cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par ONE-WAVE (19/03/2015 01:08:56)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17691
MFIE: Mozilla Firefox 36.0.1 (Defaut)
GCIE: Google Chrome v42.0.2311.39

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : KP4KT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v5.03

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader 9.4.0 - Français

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3954 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 66 GB (48%) free of 136 GB

---\\ Mode de connexion au système
~ Computer Name: ONE-WAVE-TOSH
~ User Name: ONE-WAVE
~ All Users Names: ONE-WAVE, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\ONE-WAVE\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ONE-WAVE\AppData\Roaming\
~ %Desktop% : C:\Users\ONE-WAVE\Desktop\
~ %Favorites% : C:\Users\ONE-WAVE\Favorites\
~ %LocalAppData% : C:\Users\ONE-WAVE\AppData\Local\
~ %StartMenu% : C:\Users\ONE-WAVE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 66 Go of 136 Go)
D: Hard drive, Flash drive, Thumb drive (Free 249 Go of 460 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 10:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 05:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 05:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 06:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 07:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 10:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 05:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 03:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 07:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 07:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 07:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 03:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 04:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 06:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 07:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 06:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 04:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 07:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 07:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 04:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 05:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 07:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 1/7437
~ Mon Bureau (My Desktop) : 2/859
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 36s



