~ ZHPDiag v2016.12.24.251 Par Nicolas Coolman (2016/12/24) ~ Démarré par Manon Goudstikker (Administrator) (2016/12/24 13:35:06) ~ Web: https://www.nicolascoolman.com ~ Blog: https://www.anti-malware.top ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ Etat de la version: Version OK ~ Mode: Scanner ~ Rapport: C:\Users\Manon Goudstikker\Desktop\ZHPDiag.txt ~ Rapport: C:\Users\Manon Goudstikker\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ Démarrage du système: Normal (Normal boot) Windows 10 Pro, 64-bit (Build 14393) =>.Microsoft Corporation ---\\ Informations sur les produits Windows (3) - 3s ~ Windows Server License Manager Script : OK System - VBScript Engine not found Windows Automatic Updates : OK ---\\ Logiciels de protection (1) - 19s Windows Defender (Activate) (Protection) ---\\ Surveillance de Logiciels (1) - 21s ~ Adobe Flash Player 23 PPAPI (Surveillance) ---\\ Logiciels de partage P2P (1) - 21s ~ µTorrent v3.4.9.43085 (P2P) ---\\ Informations sur le système (6) - 0s ~ Operating System: Intel64 Family 6 Model 23 Stepping 7, GenuineIntel ~ Operating System: 64-bit ~ Boot mode: Normal (Normal boot) Total RAM: 4193.508 MB (47% free) : OK =>.RAM Value System Restore: Activé (Enable) System drive C: has 127 GB (28%) free of 445 GB : OK =>.Disk Space ---\\ Mode de connexion au système (3) - 0s ~ Computer Name: MANON ~ User Name: Manon Goudstikker ~ Logged in as Administrator ---\\ Etat du Centre de Sécurité Windows (7) - 0s [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Recherche particulière de fichiers génériques (25) - 3s [MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - 23/03/2016 - (.Microsoft Corporation - Explorateur Windows.) -- C:\WINDOWS\Explorer.exe [327808] =>.Microsoft Windows® [MD5.C7645D43451C6D94D87F4D07BDE59C89] - 23/03/2016 - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [327808] =>.Microsoft Corporation [MD5.99A19C9A74E2F9820E501DCE77F84F70] - 23/03/2016 - (.Microsoft Corporation - Application de démarrage de Windows.) -- C:\WINDOWS\System32\Wininit.exe [327808] =>.Microsoft Windows Publisher® [MD5.E584CDC70F694F9A984A060A8291EB04] - 23/03/2016 - (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\WINDOWS\System32\wininet.dll [327808] =>.Microsoft Corporation [MD5.DE6DF9BBBECAFDEF462A37D839167368] - 23/03/2016 - (.Microsoft Corporation - Application d’ouverture de session Windows.) -- C:\WINDOWS\System32\Winlogon.exe [327808] =>.Microsoft Corporation [MD5.9600B7F2F89DE60A80D13DE42F672834] - 23/03/2016 - (.Microsoft Corporation - Bibliothèque de licences.) -- C:\WINDOWS\System32\sppcomapi.dll [327808] =>.Microsoft Corporation [MD5.96B8A433F6407DE34850927C96C6CE9B] - 23/03/2016 - (.Microsoft Corporation - DNS DLL de l’API Client.) -- C:\WINDOWS\System32\dnsapi.dll [327808] =>.Microsoft Windows® [MD5.227CFE3EDA82029AAC1C088A16297CD7] - 23/03/2016 - (.Microsoft Corporation - DNS DLL de l’API Client.) -- C:\WINDOWS\Syswow64\dnsapi.dll [327808] =>.Microsoft Windows® [MD5.7ABD5430F75A7FDDE5323B354C77514F] - 23/03/2016 - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) -- C:\WINDOWS\System32\fr-FR\user32.dll.mui [327808] =>.Microsoft Corporation [MD5.323AA1953ED9C01E23F740FA891FE064] - 23/03/2016 - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [327808] =>.Microsoft Windows® [MD5.A10F989A812B57B9695F6C305907C9C6] - 23/03/2016 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [327808] =>.Microsoft Windows® [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - 23/03/2016 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [327808] =>.Microsoft Corporation [MD5.613D0137C269187FA298A157E3D14A18] - 23/03/2016 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [327808] =>.Microsoft Corporation [MD5.0D1D392ED2597F295956D058D33BD7C3] - 23/03/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [327808] =>.Microsoft Corporation [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - 23/03/2016 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [327808] =>.Microsoft Corporation [MD5.B54B30992620C97230013A74461C8517] - 23/03/2016 - (.Microsoft Corporation - Pilote de port i8042.