cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.16.57 - Nicolas Coolman (16/06/2015)
~ Lancé par Emachines (01/07/2015 14:42:56)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://www.forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17843
MFIE: Mozilla Firefox 38.0.1 (Defaut)
GCIE: Google Chrome v43.0.2357.130

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.06

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 ActiveX

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 363 GB (78%) free of 465 GB

---\\ Mode de connexion au système
~ Computer Name: EMACHINES-PC
~ User Name: Emachines
~ All Users Names: HomeGroupUser$, Emachines, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Emachines\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Emachines\AppData\Roaming\
~ %Desktop% : C:\Users\Emachines\Desktop\
~ %Favorites% : C:\Users\Emachines\Favorites\
~ %LocalAppData% : C:\Users\Emachines\AppData\Local\
~ %StartMenu% : C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 363 Go of 465 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.26/04/2011 - 20:30:31.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/05/2015 - 18:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 03s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/546
~ Mes musiques (My Musics) : 6/285
~ Mes Videos (My Videos) : 2/82
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/700
~ Mon Bureau (My Desktop) : 1/33
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 11s



---\\ Processus lancés
[MD5.E436DB5D972BDBB83AED402F9024602E] - (.Panicware, Inc. - Pop-Up Stopper Free Edition.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [524288] [PID.2600]
[MD5.34084D25BE6F48D072AA54DE630438FD] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.3152]
[MD5.ABFF2B3A80AA5348BE5E43EFD6B415D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6554424] [PID.3124]
[MD5.7FB4E7CFABFDC99B88165ECFC0C532C5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe [1947960] [PID.1632]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8218112] [PID.2284]
[MD5.14CF73D771FA977A9F1CBAA5C301F912] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.2764]
[MD5.FECA9F830A5C6BAB9978E6781A26AE2B] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816] [PID.1864]
[MD5.5B33709F7FE59BB625F113EED86AFC5C] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672] [PID.1916]
[MD5.440A9198FA5B656A9E554205E33348B6] - (...) -- C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB\nst94C8.tmpfs [124416] [PID.1896]
[MD5.68DD133A32C38E5AA268ED62FF6AFB63] - (...) -- C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB\jnsdCAAC.tmp [174592] [PID.2292]
[MD5.301E3FDFCF33640BB8763BA444BC5093] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2440]
[MD5.83C982A395D00BAFF6515FB38424EA76] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880] [PID.3076]
~ Processes Running: Scanned in 00mn 05s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Emachines - kxmvibat.default\sdrsveyzjyuhri@upiaeupagjfzpliw.org] [] Ads Remover v7.17 (..)
M2 - MFEP: prefs.js [Emachines - kxmvibat.default\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}] [] 0c8fbd76bdeb4c529b24d587ce7b9dc3 v1000.4.3 (..)
M2 - MFEP: prefs.js [Emachines - kxmvibat.default\{2f17f610-5e97-4fed-828f-9940b7b577a4}] [] 2f17f6105e974fed828f9940b7b577a4 v1002.6.35 (..)
M2 - MFEP: Extension [Emachines - kxmvibat.default] d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
M2 - MFEP: Extension [Emachines - kxmvibat.default] sdrsveyzjyuhri@upiaeupagjfzpliw.org
M2 - MFEP: Extension [Emachines - kxmvibat.default] {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
M2 - MFEP: Extension [Emachines - kxmvibat.default] {2f17f610-5e97-4fed-828f-9940b7b577a4}
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Emachines]: Continue AnySend Installation.lnk . (.AnySend.com - AnySend Setup.) -- C:\Users\Emachines\AppData\Local\nsg95F5.tmp =>PUP.ASPackage
O4 - GS\Desktop [Emachines]: Continue Games Desktop.lnk . (...) -- C:\Users\Emachines\AppData\Local\Temp\is-SK484.tmp\Bundle_Solimba.exe (.not file.) =>Adware.GamesDesktop
O4 - GS\Desktop [Emachines]: Continue GamesDesktop Uninstaller.lnk . (...) -- C:\Users\Emachines\AppData\Local\Temp\is-T5UUE.tmp\SOLUN.exe (.not file.) =>Adware.GamesDesktop
~ Global Startup: 3 Legitimates Filtered in 02mn 22s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] . (.Panicware, Inc. - Pop-Up Stopper Free Edition.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2100587987-2227493477-610856687-1000\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-2100587987-2227493477-610856687-1000\..\Run: [PopUpStopperFreeEdition] . (.Panicware, Inc. - Pop-Up Stopper Free Edition.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