---\\ Processus lancés
[MD5.D457BFFE122809672D652229650109D0] - (...) -- C:\Program Files (x86)\Special Box\bin\SpecialBox.BrowserAdapter.exe [105712] [PID.3224]
[MD5.D7AFB66FD382F06BF63F166A176C3112] - (...) -- C:\Program Files (x86)\Special Box\bin\SpecialBox.expext.exe [101616] [PID.3252]
[MD5.F51D682701B303ED6CC5474CE5FA5AAA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3728]
[MD5.7799D7A7F1E8DA3AE35C9FA828C32995] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [264816] [PID.3040]
[MD5.3FF3DC9155D0EB7FD2C4AD044EF2387B] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe [1893040] [PID.3148]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.1460]
[MD5.58FBDA10FC403CF9F82ABD0A68129BA3] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576] [PID.1340]
[MD5.D074465D35AEF345E1F3D0EE2EDCE41A] - (...) -- C:\Program Files (x86)\Special Box\updateSpecialBox.exe [418544] [PID.1748]
[MD5.D074465D35AEF345E1F3D0EE2EDCE41A] - (...) -- C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe [418544] [PID.2040]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ONE-WAVE\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [ONE-WAVE - 1tvjyrkr.default] {2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}.xpi
M2 - MFEP: Extension [ONE-WAVE - 1tvjyrkr.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Special Box 1.0.0.7 [64Bits] - {6a915d18-c911-4145-94d9-1492deceebe2} . (.Special Box - Special Box.) -- C:\Program Files (x86)\Special Box\SpecialBoxbho.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [ONE-WAVE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\ONE-WAVE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [ONE-WAVE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\ONE-WAVE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1115432412-1550498333-1750531449-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CA96ED2-10F6-41D6-8333-7937A9F1A1AA}: DhcpNameServer = 10.10.110.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2CA96ED2-10F6-41D6-8333-7937A9F1A1AA}: DhcpNameServer = 10.10.110.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2CA96ED2-10F6-41D6-8333-7937A9F1A1AA}: DhcpNameServer = 10.10.110.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2CA96ED2-10F6-41D6-8333-7937A9F1A1AA}: DhcpNameServer = 10.10.110.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.110.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Update Special Box (Update Special Box) . (...) - C:\Program Files (x86)\Special Box\updateSpecialBox.exe
O23 - Service: Util Special Box (Util Special Box) . (...) - C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe
~ Services: 3 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04079be808569 [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04079c03c8d72 [1070]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\Windows\sysWOW64\drivers\HWiNFO64A.sys
O41 - Driver: ({2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 99 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: DENON DJ ASIO Driver - (.DENON_DJ.) [HKLM][64Bits] -- {E4EC27CD-229E-481E-84F1-7AB83AC479BE}
O42 - Logiciel: Special Box - (.Special Box.) [HKLM][64Bits] -- Special Box
O42 - Logiciel: USB-modem Beeline - (.Beeline.) [HKLM][64Bits] -- Beeline Silverstone Beeline Home Internet_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Clubic]
[HKCU\Software\ProductSetup]
[HKCU\Software\Special Box]
[HKCU\Software\SweetScape]
[HKLM\Software\Wow6432Node\Special Box]
~ Key Software: 323 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/11/2014 - 19:17:55 - [] ----D C:\Program Files (x86)\DENON_DJ
O43 - CFD: 29/08/2014 - 12:39:35 - [] ----D C:\Program Files (x86)\GUM786A.tmp
O43 - CFD: 19/03/2015 - 00:44:14 - [] ----D C:\Program Files (x86)\RegCompact
O43 - CFD: 19/03/2015 - 00:09:50 - [] ----D C:\Program Files (x86)\Special Box
O43 - CFD: 10/01/2015 - 17:47:36 - [] ----D C:\Program Files (x86)\USB-modem Beeline
O43 - CFD: 06/11/2014 - 19:19:16 - [] ----D C:\ProgramData\DDJ_ASIO_Driver
O43 - CFD: 09/03/2015 - 23:55:25 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 28/08/2014 - 13:28:25 - [] --H-D C:\ProgramData\{ACF12395-778E-44F0-A811-C99F334A83F5}
O43 - CFD: 09/03/2015 - 23:50:15 - [0] ----D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
O43 - CFD: 28/08/2014 - 13:19:27 - [] --H-D C:\ProgramData\{BD26D777-CA21-4BDD-A581-6BCFE4F0F941}
O43 - CFD: 28/08/2014 - 13:18:59 - [] --H-D C:\ProgramData\{C6A355F5-168B-4EEC-AB7C-75594F783EDB}
O43 - CFD: 30/03/2011 - 18:56:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Service
O43 - CFD: 19/03/2015 - 00:44:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCompact
O43 - CFD: 10/01/2015 - 17:47:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB-modem Beeline
O43 - CFD: 29/08/2014 - 16:34:00 - [] ----D C:\Users\ONE-WAVE\AppData\Roaming\library_dir
O43 - CFD: 09/03/2015 - 23:51:31 - [] ----D C:\Users\ONE-WAVE\AppData\Roaming\ProductData
O43 - CFD: 05/02/2015 - 21:42:44 - [] ----D C:\Users\ONE-WAVE\AppData\Roaming\SweetScape
O43 - CFD: 29/01/2015 - 20:24:38 - [] -SH-D C:\Users\ONE-WAVE\AppData\Local\EmieBrowserModeList
O43 - CFD: 06/11/2014 - 19:17:56 - [] ----D C:\Users\ONE-WAVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DENON_DJ
O43 - CFD: 19/03/2015 - 00:44:13 - [0] ----D C:\Users\ONE-WAVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegCompact
~ Program Folder: 227 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.62C2F6447307A8B4C8C3EEFAD5C4D7C3] - 14/03/2015 - 00:12:23 ---A- . (...) -- C:\Windows\System32\Boris Dlugosh, Roisin Murphy, Manyus & Fourfunk, Losh, Marvin Gaye, Temptations, Cerrone, Jocelyn Brown, Mezzoforte, Stevie Wonder, Knee Deep, Diana Ross, James Ingram & Michael McDonald, Grant Nel.lnk [1529]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/03/2015 - 00:38:33 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/03/2015 - 00:38:33 ---A- . (...) -- C:\Windows\diagwrn.xml [1908]
O44 - LFC:[MD5.FA425B469BC4F12FB1F8D2BAAE0CE422] - 18/03/2015 - 08:02:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys [48784] =>PUP.LinkiDoo
O44 - LFC:[MD5.DABBE53DD1421CF0A32AF21D4DBC59B5] - 19/03/2015 - 00:51:56 ---A- . (...) -- C:\Windows\win.ini [505]
~ Files: 143 Legitimates Filtered in 00mn 39s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{edc0d508-98ce-11e4-973a-839cad836c77}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Beeline Silverstone ModemListener [Key] . (...) -- C:\Program Files (x86)\USB-modem Beeline\Application\Resource\BackgroundService\ModemListener.exe
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Users\ONE-WAVE\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O53 - SMSR:HKLM\...\startupreg\Everything [Key] . (.Pas de propriétaire - Everything.) -- C:\Program Files (x86)\Everything\Everything.exe
~ SMSR Keys: 29 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 05:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:11/06/2009 - 00:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:14/07/2009 - 05:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:18/03/2015 - 08:02:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:07/03/2013 - 09:49:18 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [17480]
O58 - SDL:07/03/2013 - 09:49:18 ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [9800]
O58 - SDL:09/03/2015 - 23:55:22 ---A- . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528]
O58 - SDL:07/03/2013 - 09:49:20 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14920]
O58 - SDL:07/03/2013 - 09:49:20 ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [9160]
~ Drivers: 81 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 18/03/2015 - C:\Windows\System32\drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys ({2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64) .(.StdLib - StdLib.) - LEGACY_{2FBD7DFE-A573-4FFA-A5F6-C8E79BE0E000}GW64 =>PUP.LinkiDoo
~ Legacy: 99 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {156642E9-E929-4D84-B3BA-A3C89104CB0B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6482788A-75A3-48C5-909F-C8A697D804EC} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {A1D0A986-CA59-441F-8E9F-98EB7C742C47} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F3C37F6397993E177F5748112999169E] [SPRF][19/03/2015] (.Akeo Consulting (http://akeo.ie) - Rufus.) -- C:\Users\ONE-WAVE\Desktop\rufus-2.0.exe [774560]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{3F68189D-48EB-49C6-9EBC-44C8CED6269E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\ONE-WAVE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A93C51E7-D7D7-4628-8C7B-C473057D8695}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\ONE-WAVE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 19/03/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 21/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 20/06/2011 49752 | (Beeline Silverstone Modem Device Helper) . (...) - C:\Program Files (x86)\USB-modem Beeline\Application\Resource\BackgroundService\ServiceManager.exe
SS - | Disabled 22/12/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/12/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Disabled 27/08/2010 1811456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SS - | Disabled 03/03/2010 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Disabled 15/10/2014 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Disabled 11/03/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 14/01/2011 572712 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Disabled 23/01/2014 11936560 | (NIHardwareService) . (.Native Instruments GmbH.) - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
SS - | Disabled 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 28/11/2014 5419792 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SS - | Disabled 06/10/2009 51512 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SS - | Disabled 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SS - | Disabled 28/09/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SS - | Disabled 12/04/2010 196976 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SS - | Disabled 05/02/2010 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SS - | Disabled 03/03/2010 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/10/2014 1349576 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
SR - | Auto 19/03/2015 418544 | (Update Special Box) . (...) - C:\Program Files (x86)\Special Box\updateSpecialBox.exe
SR - | Auto 19/03/2015 418544 | (Util Special Box) . (...) - C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb^
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow^
~ Additionnel Scan: 310310 Items scanned in 00mn 32s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pua-startshow =>PUA.StartShow
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
~ MSI: 4 link(s) detected in 00mn 00s



~ 1028 Legitimates filtered by white list
End of the scan (463 lines in 02mn 39s)(0)

Publicité


Signaler le contenu de ce document

Publicité