cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.4.13.38 - Nicolas Coolman (2015-04-13)
~ Launched by Alexandre (2015-04-15 1:31:18 AM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16663
MFIE: Mozilla Firefox 37.0.1
GCIE: Google Chrome v41.0.2272.118 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_COA_NSLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ System protection software
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Security Scan Plus v3.8.150.1
Spybot - Search & Destroy v2.4.40
Windows Defender W8 (Activate)

---\\ System optimization software
CCleaner v5.03

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 17 NPAPI

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8137.7 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 739 GB (79%) free of 931 GB

---\\ Connection to the system mode
~ Computer Name: ALEXANDRE-PC
~ User Name: Alexandre
~ All Users Names: postgres, HomeGroupUser$, Guest, Alexandre, Alex, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alexandre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alexandre\AppData\Roaming\
~ %Desktop% : C:\Users\Alexandre\Desktop\
~ %Favorites% : C:\Users\Alexandre\Favorites\
~ %LocalAppData% : C:\Users\Alexandre\AppData\Local\
~ %StartMenu% : C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 739 Go of 931 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Windows Explorer.) (.2013-11-14 - 2:29:01 AM.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Windows Start-Up Application.) (.2013-08-22 - 4:58:29 AM.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2014-02-28 - 10:10:28 PM.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Windows Logon Application.) (.2013-08-22 - 4:55:08 AM.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Software Licensing Library.) (.2013-12-21 - 3:54:07 AM.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013-08-22 - 8:25:35 AM.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 7:43:41 AM.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 6:40:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 3:46:35 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2013-08-22 - 6:38:00 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2013-08-22 - 6:38:38 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - i8042 Port Driver.) (.2013-08-22 - 6:39:15 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.2013-11-27 - 7:02:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2013-11-23 - 2:08:19 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 6:37:02 AM.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] - (.Microsoft Corporation - NT File System Driver.) (.2014-03-10 - 5:35:58 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Parallel Port Driver.) (.2013-08-22 - 6:40:02 AM.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 6:35:51 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2013-11-14 - 2:16:57 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 8:25:35 AM.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.2014-01-31 - 11:15:23 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
Mes images (My Pictures) : 2/2 (Modified)
Mes musiques (My Musics) : 2/2 (Modified)
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 2/973
~ Mon Bureau (My Desktop) : 3/4379
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn AMs



---\\ Process running
[MD5.F4790478800A996244C01689BEB5F616] - (.IObit - Performance Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [1749792] [PID.2380]
[MD5.86FF26A3F08B79EF88092C588742A4DF] - (.IObit - No Comment.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [2040096] [PID.2332]
[MD5.638644168D9B5B5093AD84C9C162B550] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296] [PID.4112]
[MD5.DA5FBAA5D62B4FD393947DE5EE8715BE] - (.Flux Software LLC - f.lux.) -- C:\Users\Alexandre\AppData\Local\FluxSoftware\Flux\flux.exe [1016712] [PID.4328]
[MD5.10AA923C7622D57C3D4B1D9A4EAF14BC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744] [PID.1964]
[MD5.C76BB6DD7EAA12C1335DDF6E21BE09D7] - (.Realtime Soft Ltd - RTSHookInterop.) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe [84360] [PID.5312]
[MD5.ACD929D8754B63BBBB68B48B96F8A99E] - (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704] [PID.5472]
[MD5.59DCFF7477EC4E4225AD29638910015D] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Alexandre\AppData\Roaming\Dropbox\bin\Dropbox.exe [43382072] [PID.5772]
[MD5.7EE68A122ED08E4AAD8DA551E34D2515] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576] [PID.5824]
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.6336]
[MD5.F7A7497506D034C3393FABCE1C70E231] - (...) -- C:\Program Files (x86)\Poker - Espacejeux\poker.exe [1105920] [PID.3424]
[MD5.A686075377724F3AD63F963BC58D10BB] - (...) -- C:\Program Files (x86)\Poker - Espacejeux\browserhost.exe [32768] [PID.5760]
[MD5.7175C3425FC9AB6ABAEAF56863303DD7] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.6260]
[MD5.30ACCFC22C421A96B25065AF7BED91B4] - (...) -- C:\Bodog\Lobby.exe [4148944] [PID.5896]
[MD5.6B8E0F1C220C29D16F86DF4FE501C016] - (.Sysinternals - www.sysinternals.com - Sysinternals process dump utility.) -- C:\Bodog\procdump.exe [515776] [PID.2948]
[MD5.7C0787598607A46A32726BA8AEAFEF18] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288] [PID.5172]
[MD5.BB69268B5F4277A1CFC36A237E27FD87] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.1052]
[MD5.831F8FAE0BFFCF8BA05082E5C5DB8CB3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.6176]
[MD5.3FF3DC9155D0EB7FD2C4AD044EF2387B] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe [1893040] [PID.4976]
[MD5.B179E002D4B43EF96DE531E381E96AD1] - (.Dominik Reichl - KeePass Password Safe 1.29.) -- C:\Program Files (x86)\KeePass Password Safe\KeePass.exe [2174352] [PID.3368]
[MD5.3446EFE5B35A7478CA26932084F2E1C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8197120] [PID.1196]
~ Processes Running: Scanned in 01mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 11 Legitimates Filtered in 02mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
~ Firefox Browser: 3 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15516)
~ Hosts File: Scanned in 07mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKCU\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Alexandre\AppData\Local\FluxSoftware\Flux\flux.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-21-1933663477-1408902914-478733922-1001\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Alexandre\AppData\Local\FluxSoftware\Flux\flux.exe
O4 - HKUS\S-1-5-21-1933663477-1408902914-478733922-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1933663477-1408902914-478733922-1001\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
O4 - HKUS\S-1-5-21-1933663477-1408902914-478733922-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B85ACF-D600-4409-BD30-6720630EFFB1}: DhcpNameServer = 205.151.67.6 205.151.67.34 205.151.67.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B85ACF-D600-4409-BD30-6720630EFFB1}: DhcpDomain = tr.cgocable.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4B85ACF-D600-4409-BD30-6720630EFFB1}: DhcpNameServer = 205.151.67.6 205.151.67.34 205.151.67.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4B85ACF-D600-4409-BD30-6720630EFFB1}: DhcpDomain = tr.cgocable.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.151.67.6 205.151.67.34 205.151.67.2
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 19 Legitimates Filtered in 05mn AMs