O4 - HKUS\S-1-5-21-2100587987-2227493477-610856687-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2100587987-2227493477-610856687-1000\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{419DDE15-C502-4501-8F87-3E5E4FC3C1FC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{78BA626A-8E05-4E51-B38B-7F96C270DF5C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{419DDE15-C502-4501-8F87-3E5E4FC3C1FC}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{78BA626A-8E05-4E51-B38B-7F96C270DF5C}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{419DDE15-C502-4501-8F87-3E5E4FC3C1FC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{78BA626A-8E05-4E51-B38B-7F96C270DF5C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{419DDE15-C502-4501-8F87-3E5E4FC3C1FC}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{78BA626A-8E05-4E51-B38B-7F96C270DF5C}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{419DDE15-C502-4501-8F87-3E5E4FC3C1FC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{78BA626A-8E05-4E51-B38B-7F96C270DF5C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{419DDE15-C502-4501-8F87-3E5E4FC3C1FC}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{78BA626A-8E05-4E51-B38B-7F96C270DF5C}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Socket Maximise (docojino) . (...) - C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB\nst94C8.tmpfs
O23 - Service: Update Edu App (Update Edu App) . (...) - C:\Program Files (x86)\Edu App\updateEduApp.exe (.not file.) =>PUP.Optional
O23 - Service: Util Edu App (Util Edu App) . (...) - C:\Program Files (x86)\Edu App\bin\utilEduApp.exe (.not file.) =>PUP.Optional
O23 - Service: WinFix Real Time Protector (WinFixRealTimeProtector) . (.winfixprofessionals.com - WinFix Real Time Protection.) - C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe
O23 - Service: Zoom In Colour Scheme (wisewife) . (...) - C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB\jnsdCAAC.tmp
~ Services: 8 Legitimates Filtered in 01mn 43s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [BDKEJDVT] (...) -- C:\ProgramData\28395dc6a2ae459386feac2fd5fb3b60\28395dc6a2ae459386feac2fd5fb3b60.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [DHKLYS1] (...) -- C:\ProgramData\NavRight\NavRight.exe (.not file.) [0] =>PUP.Optional
[MD5.00000000000000000000000000000000] [APT] [DLKEKYAB] (...) -- C:\ProgramData\0f4b2004cda2459585dff9fb9df9e4fb\0f4b2004cda2459585dff9fb9df9e4fb.exe (.not file.) [0]
[MD5.677E302AF4AC64C32F688186F7BFB863] [APT] [WinFixUpdater] (.winfixprofessionals.com.) -- C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe [7414632]
[MD5.00000000000000000000000000000000] [APT] [{0706F317-3C53-4854-B396-48EE5DE25F9B}] (...) -- C:\Users\Emachines\Documents\Dream Day Wedding Bella Italia\DDW6.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{34603C5A-89F7-49CA-89BB-6A336E243072}] (...) -- C:\Users\Emachines\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.DAB7A89B79C759DA738D3931AC073199] [APT] [{7CF2EB39-A722-4B47-85DF-F43D64495120}] (.Games.) -- C:\Users\Emachines\Documents\BigFish - Drawn The Painted Tower with SG - New HOG Adventure - Wendy99\Drawn The Painted Tower.exe [197079407]
[MD5.00000000000000000000000000000000] [APT] [{BCDD8613-14D8-416C-8CAE-AC4A75E15A52}] (...) -- C:\Users\Emachines\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{EC22F7A2-CA30-4C01-ACA9-97BD5C4D169F}] (...) -- C:\Users\Emachines\Downloads\Dark.Parables.La.Reine.des.Neiges.Edition.Collector.FRENCH.PC.CD-HURLUS\Dark.Parables.La.Reine.des.Neiges.Edition.Collector.FRENCH.PC.CD-HURLUS\DarkParables_RiseoftheSnowQueen.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: DHKLYS1 - (...) -- C:\Windows\Tasks\DHKLYS1.job [332]
O39 - APT: DHKLYS1 - (...) -- C:\Windows\System32\Tasks\DHKLYS1 [332]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 21 Legitimates Filtered in 01mn 22s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (scfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\scfd_1_10_0_16.sys (.not file.)
~ Drivers: 63 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Drawn The Painted Tower 1.00 - (...) [HKLM][64Bits] -- Drawn The Painted Tower 1.00
O42 - Logiciel: WinFix Pro - (.winfixprofessionals.com.) [HKLM][64Bits] -- WinFix Pro
O42 - Logiciel: shopperz 2.0.0.461 - (.shopperz.) [HKLM][64Bits] -- {c3357769-3570-481c-9554-97865d9054e4}_is1 =>PUP.Shopperz
~ Logic: 32 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\40594InstEnd]
[HKCU\Software\BrowserV01.06-nv-ie] =>PUP.CrossRider
[HKCU\Software\Kromtech]
[HKCU\Software\MB_temp]
[HKCU\Software\Network_Me]
[HKCU\Software\Reg]
[HKCU\Software\WSysInfo]
[HKCU\Software\WinFix]
[HKCU\Software\fhHUJyUe66I]
[HKLM\Software\WinFix]
[HKLM\Software\Wow6432Node\"alpha_installer"/n]
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16] =>PUP.SuperClick
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\mamverifier]
[HKLM\Software\mamverifier]
~ Key Software: 229 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/07/2015 - 14:27:37 - [] ----D C:\Program Files (x86)\3bba34c2-e296-4f6b-8c3e-94e1c0ed4076
O43 - CFD: 12/04/2015 - 16:24:42 - [] ----D C:\Program Files (x86)\ActiveDeals
O43 - CFD: 25/01/2015 - 12:28:53 - [] ----D C:\Program Files (x86)\b78853f0-2681-4f4d-8775-63968b414d37
