cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.5.17.130 par Nicolas Coolman, Update du 17/05/2013
Run by Belatucadrus at 18/05/2013 18:55:24
WebSite: http://nicolascoolman.wix.com/nicolascoolman
State : Probl�me connexion internet
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 21.0

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Windows Defender W7

---\\ System Optimizer

---\\ Peer To Peer (P2P)
�Torrent v3.2.3.28705 =>P2P.�Torrent

---\\ Software Update
Adobe Flash Player 11 Plugin

---\\ System Information
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8141 MB (77% free)
System Restore: Activ� (Enable)
System drive C: has 251 GB (84%) free of 298 GB

---\\ Logged in mode
~ Computer Name: MAISON
~ User Name: Belatucadrus
~ All Users Names: Guest, Belatucadrus, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Belatucadrus\AppData\Roaming\
~ %Desktop% : C:\Users\Belatucadrus\Desktop\
~ %Favorites% : C:\Users\Belatucadrus\Favorites\
~ %LocalAppData% : C:\Users\Belatucadrus\AppData\Local\
~ %StartMenu% : C:\Users\Belatucadrus\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
A:\ Hard drive, Flash drive, Thumb drive (Free 1458 Go of 1863 Go)
C:\ Hard drive, Flash drive, Thumb drive (Free 251 Go of 298 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 388 Go of 466 Go)
E:\ CD-ROM drive (Free 0 Go of 3 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 26 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Internet Extensions for Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Windows Logon Application.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Software Licensing Library.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - NT File System Driver.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/4
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 2/4
~ Mon Bureau (My Desktop) : 0/0
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560] [PID.2604]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.2276]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.2160]
[MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.2324]
[MD5.8B61DF0ECEE51B60589DAEC26E3CB9E9] - (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe [1339904] [PID.932]
[MD5.C2D2C87649E0315B4356B51498882B37] - (.VideoLAN - VLC media player 2.0.5.) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [108544] [PID.3668]
[MD5.016AC8AC56469A8E2299615CA5A41063] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7368704] [PID.1292]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2438145185-3781471421-3257149142-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: mIRC.lnk . (.mIRC Co. Ltd. - mIRC.) -- D:\Logiciels\pred\mirc.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Opera Internet Browser.lnk . (.Opera Software - Opera Internet Browser.) -- D:\Logiciels\Operanite\opera.exe
O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\TaskBar: VLC media player.lnk . (.VideoLAN - VLC media player 2.0.5.) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Guitar Pro 6.lnk . (...) -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.�Torrent
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
~ Winsock: 6 Legitimates Filtered in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9975452A-4487-41DB-B933-4F5C12F39483}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9975452A-4487-41DB-B933-4F5C12F39483}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9975452A-4487-41DB-B933-4F5C12F39483}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Driver Sweeper version 2.6.0 - (.Phyxion.net.) [HKLM][64Bits] -- {5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1
O42 - Logiciel: EZdrummer - (.Toontrack.) [HKLM][64Bits] -- {43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}
O42 - Logiciel: Hot CPU Tester Pro 4.4.1 - (.7Byte Computers.) [HKLM][64Bits] -- {5A39D5C2-A28B-421D-925A-0390FD1E5529}_is1
