cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.3.5.26 - Nicolas Coolman (01/03/2015)
~ Lancé par yannmb (07/03/2015 22:28:10)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17631
GCIE: Google Chrome v40.0.2214.115 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 6MRWQ
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee LiveSafe – Internet Security v13.6.1529
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v4.01

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 55 Stepping 8, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8074 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 403 GB (88%) free of 457 GB

---\\ Mode de connexion au système
~ Computer Name: DIEUX
~ User Name: yannmb
~ All Users Names: yannmb, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\yannmb\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\yannmb\AppData\Roaming\
~ %Desktop% : C:\Users\yannmb\Desktop\
~ %Favorites% : C:\Users\yannmb\Favorites\
~ %LocalAppData% : C:\Users\yannmb\AppData\Local\
~ %StartMenu% : C:\Users\yannmb\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 403 Go of 457 Go)
D: Hard drive, Flash drive, Thumb drive (Free 411 Go of 457 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.85D47EB257B06094F052E0C8AEFA3BEE] - (.Microsoft Corporation - Explorateur Windows.) (.23/11/2014 - 03:08:57.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.23/11/2014 - 03:07:26.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.9DFE41A69DF70AAB75CB5BA8C1109EA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/01/2015 - 02:27:32.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.23/11/2014 - 03:08:15.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.23/11/2014 - 03:07:26.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.23/11/2014 - 03:07:19.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.02/01/2015 - 17:30:31.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2014 - 03:07:27.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.23/11/2014 - 03:07:26.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.02/01/2015 - 17:30:32.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:11:06.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.23/11/2014 - 03:07:18.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/381
~ Mes musiques (My Musics) : 3/346
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/84
~ Mon Bureau (My Desktop) : 1/29
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.F4790478800A996244C01689BEB5F616] - (.IObit - Performance Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [1749792] [PID.1528]
[MD5.CBDBCB4DC3C3EAD303B2F10824BAB291] - (.Acer Incorporated - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [527616] [PID.2460]
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3120]
[MD5.43CABAB20FAEE5D8322DE886EDE7849B] - (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [2132768] [PID.3324]
[MD5.B9D6D7E6E5C4FCD8DD7F88EC9D563085] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592] [PID.4700]
[MD5.E4D24A2E0580AC3B10BFB49C4EA3357D] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe [389160] [PID.6020]
[MD5.4860117DA2E6E9B300144902629B09AC] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896] [PID.6036]
[MD5.ACD929D8754B63BBBB68B48B96F8A99E] - (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704] [PID.6072]
[MD5.EE591DAC311022DD8E6A2E6345962F5D] - (.Acer - Acer Portal.) -- C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384] [PID.6108]
[MD5.AC314BDF8721B62EA462266CF55B0838] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [1211088] [PID.2672]
[MD5.66EB26B4A0C2146ADD7828A5A4EC81E0] - (.Acer Incorporated - Background Agent.) -- C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208] [PID.6268]
[MD5.35B8CDACB318EEC3C7B33AD7A99F1BC3] - (...) -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880] [PID.7036]
[MD5.F8150A06276FDAF0AE9870CDC3C0A135] - (.Pokki - Host App Service.) -- C:\Users\yannmb\AppData\Local\Pokki\Engine\HostAppService.exe [7852872] [PID.6288]
[MD5.E2E72A08C6578683C41908AECCDEFA80] - (...) -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [89344] [PID.7588]
[MD5.4DB5909D450AE68CC11DC865B9B84F71] - (.Pas de propriétaire - Aut2Exe.) -- C:\Users\yannmb\Downloads\adwcleaner_4.111.exe [2126848] [PID.2680]
[MD5.35F8A4C2ED66BDDC29C961419DEF147D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8184320] [PID.9228]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\MSC\npMcSnFFPl64.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (0)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Ads Removal [64Bits] - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} . (.Adblock - Helps you remove browser ads!.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Booking.com.lnk . (...) -- C:\Program Files (x86)\Booking.COM\StartURL.exe (.not file.)
O4 - GS\SendTo [yannmb]: YAC Desktop.lnk . (...) -- C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe (.not file.) =>PUP.Elex
~ Global Startup: 3 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Pokki] %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
O4 - HKCU\..\Run: [AcerPortal] . (.Acer - Acer Portal.) -- C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1425758981
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BacKGround Agent] . (.Acer Incorporated - Background Agent.) -- C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
O4 - HKLM\..\Wow6432Node\Run: [abDocsDllLoader] . (...) -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKUS\S-1-5-21-2706440409-3803918576-2448245647-1001\..\Run: [Pokki] %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKUS\S-1-5-21-2706440409-3803918576-2448245647-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-2706440409-3803918576-2448245647-1001\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
O4 - HKUS\S-1-5-21-2706440409-3803918576-2448245647-1001\..\Run: [AcerPortal] . (.Acer - Acer Portal.) -- C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
O4 - HKUS\S-1-5-21-2706440409-3803918576-2448245647-1001\..\RunOnce: [Adobe Speed Launcher] 1425758981
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 01s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4403DB08-CE45-4A64-A248-59A5BC5CEFD0}: DhcpNameServer = 109.0.66.20 109.0.66.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1219A-39FE-4C02-B928-8E119EB08C39}: DhcpNameServer = 109.0.66.20 109.0.66.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{4403DB08-CE45-4A64-A248-59A5BC5CEFD0}: DhcpNameServer = 109.0.66.20 109.0.66.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4A1219A-39FE-4C02-B928-8E119EB08C39}: DhcpNameServer = 109.0.66.20 109.0.66.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.20 109.0.66.10
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.793B23EFB0B02BE574DB8FCDFC3360D0] [APT] [UbtFrameworkService] (.TODO: .) -- C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [216296]