O43 - CFD: 25/01/2015 - 12:28:53 - [] ----D C:\Program Files (x86)\be7aae6d-9b8c-4fe1-8687-075f890be597
O43 - CFD: 07/02/2015 - 14:42:07 - [] ----D C:\Program Files (x86)\Dark Parable The Red Riding Hood Sisters CE
O43 - CFD: 14/01/2014 - 21:37:13 - [] ----D C:\Program Files (x86)\DMContent
O43 - CFD: 24/12/2013 - 17:43:17 - [] ----D C:\Program Files (x86)\Dragon Stone
O43 - CFD: 01/07/2015 - 13:52:13 - [0] ----D C:\Program Files (x86)\Edu App =>PUP.Optional
O43 - CFD: 31/05/2015 - 21:23:15 - [0] ----D C:\Program Files (x86)\IncrementModule
O43 - CFD: 14/01/2014 - 21:37:11 - [] ----D C:\Program Files (x86)\Profiles
O43 - CFD: 14/01/2014 - 21:37:11 - [] ----D C:\Program Files (x86)\Res
O43 - CFD: 02/06/2015 - 22:39:50 - [] ----D C:\Program Files (x86)\SuperClick_1.10.0.16 =>PUP.SuperClick
O43 - CFD: 13/04/2015 - 20:41:51 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 31/01/2015 - 21:48:55 - [] ----D C:\ProgramData\fhkTpEqL
O43 - CFD: 01/07/2015 - 13:47:36 - [] ----D C:\ProgramData\WinFix Protector
O43 - CFD: 21/11/2010 - 08:29:25 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 01/07/2015 - 13:45:16 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFix Pro
O43 - CFD: 01/07/2015 - 14:22:48 - [] ----D C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB
O43 - CFD: 01/03/2015 - 12:05:07 - [] ----D C:\Users\Emachines\AppData\Local\005A2742-1425207582-E011-B295-CAAC1AB267CB
O43 - CFD: 26/02/2015 - 07:38:54 - [] ----D C:\Users\Emachines\AppData\Local\8461f3cb-c028-46ea-b0e6-1530b84f5210
O43 - CFD: 25/01/2015 - 12:29:17 - [] ----D C:\Users\Emachines\AppData\Local\com
O43 - CFD: 14/11/2014 - 20:37:41 - [] -SH-D C:\Users\Emachines\AppData\Local\EmieBrowserModeList
O43 - CFD: 07/06/2015 - 16:09:59 - [] ----D C:\Users\Emachines\AppData\Local\GWX
O43 - CFD: 01/07/2015 - 14:28:34 - [] ----D C:\Users\Emachines\AppData\Local\SmartWeb =>PUP.SmartWeb
O43 - CFD: 10/11/2014 - 22:32:38 - [] ----D C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon Stone
O43 - CFD: 01/12/2013 - 16:48:44 - [] ----D C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn 3 - Trail of Shadows
O43 - CFD: 30/07/2014 - 11:19:55 - [] ----D C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maestro 3 Music from the Void CE 1.0
~ Program Folder: 188 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5851E6DE24E273C1AD7D4CD731A9B23C] - 01/07/2015 - 12:35:53 ---A- . (...) -- C:\Windows\win.ini [603]
O44 - LFC:[MD5.A6B23913080F6EBF35D8D0E14C29698E] - 01/07/2015 - 12:46:46 ---A- . (...) -- C:\Windows\winfix.ini [111]
O44 - LFC:[MD5.1653B66AE75A081FD98B6FC1113F66DB] - 01/07/2015 - 12:46:59 ---A- . (...) -- C:\Windows\Reimage.ini [119] =>Rogue.ReimageRepair
O44 - LFC:[MD5.F637F06CF063D9184A4E61836BD51FF7] - 01/07/2015 - 13:48:31 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [28352]
O44 - LFC:[MD5.F637F06CF063D9184A4E61836BD51FF7] - 01/07/2015 - 13:48:31 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [28352]
~ Files: 11 Legitimates Filtered in 00mn 48s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 57 Legitimates Filtered in 00mn 17s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.597EBF592334910D950F83F35D6EBFCC] [SPRF][06/06/2015] (...) -- C:\Users\Emachines\AppData\Roaming\appdataFr25.bin [24]
[MD5.E899D40EA80476805D8EE7DE0110A82E] [SPRF][19/05/2015] (...) -- C:\Users\Emachines\AppData\Roaming\appdataFr3.bin [20]
[MD5.7E1F8D1F6D341F925528B14DF5590EAF] [SPRF][05/12/2013] (...) -- C:\Users\Emachines\Desktop\PopUpStopper.exe [488032]
[MD5.953A4E0B5F19B9B4025D53621D216BA3] [SPRF][01/07/2015] (...) -- C:\Users\Emachines\Desktop\setup_gmsd_en.exe [4810368]
~ Files: 15 Legitimates Filtered in 00mn 07s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F3E0BCAC0A50EA3B7571407A7DA325C7] [WIS][31/05/2015] (.globalupdate - globalupdate.) -- C:\Windows\Installer\5bb022.msi [32768] =>PUP.GlobalUpdate
~ WIS: 1 Legitimates Filtered in 00mn 06s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 28/01/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 30/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 22/07/1658 0 | (Update Edu App) . (...) - C:\Program Files (x86)\Edu App\updateEduApp.exe =>PUP.Optional
SS - | Auto 22/07/1658 0 | (Util Edu App) . (...) - C:\Program Files (x86)\Edu App\bin\utilEduApp.exe =>PUP.Optional
SR - | Auto 28/10/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 01/03/2015 124416 | (docojino) . (...) - C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB\nst94C8.tmpfs
SR - | Auto 18/06/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 18/06/2015 1133880 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 21/05/2015 7414632 | (WinFixRealTimeProtector) . (.winfixprofessionals.com.) - C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe
SR - | Auto 01/03/2015 174592 | (wisewife) . (...) - C:\Users\Emachines\AppData\Roaming\005A2742-1425207487-E011-B295-CAAC1AB267CB\jnsdCAAC.tmp
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 42s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (16/06/2015)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 5