O42 - Logiciel: UBCD4Win 3.60 - (.UBCD4Win Team - Benjamin Burrows.) [HKLM][64Bits] -- UBCD4Win_is1
~ Logic: 58 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\Phyxion.net]
[HKLM\Software\Wow6432Node\UBCD4Win]
~ Key Software: 132 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/05/2013 - 00:28:59 - [4,060] ----D C:\Program Files (x86)\Hot CPU Tester Pro 4 LE
O43 - CFD: 14/05/2013 - 00:43:49 - [14,010] ----D C:\Program Files (x86)\Phyxion.net
~ Program Folder: 100 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.D045A97D625B5336970AD5F3AA948952] - 18/05/2013 - 14:35:30 ----- . (...) -- C:\bootsqm.dat [3344]
O44 - LFC:[MD5.EB84E26023B0EA09C84424ACD49C3D40] - 18/05/2013 - 03:59:28 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [429097]
O44 - LFC:[MD5.352AF067F79F162E522F1728FA18E991] - 14/05/2013 - 12:39:53 ---A- . (...) -- C:\Windows\ntbtlog.txt [88376]
O44 - LFC:[MD5.54B2011D597926BB30982BCA2022C6AC] - 13/05/2013 - 23:30:25 ---A- . (...) -- C:\HCT.Log [11530]
O44 - LFC:[MD5.B4A06F510852291734D8B0ADED65818B] - 13/05/2013 - 23:28:59 ---A- . (.eSellerate Inc. - eSellerateEngine.) -- C:\Windows\eSellerateEngine.dll [360580]
~ Files: 80 Legitimates Filtered in 00mn 01s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 04/01/2005 - 01:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\SysWOW64\npptNT2.sys [4682]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Opera Software - Opera Internet Browser.) -- D:\Logiciels\Operanite\Opera.exe
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Opera Software - Opera Internet Browser.) -- D:\Logiciels\Operanite\Opera.exe
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.FD306A29934D84ED646E71661F25F4F5] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - AuConv DLL.) -- C:\Users\Belatucadrus\AppData\Local\Temp\AuConv.dll [147456]
[MD5.E66211F9DD062CB43A8543A8E0E845D1] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - AuConvEx DLL.) -- C:\Users\Belatucadrus\AppData\Local\Temp\AuConvEx.dll [90112]
[MD5.BC83A900C7A1AA2344CC51C8DF751618] [SPRF][14/03/2013] (.Microsoft Corporation - Boot Configuration Data Editor.) -- C:\Users\Belatucadrus\AppData\Local\Temp\bcdedit.exe [300104]
[MD5.4D4D3111870504A547A4CA94E5B95CD1] [SPRF][14/03/2013] (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Boot Dynamic Link Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\Boot.dll [714376]
[MD5.8BB5651053222E2AFF9E728854ED715F] [SPRF][14/03/2013] (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup BootDriver Dynamic Link Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\BootDriver.dll [60552]
[MD5.C526AFF2AA3154AF27AE8D368A038B8D] [SPRF][14/03/2013] (.Microsoft Corporation - Boot Sector Manipulation Tool.) -- C:\Users\Belatucadrus\AppData\Local\Temp\bootsect.exe [102472]
[MD5.695D4363950001AAB8B136B3F4C9E465] [SPRF][14/03/2013] (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Burn Dynamic Link Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\Burn.dll [76424]
[MD5.EAE8FB46AECB26D2FD06343D1EF0EE7F] [SPRF][14/03/2013] (...) -- C:\Users\Belatucadrus\AppData\Local\Temp\CodeLog.dll [45568]
[MD5.2DC27034C8FDF782C245C0B6CD27778C] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - DataMana DLL.) -- C:\Users\Belatucadrus\AppData\Local\Temp\DataMana.dll [102400]
[MD5.585353E5EA55A84DBE56C4CFC5829C30] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - DevCtrl DLL.) -- C:\Users\Belatucadrus\AppData\Local\Temp\DevCtrl.dll [106496]
[MD5.8F97768B5A964E847222B21EBA9BBCF2] [SPRF][14/03/2013] (...) -- C:\Users\Belatucadrus\AppData\Local\Temp\FatLib.dll [68096]
[MD5.7642451EACEB37B1AB43BB0633BBA61C] [SPRF][14/03/2013] (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup GetDriverInfo Dynamic Link Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\GetDriverInfo.dll [53896]
