cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par plan (24/04/2015 11:26:15)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Norton Internet Security v18.7.1.3
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX

---\\ Informations sur le système
~ Processor: AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3552 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 233 GB (84%) free of 276 GB

---\\ Mode de connexion au système
~ Computer Name: EMTGSOKLT2601
~ User Name: plan
~ All Users Names: plan, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\plan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\plan\AppData\Roaming\
~ %Desktop% : C:\Users\plan\Desktop\
~ %Favorites% : C:\Users\plan\Favorites\
~ %LocalAppData% : C:\Users\plan\AppData\Local\
~ %StartMenu% : C:\Users\plan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 233 Go of 276 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 17 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 5 Go)
F: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/07/2011 - 19:58:48.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/04/2015 - 12:56:55.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 02:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 06:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.25/07/2011 - 20:01:42.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 03:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.A73F95FE840627C288B2D35756634445] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe [823120] [PID.2880]
[MD5.8CB4878C94F54EBC0EC2626B19CC3691] - (.Pas de propriétaire - McAfee Endpoint Encryption Encryption Monit.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704] [PID.2632]
[MD5.A531E07BBF9BC1CF4EA8BA2F760E3FEE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [15028104] [PID.2728]
[MD5.92CD05E7C47A2C0A56864764B0021887] - (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [12277248] [PID.1136]
[MD5.73B2A31D56A22A076627EFEF7531D6F6] - (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528] [PID.3100]
[MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [130008] [PID.4184]
[MD5.A57C8C7D1533BFF493FB2BBF07FBBEB3] - (.Portrait Displays, Inc - PDI SDK COM Server for x64/x86 interop.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe [70256] [PID.1288]
[MD5.68C59AE507B11FE5185EB183B55ACE63] - (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1301560] [PID.4628]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.4600]
[MD5.F521A4D9F0D1618B9119EABC7E580370] - (.Hewlett-Packard - HPFSService Application.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320512] [PID.764]
[MD5.B4670AC88C5EAC55528709E26F9E38D6] - (.Hewlett-Packard Company - HP DayStarter service.) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688] [PID.1896]
[MD5.C958976C7DAAF47084A33EBBC6E28B84] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [103992] [PID.1952]
[MD5.9DCFDDECC54FC813E7C0C8EDF6E99E1C] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496] [PID.1976]
[MD5.4557DD306DC008C4B74101540AEFDA2A] - (.Pas de propriétaire - McAfee Endpoint Encryption Agent Host Servi.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912] [PID.2028]
[MD5.1F7217148CB13DB60A77492E30425799] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.1396]
[MD5.4A8CC4D25525F456069887D5E8C53225] - (.Portrait Displays, Inc. - pdisrvc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264] [PID.2120]
[MD5.F8CDADCE6CBCDAF8C7E8BCCE4D31DBB6] - (.Realtek - RtlService For HP.) -- C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [40960] [PID.2152]
[MD5.C6A6F517FBD5F7E57B201BBD4A99791E] - (.Realtek - HP Internet Sharing Manager.) -- C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtWlan.exe [1072128] [PID.2192]
[MD5.D5994AB5C2B2D72D6320A7004D52617C] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464] [PID.2208]
[MD5.09FBD4C4DB2FD84B9AB1C5BFDCC95559] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [818232] [PID.3752]
[MD5.C5D2F308E1C12A5C328EF549696DBC05] - (.Hewlett-Packard Development Company L.P. - HP Connection Manager Service.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1098296] [PID.692]
[MD5.C5A75EB48E2344ABDC162BDA79E16841] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384] [PID.3228]
[MD5.A3A35EE79C64A640152B3113E6E254E2] - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\windows\SysWow64\cscript.exe [126976] [PID.3140]
