - 20:25:57 - [] ----D C:\Program Files (x86)\splus
O43 - CFD: 23/11/2014 - 18:35:16 - [] ----D C:\ProgramData\IM
O43 - CFD: 23/11/2014 - 18:34:46 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 23/11/2014 - 18:35:10 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 23/11/2014 - 20:25:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suppress plus
O43 - CFD: 14/07/2009 - 16:35:05 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 23/11/2014 - 18:37:12 - [] ----D C:\Users\boyer\AppData\Local\IM
~ Program Folder: 123 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/12/2014 - 14:11:14 ---A- . (...) -- C:\essai.txt [0]
O44 - LFC:[MD5.1579325C9EE735890B4184097E80C7D6] - 18/11/2014 - 17:08:46 ---A- . (...) -- C:\antivirus.exe [745704]
O44 - LFC:[MD5.9AE589C305227EEDD5A1A665C9EACA10] - 19/11/2014 - 14:10:07 ---A- . (...) -- C:\CCleaner.lnk [822]
O44 - LFC:[MD5.85626FD30EA7A7D6252751D6BBD96148] - 19/11/2014 - 16:47:41 ---A- . (...) -- C:\Finance 2003.lnk [2104]
O44 - LFC:[MD5.77D152413B6BABCAB7295C210A80EACC] - 23/11/2014 - 12:25:50 ---A- . (...) -- C:\Windows\TSSysprep.log [1313]
O44 - LFC:[MD5.BA20464C38461DB7F205B49382BB0907] - 23/11/2014 - 12:25:55 ---A- . (...) -- C:\Windows\DtcInstall.log [1774]
O44 - LFC:[MD5.3B3B9EA1624B09A8F294445EBAD053B4] - 23/11/2014 - 13:04:20 ---A- . (...) -- C:\Windows\comsetup.log [1574]
O44 - LFC:[MD5.4EA63EAAFA06AFCD46873FC23B793DB7] - 23/11/2014 - 19:03:55 ---A- . (...) -- C:\Windows\wmsetup.log [615]
O44 - LFC:[MD5.D3FD99DBAD44F786331A21C7DB4FC6A7] - 24/11/2014 - 10:59:00 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [26353]
O44 - LFC:[MD5.25B77510E72D44495E90AE600A59596F] - 25/11/2014 - 18:28:33 ----- . (...) -- C:\bootsqm.dat [3368]
O44 - LFC:[MD5.C05E9B90D1B31279518C76536E34FD5E] - 27/11/2014 - 17:18:43 ---A- . (...) -- C:\Windows\IE9_main.log [2069]
O44 - LFC:[MD5.B55FA6AD6C4A74AFC85433490E97C0DE] - 27/11/2014 - 22:01:55 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3826628]
O44 - LFC:[MD5.E734D7274BCB1E841541BE4E800C1290] - 27/11/2014 - 22:13:41 ---A- . (...) -- C:\Windows\ntbtlog.txt [147696]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/11/2014 - 23:02:12 ---A- . (...) -- C:\Windows\EEventManager.INI [0]
O44 - LFC:[MD5.EAD929D1584DDDDDFE596CAD575C87BE] - 27/11/2014 - 23:38:29 ---A- . (...) -- C:\sc-cleaner.txt [1768]
O44 - LFC:[MD5.78EDCF46BF0BAE4A6E60A7359E3D5276] - 29/11/2014 - 14:18:49 ---A- . (...) -- C:\Windows\eReg.dat [570]
~ Files: 86 Legitimates Filtered in 00mn 05s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/03/2005 - 01:30:38 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 44 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 122 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.71BA5983A665FB4CCE507093B1FA143B] [SPRF][04/05/2012] (.Pas de propriétaire - AVAST Software Setup Engine.) -- C:\Users\boyer\Desktop\avast_free_7_antivirus_setup.exe [74761776]
[MD5.6F3C3730C2F4C2DCD06CC1D2692CAFCA] [SPRF][26/04/2003] (.SoftChris - Finance 2003.) -- C:\Users\boyer\Desktop\Finance2003.exe [2122240]
[MD5.F68017583F3ECC185F01DFDFDD67E3D6] [SPRF][28/11/2014] (...) -- C:\Users\boyer\Desktop\mozilla-firefox_33-1-1_fr_11003.exe [36588256]
[MD5.461FD39DAF0835F5AD5F64D593795A75] [SPRF][27/11/2014] (.Bleeping Computer, LLC - Windows shortcut cleaner..) -- C:\Users\boyer\Desktop\sc-cleaner.exe [441592]
[MD5.FA2AEB6E70B6C6BB576C7576179B64FF] [SPRF][11/07/2012] (...) -- C:\Users\boyer\Desktop\vlc-2.0.2-win32.exe [22657136]
[MD5.C2C0EF7540C50CEFF600335397359AB9] [SPRF][01/12/2014] (.Pas de propriétaire - ZHPCleaner.) -- C:\Users\boyer\Desktop\ZHPCleaner.exe [1406464]
~ Files: 9 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 24/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (30/11/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

C:\Users\boyer\AppData\Local\Temp\square_sweetim.bmp =>PUP.SweetIM
C:\Users\boyer\AppData\Local\Temp\toolbar_sweetim.bmp =>PUP.SweetIM
C:\Users\boyer\AppData\Local\Temp\square_babylon.bmp =>PUP.SweetIM
~ Additionnel Scan: 175521 Items scanned in 00mn 26s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
~ MSI: 1 link(s) detected in 00mn 00s



~ 727 Legitimates filtered by white list
End of the scan (386 lines in 01mn 07s)(0)

Publicité


Signaler le contenu de ce document

Publicité