---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\Tasks\ASC8_SkipUac_Alexandre.job [276]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ASC8_SkipUac_Alexandre [276]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
O39 - APT: - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_Alexandre.job [312]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_Alexandre [312]
~ Scheduled Task: 18 Legitimates Filtered in 06mn AMs



---\\ Drivers launched at startup (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\WINDOWS\sysWOW64\drivers\HWiNFO64A.sys
~ Drivers: 34 Legitimates Filtered in 00mn AMs



---\\ Software installed (O42)
O42 - Logiciel: 888poker - (...) [HKLM][64Bits] -- 888poker
O42 - Logiciel: BodogPoker - (...) [HKLM][64Bits] -- {D7CA2DF8-95CE-4C80-9296-98E21219A1E7}}_is1
O42 - Logiciel: Full Tilt Poker - (...) [HKLM][64Bits] -- {D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}
O42 - Logiciel: Holdem Indicator 2.4.7 - (.http://www.HoldemIndicator.com.) [HKLM][64Bits] -- Holdem Indicator_is1
O42 - Logiciel: Holdem Manager 2 - (...) [HKLM][64Bits] -- HoldemManager2
O42 - Logiciel: Poker - Espacejeux - (.Boss Media AB.) [HKLM][64Bits] -- Poker - Espacejeux
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: StackAndTile - (...) [HKLM][64Bits] -- StackAndTile
~ Logic: 10 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\CC]
[HKCU\Software\Casino]
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\HoldemIndicator]
[HKCU\Software\HoldemManager]
[HKCU\Software\Indicator]
[HKCU\Software\PacificHandGrabber]
[HKCU\Software\WPT]
[HKCU\Software\inXile]
[HKCU\Software\pacificpoker]
[HKCU\Software\pokerinstaller]
[HKLM\Software\HoldemManager2]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\Zenimax_Online]
[HKLM\Software\Wow6432Node\inXile]
~ Key Software: 244 Legitimates Filtered in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 2014-04-27 - 5:29:19 AM - [] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 2015-04-14 - 6:00:55 PM - [] ----D C:\Program Files (x86)\Holdem Indicator
O43 - CFD: 2015-02-11 - 6:18:53 PM - [] ----D C:\Program Files (x86)\Holdem Manager 2
O43 - CFD: 2014-06-15 - 3:41:44 PM - [] ----D C:\Program Files (x86)\PacificPoker
O43 - CFD: 2014-12-03 - 11:20:06 PM - [] ----D C:\Program Files (x86)\Poker - Espacejeux
O43 - CFD: 2014-08-18 - 10:06:08 PM - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 2014-01-11 - 7:14:02 PM - [] ----D C:\Program Files (x86)\StackAndTile
O43 - CFD: 2015-04-14 - 6:51:20 PM - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2014-04-27 - 4:51:33 AM - [] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 2015-04-14 - 7:20:56 PM - [] ----D C:\ProgramData\ProductData
O43 - CFD: 2015-02-04 - 11:49:27 PM - [0] ----D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
O43 - CFD: 2014-06-15 - 3:41:44 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
O43 - CFD: 2015-03-14 - 6:29:53 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
O43 - CFD: 2015-03-13 - 8:56:39 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator
O43 - CFD: 2014-06-03 - 1:27:59 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
O43 - CFD: 2014-05-28 - 10:18:22 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StackAndTile
O43 - CFD: 2014-02-11 - 7:55:10 PM - [] ----D C:\Users\Alexandre\AppData\Roaming\cef-cache
O43 - CFD: 2015-04-14 - 6:09:24 PM - [] ----D C:\Users\Alexandre\AppData\Roaming\HoldemManager
O43 - CFD: 2014-01-17 - 12:47:17 AM - [] ----D C:\Users\Alexandre\AppData\Roaming\NetScop.Net
O43 - CFD: 2014-06-15 - 3:43:59 PM - [] ----D C:\Users\Alexandre\AppData\Roaming\PacificPoker
O43 - CFD: 2014-02-11 - 7:55:09 PM - [] ----D C:\Users\Alexandre\AppData\Roaming\Party
O43 - CFD: 2015-02-04 - 11:50:32 PM - [] ----D C:\Users\Alexandre\AppData\Roaming\ProductData
O43 - CFD: 2014-02-15 - 4:31:55 AM - [] ----D C:\Users\Alexandre\AppData\Local\FullTiltPoker
O43 - CFD: 2014-05-02 - 5:13:53 PM - [] ----D C:\Users\Alexandre\AppData\Local\Hold'em_Manager
O43 - CFD: 2014-11-12 - 6:02:21 AM - [] ----D C:\Users\Alexandre\AppData\Local\inXile entertainment