[MD5.49D8B4F78F94EA9F8A0BB1EEE7212AAA] - (.Hewlett-Packard - HP Asset Agent.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe [544568] [PID.0]
[MD5.B828C2E09D9E3F632E3CB4130E9431EA] - (.HP - HPDObject.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\hpdobject.exe [135168] [PID.0]
~ Processes Running: Scanned in 00mn 04s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [HPPowerAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [MfeEpePcMonitor] . (.Pas de propriétaire - McAfee Endpoint Encryption Encryption Monit.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Wow6432Node\Run: [File Sanitizer] . (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [DTRun] . (.ArcSoft Inc. - ArcSoft TotalMedia Theatre.) -- c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Wow6432Node\Run: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. - HPCMDelayStart Application.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Wow6432Node\Run: [HPQuickWebProxy] . (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-429773259-83752063-2547139044-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9D30F4-F25F-482C-8D48-38BA66599394}: DhcpNameServer = 10.11.102.71 10.11.102.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{049CB70C-A41F-4CD2-B207-B70500D0C1C6}: DhcpDomain = sgt.automation.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9D30F4-F25F-482C-8D48-38BA66599394}: DhcpDomain = plantogosok.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A9D30F4-F25F-482C-8D48-38BA66599394}: DhcpNameServer = 10.11.102.71 10.11.102.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{049CB70C-A41F-4CD2-B207-B70500D0C1C6}: DhcpDomain = sgt.automation.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A9D30F4-F25F-482C-8D48-38BA66599394}: DhcpDomain = plantogosok.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A9D30F4-F25F-482C-8D48-38BA66599394}: DhcpNameServer = 10.11.102.71 10.11.102.73
O17 - HKLM\System\CS2\Services\Tcpip\..\{049CB70C-A41F-4CD2-B207-B70500D0C1C6}: DhcpDomain = sgt.automation.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A9D30F4-F25F-482C-8D48-38BA66599394}: DhcpDomain = plantogosok.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.11.102.71 10.11.102.73
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: McAfee Endpoint Encryption Agent (McAfee Endpoint Encryption Agent) . (.Pas de propriétaire - McAfee Endpoint Encryption Agent Host Servi.) - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
~ Services: 19 Legitimates Filtered in 00mn 07s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForEMTGSOKLT2601$ [354]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForplan [328]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 05s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/04/2015 - 11:12:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star
O43 - CFD: 11/02/2011 - 05:01:21 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
~ Program Folder: 123 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D170CFFCF70CA2DED6B5D6539D04AE79] - 15/04/2015 - 11:01:22 ---A- . (...) -- C:\Windows\HPSetLog.txt [465]
O44 - LFC:[MD5.221494C29E9F4B6D02514CA29F2A3A4E] - 15/04/2015 - 11:02:03 ---A- . (...) -- C:\Windows\System32\RaCoInst.dat [14119]
O44 - LFC:[MD5.98429174AD1B6EDD308313C94BE887ED] - 15/04/2015 - 11:02:12 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2688]
O44 - LFC:[MD5.821DE603459A7574D79870F11494651B] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_01.ini [3416]
O44 - LFC:[MD5.3348F14FDC2F163752F10F552CD3124E] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_02.ini [3522]
O44 - LFC:[MD5.020927409599F82299285102C4612793] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_04.ini [2850]
O44 - LFC:[MD5.11E7B085D334F54BF33A6C6E3CDC2D90] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_05.ini [3802]
O44 - LFC:[MD5.232A93F32E25A74CFF05CDF046B4D2BC] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_06.ini [3588]
O44 - LFC:[MD5.E0CCFC698745825827F64234553F226C] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_07.ini [3550]
O44 - LFC:[MD5.14630CD9E7A461E8B8080371E8BA8E12] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_08.ini [3682]
O44 - LFC:[MD5.4AE553D44C11B22BCEB58A7FAFC5B66D] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_09.ini [3220]
O44 - LFC:[MD5.602CCA8F6E197AF5A6B7C927FBD02071] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_10.ini [3704]
O44 - LFC:[MD5.9E115B0ADAA80E72FF14D7B24C654747] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_1046.ini [3624]