[HKLM\SYSTEM\CurrentControlSet\Services\Update Edu App] =>PUP.Optional^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Edu App] =>PUP.Optional^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c3357769-3570-481c-9554-97865d9054e4}_is1] =>PUP.Shopperz^
C:\Program Files (x86)\Edu App =>PUP.Optional^
C:\Program Files (x86)\SuperClick_1.10.0.16 =>PUP.SuperClick^
C:\Users\Emachines\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\Emachines\AppData\Local\Software =>Adware.Boxore
[HKCU\Software\BrowserV01.06-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16] =>PUP.SuperClick^
C:\Windows\Installer\5bb022.msi =>PUP.GlobalUpdate^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 190046 Items scanned in 05mn 47s



---\\ Informations complémentaires sur les modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>PUP.ASPackage
http://www.nicolascoolman.fr/blog/ =>Adware.GamesDesktop
http://www.nicolascoolman.fr/blog/ =>PUP.Optional
http://www.nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://www.nicolascoolman.fr/blog/ =>PUP.Shopperz
http://www.nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://www.nicolascoolman.fr/blog/ =>PUP.SuperClick
http://www.nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://www.nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://www.nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/adware-boxore =>Adware.Boxore
~ MSI: 12 link(s) detected in 00mn 00s



~ 762 Legitimates filtered by white list
End of the scan (483 lines in 15mn 03s)(0.11)

Publicité


Signaler le contenu de ce document

Publicité