O43 - CFD: 2014-08-18 - 10:06:10 PM - [] ----D C:\Users\Alexandre\AppData\Local\PokerStars
O43 - CFD: 2014-06-15 - 3:41:44 PM - [0] ----D C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
O43 - CFD: 2014-03-05 - 2:29:03 AM - [] ----D C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
~ Program Folder: 205 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 17 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:2012-10-25 - 9:01:20 AM ---A- . (...) -- C:\Windows\System32\Drivers\AppleCharger.sys [22680]
O58 - SDL:2013-08-12 - 6:25:46 PM ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:2014-01-22 - 7:52:10 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:2014-01-22 - 7:52:10 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:2013-08-22 - 7:43:32 AM ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:2015-02-04 - 10:48:46 PM ---A- . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528]
~ Drivers: 52 Legitimates Filtered in 00mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Speedial) - http://speedial.com =>Adware.SearchYa
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.95300BA672A14E3AE6740CB3CB41DB7B] [SPRF][2015-03-21] (.No owner - Aut2Exe.) -- C:\Users\Alexandre\Desktop\adwcleaner_4.112.exe [2171392]
~ Files: 3 Legitimates Filtered in 00mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2015-04-07 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2010-04-06 31272 | (AppleChargerSrv) . (...) - C:\Windows\System32\AppleChargerSrv.exe
SS - | Demand 2013-12-21 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 2015-03-04 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2015-03-04 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2014-04-09 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 2015-04-07 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2015-01-02 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 2015-02-18 835776 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 2014-04-25 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SS - | Demand 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2014-11-04 815392 | (AdvancedSystemCareService8) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
SR - | Auto 2015-03-27 1152144 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 2012-09-01 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2012-06-19 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 2012-07-05 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2015-01-16 2724128 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 2012-07-19 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2015-03-27 1878672 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 2015-03-27 22995600 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 2015-03-13 935056 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 2011-01-28 66048 | (postgresql-8.4) . (.PostgreSQL Global Development Group.) - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
SR - | Auto 2014-06-24 1738168 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 2014-06-27 2088408 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 2014-04-25 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 2015-03-05 1055008 | (StartMenuService) . (.IObit.) - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
SR - | Auto 2015-03-13 410768 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 2012-07-19 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 1658-07-22 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 1658-07-22 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 2013-08-22 37768 | C:\WINDOWS\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 08mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-04-13)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 209096 Items scanned in 12mn AMs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 2 Legitimates Filtered in 00mn AMs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/adware-searchya =>Adware.SearchYa
~ MSI: 1 link(s) detected in 00mn AMs



~ 648 Legitimates filtered by white list
End of the scan (434 lines in 33mn AMs)(0.7)

Publicité


Signaler le contenu de ce document

Publicité