O44 - LFC:[MD5.2281C3662789EDB62E2D03EB7C8C6A3E] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_11.ini [3820]
O44 - LFC:[MD5.82E70F14DAE870C2618E9D60FBBBE3D0] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_12.ini [3926]
O44 - LFC:[MD5.8A3E0028B187A6C0943FC657C8805DF3] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_13.ini [3174]
O44 - LFC:[MD5.DA1ED8AF19366598B3D2DD7B194BED5D] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_14.ini [3802]
O44 - LFC:[MD5.8FE4FA60AF27277D4B236838C4CDB40E] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_16.ini [3700]
O44 - LFC:[MD5.B35735BE696CD5D0ABF1DB359D9DCF32] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_17.ini [2750]
O44 - LFC:[MD5.BDF3A4EEE4C207D1398300C7D4E59F6A] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_18.ini [2674]
O44 - LFC:[MD5.949B3EE41FDF3A6569977C9C06493E98] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_19.ini [3550]
O44 - LFC:[MD5.4633FDD6ABF79823BCC0053FC9B2E74A] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_20.ini [3622]
O44 - LFC:[MD5.E564F5793BA54D1EE43C230642440B59] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_2052.ini [2638]
O44 - LFC:[MD5.61DF752C5A2A582743E2498A2D33BB43] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_21.ini [3882]
O44 - LFC:[MD5.7A1DFDACBFB36AC53F79CB69E9682CAD] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_22.ini [3586]
O44 - LFC:[MD5.57D9A258BF72E97B243DA8F6B1F5D3CB] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_24.ini [3492]
O44 - LFC:[MD5.A10BB9CA5D541C13FFA07A7AB532E83F] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_25.ini [3884]
O44 - LFC:[MD5.91D8B7BF9DA4DF8BB5E083C4A5FC68B4] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_27.ini [3892]
O44 - LFC:[MD5.BEF2F92668BE12A3CD3279FB08D73619] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_29.ini [3450]
O44 - LFC:[MD5.AF5CFE037AD77437E52EFD5B82545DB0] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_30.ini [3342]
O44 - LFC:[MD5.D7EA56AC3973059E4FA26FC0F6F0D727] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_31.ini [3672]
O44 - LFC:[MD5.154AB441E6B730BCD6419A182EBD1555] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\Dext_36.ini [3648]
O44 - LFC:[MD5.3E1B97FA244FBD1068807A2884EB5059] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\TWAIN2080.ini [14409]
O44 - LFC:[MD5.4D7C6339DEEA521CAFD95654707EE34B] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\TWAIN2080.src [7406]
O44 - LFC:[MD5.23489AFAF265084EC1F3C516227FD597] - 15/04/2015 - 11:02:24 ---A- . (...) -- C:\Windows\remove.ini [3591]
O44 - LFC:[MD5.AFC45588FF837C0413CA2B6383FB1C21] - 15/04/2015 - 11:02:24 ---A- . (.Pas de propriétaire - HP HD Webcam [Fixed] installer.) -- C:\Windows\un_dext.exe [94776]
O44 - LFC:[MD5.DFDEE76ED5B28285575E2F3EC7EABAB8] - 15/04/2015 - 11:02:24 ---A- . (.Pas de propriétaire - Remove Driver Application.) -- C:\Windows\SPRemove_x64.exe [87928]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 15/04/2015 - 11:12:03 ---A- . (...) -- C:\Windows\System32\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 15/04/2015 - 11:12:03 ---A- . (...) -- C:\Windows\System32\bltinmic.ico [3774]
O44 - LFC:[MD5.2B2ACEEAA42B3AFA1BA86587F0191D90] - 15/04/2015 - 11:12:03 ---A- . (...) -- C:\Windows\System32\nbspkrs.ico [17454]
O44 - LFC:[MD5.5DA9A5BF7885413851DDD56C91518186] - 15/04/2015 - 11:14:17 ---A- . (...) -- C:\Windows\System32\arcVCapture.pfg [2200]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/04/2015 - 11:18:55 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_bNB_ProBook 4535s_Y5336AN_0U_QCNU2072DX4_E635876-003_4A_I168B_SHP_V32.18_B68CPC F.20_T111111_W748-1_L40C_M3553_J320_7AMD_8F10_91.80_#111216_N10EC8168;18145390_(A7K36UT#ABA)_XMOBILE_CN10_Z_2A0001D02.MRK [0]
O44 - LFC:[MD5.47153840E36F5608B3FD5372D9F26AE3] - 15/04/2015 - 18:45:52 ---A- . (...) -- C:\Windows\TSSysprep.log [5949]
O44 - LFC:[MD5.E9D4D22BAAA8153673811F43549F7A0D] - 15/04/2015 - 18:45:55 ---A- . (...) -- C:\Windows\DtcInstall.log [4822]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/04/2015 - 18:48:51 ---A- . (...) -- C:\Windows\ativpsrm.bin [0]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 20/04/2015 - 12:56:55 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.A0510897926DDF00B10444062114DFB3] - 20/04/2015 - 13:27:16 ---A- . (...) -- C:\Windows\IE11_main.log [18824]
O44 - LFC:[MD5.0065229CD288CD82A68E1C96677C4F2B] - 20/04/2015 - 16:44:26 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146924]
O44 - LFC:[MD5.26A967B3D8A2B14B677C091961A6D52F] - 20/04/2015 - 16:44:26 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [704138]
~ Files: 429 Legitimates Filtered in 00mn 41s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\EpePcNp64.dll
~ LSA: 11 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:11/05/2011 - 07:06:02 ---A- . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Windows\System32\Drivers\stwrt64.sys [523264]
~ Drivers: 64 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/07/2011 - C:\Windows\System32\drivers\amdsata.sys (amdsata) .(.Advanced Micro Devices - AHCI 1.2 Device Driver.) - LEGACY_AMDSATA
O64 - Services: CurCS - 09/08/2010 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (BHDrvx64) .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX64
O64 - Services: CurCS - 23/03/2011 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110323.001\IDSvia64.sys (IDSVia64) .(.Symantec Corporation - IDS Core Driver.) - LEGACY_IDSVIA64
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21/04/2011 - C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.sys (SymNetS) .(.Symantec Corporation - Network Security Driver.) - LEGACY_SYMNETS
~ Legacy: 118 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0EFDC1550592DC0C4E73AFFB54B35C3E] [SPRF][20/04/2015] (.Pas de propriétaire - Aut2Exe.) -- C:\Users\plan\Desktop\adwcleaner_4.201.exe [2217984]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "95731AF9B2C57714D9CD00838F5BEBDF" . (.Bing Bar.) -- C:\windows\Installer\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BA2D7263C40AA719B7DFD61A4BC736C8] [WIS][01/08/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\8afa5.msi [4746240] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 08s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 01/08/2011 195320 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 09/05/2011 464440 | (FLCDLOCK) . (.Hewlett-Packard Company.) - c:\Windows\SysWOW64\flcdlock.exe
SS - | Demand 30/09/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 07/03/2011 62184 | (XobniService) . (.Xobni Corporation.) - C:\Program Files (x86)\Xobni\XobniService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 25/10/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 20/07/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 19/05/2011 485712 | (DpHost) . (.DigitalPersona, Inc..) - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
SR - | Auto 23/02/2011 125496 | (HP Health Check Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2011 132152 | (HP Power Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
SR - | Demand 23/05/2011 1098296 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
SR - | Auto 23/03/2011 133688 | (HPDayStarterService) . (.Hewlett-Packard Company.) - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
SR - | Auto 22/05/2011 103992 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Auto 09/05/2011 320512 | (HPFSService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
SR - | Auto 14/05/2011 317496 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
SR - | Demand 22/05/2011 818232 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 05/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 24/05/2011 1318912 | (McAfee Endpoint Encryption Agent) . (...) - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
SR - | Auto 17/04/2011 130008 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
SR - | Auto 22/04/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 16/03/2011 113264 | (PdiService) . (.Portrait Displays, Inc..) - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
SR - | Auto 30/05/2011 40960 | (RtlISMServ) . (.Realtek.) - C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe
SR - | Auto 11/05/2011 301056 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 11/11/2010 502464 | (uArcCapture) . (.ArcSoft, Inc..) - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
SR - | Auto 24/03/2011 3161904 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\windows\system32\vcsFPService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
C:\Windows\Installer\8afa5.msi =>Toolbar.Bing^
~ Additionnel Scan: 279741 Items scanned in 00mn 45s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Toolbar.Yahoo
~ MSI: 1 link(s) detected in 00mn 00s



~ 1115 Legitimates filtered by white list
End of the scan (429 lines in 02mn 57s)(0)

Publicité


Signaler le contenu de ce document

Publicité