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [327808] =>.Microsoft Corporation [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - 23/03/2016 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [327808] =>.Microsoft Corporation [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - 23/03/2016 - (.Microsoft Corporation - Minirdr SMB Windows NT.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [327808] =>.Microsoft Windows® [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - 23/03/2016 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [327808] =>.Microsoft Corporation [MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - 23/03/2016 - (.Microsoft Corporation - Pilote du système de fichiers NT.) -- C:\WINDOWS\System32\drivers\ntfs.sys [327808] =>.Microsoft Windows® [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - 23/03/2016 - (.Microsoft Corporation - Pilote de port parallèle.) -- C:\WINDOWS\System32\drivers\Parport.sys [327808] =>.Microsoft Corporation [MD5.17E565710172ED71B8531D8822E1C5D1] - 23/03/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [327808] =>.Microsoft Corporation [MD5.7135785C21CA79D270D11037C43D3F19] - 23/03/2016 - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RD.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [327808] =>.Microsoft Corporation [MD5.9D2DD64A0B51C56285512DC9454340F6] - 23/03/2016 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [327808] =>.Microsoft Windows® [MD5.BF2546583BB75F01DDA60A7921DFB230] - 23/03/2016 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [327808] =>.Microsoft Windows® ---\\ Google Chrome, Démarrage,Recherche,Extensions (5) - 0s G0 - GCSP: Preferences [User Data\Default][HomePage] http://accounts.google.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients4.google.com =>.Google Inc. G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc. ---\\ Firefox, Plugins,Demarrage,Recherche,Extensions (5) - 3s M0 - MFSP: prefs.js [Manon Goudstikker - 1hszqyaq.default] http://fr-be.yahoo.com/ =>.Yahoo! Inc. P2 - EXT: (.Microsoft Corporation - The plugin allows you to have a better expe.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll =>.Microsoft Corporation® P2 - EXT FILE: (.Microsoft Corporation - Bing Search.) -- C:\Users\Manon Goudstikker\AppData\Roaming\Mozilla\Firefox\Profiles\1hszqyaq.default\extensions\bingsearch.full@microsoft.com.xpi =>.Microsoft Corporation P2 - EXT FILE: (.Yahoo® - Yahoo Search.) -- C:\Users\Manon Goudstikker\AppData\Roaming\Mozilla\Firefox\Profiles\1hszqyaq.default\searchplugins\yahoo-lavasoft.xml =>.Yahoo® P2 - EXT: (.http://www.cacaoweb.org/ - cacaoweb.) -- C:\Users\Manon Goudstikker\AppData\Roaming\Mozilla\Firefox\Profiles\1hszqyaq.default\extensions\cacaoweb@cacaoweb.org =>.Superfluous.CacaoWeb ---\\ Internet Explorer,Démarrage,Recherche,URLSearchHook (19) - 1s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr-be.yahoo.com/ =>.Yahoo! Inc. R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com =>.Google Inc. R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com =>.Google Inc. R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com =>.Google Inc. R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1 ---\\ Internet Explorer,Proxy Management (5) - 0s R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] ---\\ Internet Explorer,IniFiles, Autoloading programs (3) - 0s F2 - REG:system.ini: UserInit= F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: VMApplet= ---\\ Scan Additionnel (1) - 0s C:\Users\Manon Goudstikker\AppData\Roaming\Mozilla\Firefox\Profiles\1hszqyaq.default\extensions\cacaoweb@cacaoweb.org =>.Superfluous.CacaoWeb ---\\ Récapitulatif des éléments trouvés sur votre station (1) - 0s https://www.anti-malware.top/2016/04/30/superfluous-cacaoweb/ =>.Superfluous.CacaoWeb ~ End of the scan, 83905 items in 00mn37s (130)