[MD5.E5573C59A48271BA4A87DE886125602F] [SPRF][14/03/2013] (.CHENGDU YIWO Tech Development Co., Ltd - EASEUS Todo Backup Application.) -- C:\Users\Belatucadrus\AppData\Local\Temp\grubinst.exe [123464]
[MD5.7A365CF43A25575732E86DA94D519EBC] [SPRF][10/04/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\Belatucadrus\AppData\Local\Temp\install_flashplayer11x32_chrd_aih.exe [1014800]
[MD5.F7EA739AC75F2A90823B27F2FD14C7B7] [SPRF][14/03/2013] (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Data Recovery Wizard WinPE Edition.) -- C:\Users\Belatucadrus\AppData\Local\Temp\ISOExport.exe [2248776]
[MD5.462DDCC5EB88F34AED991416F8E354B2] [SPRF][17/02/2013] (.Microsoft Corporation - MFCDLL Shared Library - Retail Version.) -- C:\Users\Belatucadrus\AppData\Local\Temp\mfc90.dll [1156600]
[MD5.B9030D821E099C79DE1C9125B790E2DA] [SPRF][17/02/2013] (.Microsoft Corporation - MFCDLL Shared Library - Retail Version.) -- C:\Users\Belatucadrus\AppData\Local\Temp\mfc90u.dll [1162744]
[MD5.D4E7C1546CF3131B7D84B39F8DA9E321] [SPRF][17/02/2013] (.Microsoft Corporation - MFC Managed Library - Retail Version.) -- C:\Users\Belatucadrus\AppData\Local\Temp\mfcm90.dll [59904]
[MD5.371226B8346F29011137C7AA9E93F2F6] [SPRF][17/02/2013] (.Microsoft Corporation - MFC Managed Library - Retail Version.) -- C:\Users\Belatucadrus\AppData\Local\Temp\mfcm90u.dll [59904]
[MD5.16CC36BEB12C301A94E4C89EAAD744FA] [SPRF][14/03/2013] (.Microsoft Corporation - Microsoft ACM Audio Filter.) -- C:\Users\Belatucadrus\AppData\Local\Temp\msacm32.dll [71168]
[MD5.4A8BC195ABDC93F0DB5DAB7F5093C52F] [SPRF][17/02/2013] (.Microsoft Corporation - Microsoft� C Runtime Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\msvcm90.dll [224768]
[MD5.6DE5C66E434A9C1729575763D891C6C2] [SPRF][17/02/2013] (.Microsoft Corporation - Microsoft� C++ Runtime Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\msvcp90.dll [568832]
[MD5.E7D91D008FE76423962B91C43C88E4EB] [SPRF][17/02/2013] (.Microsoft Corporation - Microsoft� C Runtime Library.) -- C:\Users\Belatucadrus\AppData\Local\Temp\msvcr90.dll [655872]
[MD5.D5F29700BB1C0A3757D32BBAAA215EFB] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - YNET DVD&CD Burning SDK.) -- C:\Users\Belatucadrus\AppData\Local\Temp\RecLib.dll [286720]
[MD5.94A0000C823EF52AD9EBD173A5BD3218] [SPRF][16/05/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\Belatucadrus\AppData\Local\Temp\SkypeSetup.exe [30671464]
[MD5.0EDE7F69652616D13CDCD36B4D97C42E] [SPRF][14/03/2013] (...) -- C:\Users\Belatucadrus\AppData\Local\Temp\syslinux.exe [31816]
[MD5.9093650FC3B76E53AD86696C89F49BFC] [SPRF][23/04/2013] (...) -- C:\Users\Belatucadrus\AppData\Local\Temp\temp.exe [147775403]
[MD5.6DCBB133F6E7E69516964992D8F68B7D] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - UserRes DLL.) -- C:\Users\Belatucadrus\AppData\Local\Temp\UserRes.dll [9408512]
[MD5.B7BA206767D9C79B5E75D75332711B6C] [SPRF][14/03/2013] (.YNET Technology Co.,Ltd. (www.softgogo.com) - UserResEx DLL.) -- C:\Users\Belatucadrus\AppData\Local\Temp\UserResEx.dll [2244608]
~ Files: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.12178 - (17/05/2013)
Cl�s trouv�es (Keys found) : 12
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Phyxion.net\OpenCandy] =>Adware.OpenCandy
~ Additionnel Scan: 158434 Items scanned in 00mn 07s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 17760 | (HDDHealth) . (...) - C:\Program Files (x86)\HDD Health\HDDHealthService.exe
SS - | Disabled 17/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand ??\??\???? 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Disabled 15/04/2013 3289208 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Disabled 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s



~ 822 Legitimates filtered by white list
End of the scan (364 lines in 00mn 34s)(0)

Publicité


Signaler le contenu de ce document

Publicité