O39 - APT: - (..) -- C:\Windows\Tasks\ASC8_SkipUac_Système.job [264]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ASC8_SkipUac_Système [264]
O39 - APT: - (..) -- C:\Windows\Tasks\ASC8_SkipUac_yannmb.job [256]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ASC8_SkipUac_yannmb [256]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
O39 - APT: - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_yannmb.job [292]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_yannmb [292]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\WINDOWS\sysWOW64\drivers\HWiNFO64A.sys
~ Drivers: 38 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Host App Service - (.Pokki.) [HKCU][64Bits] -- Pokki
~ Logic: 4 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex
[HKLM\Software\Wow6432Node\ORBTR] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
~ Key Software: 239 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/03/2015 - 16:46:34 - [0] ----D C:\Program Files (x86)\Elex-tech =>PUP.Elex
O43 - CFD: 05/03/2015 - 23:32:46 - [] ----D C:\Program Files (x86)\Free Codec Pack
O43 - CFD: 28/02/2015 - 20:13:35 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 22/11/2014 - 16:18:34 - [] ----D C:\ProgramData\OEM_YAHOO
O43 - CFD: 28/02/2015 - 21:44:42 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 22/11/2014 - 16:49:30 - [0] ----D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
O43 - CFD: 06/03/2015 - 15:29:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
O43 - CFD: 22/08/2013 - 20:11:12 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 07/03/2015 - 17:10:56 - [0] ----D C:\Users\yannmb\AppData\Roaming\Elex-tech =>PUP.Elex
O43 - CFD: 06/03/2015 - 15:13:50 - [] ----D C:\Users\yannmb\AppData\Roaming\ProductData
O43 - CFD: 05/03/2015 - 23:32:19 - [] ----D C:\Users\yannmb\AppData\Roaming\RHEng =>PUP.Conduit
O43 - CFD: 22/11/2014 - 16:24:11 - [] ----D C:\Users\yannmb\AppData\Local\AOP SDK
O43 - CFD: 03/12/2014 - 12:47:22 - [] -SH-D C:\Users\yannmb\AppData\Local\EmieBrowserModeList
O43 - CFD: 22/11/2014 - 16:35:56 - [] ----D C:\Users\yannmb\AppData\Local\iGware
O43 - CFD: 22/11/2014 - 16:20:15 - [0] ----D C:\Users\yannmb\AppData\Local\PackageStaging
~ Program Folder: 190 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.98B94ABADEDED09DBE76449105E22C24] - 05/03/2015 - 01:52:39 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [53788]
O44 - LFC:[MD5.8A71E433D888799304267F3B2A1D2496] - 06/03/2015 - 04:13:02 ---A- . (...) -- C:\Windows\System32\Drivers\SPPD.sys [21976]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2015 - 18:13:46 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.43647B730E82998201C61CA7FF7B524A] - 27/02/2015 - 22:16:54 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [391526]
~ Files: 58 Legitimates Filtered in 00mn 09s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:06/03/2015 - 04:13:02 ---A- . (...) -- C:\Windows\System32\Drivers\SPPD.sys [21976]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:15/08/2014 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:09/01/2015 - 13:08:33 ---A- . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528]
~ Drivers: 64 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {4457C3EE-6E6E-4795-87DB-58980EBEC09E} [DefaultScope] - (Recherche sécurisée) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {5CCCCD7F-8EBE-43C2-93CE-81613B765146} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {714A4D57-DEE2-42F6-8A78-0D7B37217038} - (Recherche sécurisée) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {AA9A4890-4262-4441-8977-E2FFCBFB706C} - (Yahoo!) - http://fr.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {C655A690-BF41-4223-9132-1AE80BB0279E} - (Recherche sécurisée) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {DA85C409-11A3-43E3-A6D4-C9E9FF7764B3} - (Recherche sécurisée) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/11/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 22/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 01/07/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
SS - | Demand 13/02/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 07/01/2015 601864 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Auto 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/11/2014 815392 | (AdvancedSystemCareService8) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 19/12/2014 2713856 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
SR - | Auto 31/10/2014 335064 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 27/01/2015 344864 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 01/07/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
SR - | Auto 16/01/2015 2724128 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 15/10/2014 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 21/11/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21/11/2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 19/02/2015 155368 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
SR - | Auto 13/01/2015 562200 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 21/11/2014 422632 | (mccspsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
SR - | Auto 31/10/2014 335064 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 31/10/2014 335064 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 31/10/2014 335064 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 31/10/2014 335064 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 06/11/2014 1050952 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 01/10/2014 221832 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 01/10/2014 189920 | (mfevtp) . (.McAfee, Inc..) - C:\WINDOWS\system32\mfevtps.exe
SR - | Auto 31/10/2014 335064 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 14/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 05/01/2015 1056544 | (StartMenuService) . (.IObit.) - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
SR - | Demand 24/01/2014 222952 | (UEIPSvc) . (.acer.) - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 23/11/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (01/03/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 3

C:\Program Files (x86)\Elex-tech =>PUP.Elex^
C:\Users\yannmb\AppData\Roaming\Elex-tech =>PUP.Elex^
C:\Users\yannmb\AppData\Roaming\RHEng =>PUP.Conduit^
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex^
[HKLM\Software\Wow6432Node\ORBTR] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
~ Additionnel Scan: 260822 Items scanned in 01mn 16s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
~ MSI: 4 link(s) detected in 00mn 00s



~ 693 Legitimates filtered by white list
End of the scan (447 lines in 03mn 10s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité