cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.19.35 - Nicolas Coolman (19/04/2014)
~ Lancé par Marvin (20/04/2014 18:37:45)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17031
MFIE: Mozilla Firefox 28.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : PRYQ6
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.7
Vuze v5.3.0.0 =>P2P.Azureus

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8075 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 705 GB (77%) free of 915 GB

---\\ Mode de connexion au système
~ Computer Name: ASPIRE
~ User Name: Marvin
~ All Users Names: Marvin, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marvin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marvin\AppData\Roaming\
~ %Desktop% : C:\Users\Marvin\Desktop\
~ %Favorites% : C:\Users\Marvin\Favorites\
~ %LocalAppData% : C:\Users\Marvin\AppData\Local\
~ %StartMenu% : C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 705 Go of 915 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Explorateur Windows.) (.12/04/2014 - 07:41:04.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/03/2014 - 11:09:56.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.18/03/2014 - 11:09:53.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 11:09:55.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.12/04/2014 - 07:41:03.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 11:09:57.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.12/04/2014 - 07:41:03.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2014 - 07:41:03.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 10:41:24.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.18/03/2014 - 11:09:37.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/17
~ Mes musiques (My Musics) : 2/121
~ Mes Videos (My Videos) : 2/87
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/3597
~ Mon Bureau (My Desktop) : 1/10093
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 08s



---\\ Processus lancés
[MD5.293770C94202D1EA18EE27E0D3EB6A41] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032] [PID.5788]
[MD5.4C41287B6AEF44D9F4233403F1614671] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408] [PID.5780]
[MD5.7E6B107120108B3A15BFECE0DE3201DB] - (.Google Inc. - Google Crash Handler.) -- C:\Users\Marvin\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe [228744] [PID.2516]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5488]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.2476]
[MD5.DE7F11C59789AD6616F2381BBC48A97F] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe [1821888] [PID.4516]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6768]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.6324]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.3824]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8219648] [PID.8028]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1960]
[MD5.6822CA012769844EB14FD6634F22C4F6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192] [PID.1044]
[MD5.B3E5887095F1DE8737DA3441D29F60E4] - (.RealNetworks, Inc. - Online Games Manager.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568] [PID.2496]
[MD5.363B76E94C65E235C2D6F676B49829E5] - (.VMware, Inc. - VMware NAT Service.) -- C:\WINDOWS\SysWOW64\vmnat.exe [437328] [PID.2592]
[MD5.549CD7035F5CF5CEE4DE11539C9715F4] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86096] [PID.2708]
[MD5.9C9D86BEDE5D4A357FD7924F2CB02791] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe [358480] [PID.1140]
[MD5.F42CA2A1F8987CCE13BBE7582D90F35C] - (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200] [PID.3448]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.3980]
[MD5.8939CBB2526CB87C476DB9ABBF243AE0] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.4992]
[MD5.E0E4A1F81A7D69C595A8A9DDAD084C19] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe [769432] [PID.4540]
[MD5.2F3B5A3567FFB343D8867C3D34C687F1] - (.Valve Corporation - Steam Client Service.) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe [568512] [PID.6716]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 21 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: FileZilla.lnk . (.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
O4 - GS\Desktop [Public]: GeForce Experience.lnk . (.NVIDIA - NVIDIA GeForce Experience.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
O4 - GS\Desktop [Public]: Goat Simulator.lnk . (.Epic Games, Inc. - Pas de description.) -- C:\Program Files (x86)\Goat Simulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe =>.VMware, Inc
O4 - GS\Desktop [Public]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Goat Simulator.lnk . (.Epic Games, Inc. - Pas de description.) -- C:\Program Files (x86)\Goat Simulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\QuickLaunch [Marvin]: Google Chrome.lnk - Clé orpheline
O4 - GS\QuickLaunch [Marvin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Marvin]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe =>.VMware, Inc
O4 - GS\TaskBar [Marvin]: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Marvin]: Documents.lnk . (...) -- C:\Users\Marvin\Documents
O4 - GS\Program [Marvin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Marvin]: Amnesia.lnk . (...) -- C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Launcher.exe
O4 - GS\Desktop [Marvin]: LFS.lnk . (...) -- C:\LFS\LFS.exe
O4 - GS\Desktop [Marvin]: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Marvin]: Alertes de surveillance de l'encre - HP Deskjet 3050A J611 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-2859820766-4216485214-4291460723-1002\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2859820766-4216485214-4291460723-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2859820766-4216485214-4291460723-1002\..\Run: [HP Deskjet 3050A J611 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14568838-BBE9-4E91-982A-26F5A74431B9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D76FE5BC-42EE-4BD5-B9D2-B5D92E051F14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{14568838-BBE9-4E91-982A-26F5A74431B9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D76FE5BC-42EE-4BD5-B9D2-B5D92E051F14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (...) -- igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 335.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.A9BA69642DFCB172F38E7F61E62AE193] [APT] [{5BF79431-459F-4A93-A9A6-33917E6899FA}] (...) -- C:\LFS\LFS.exe [2052096]
[MD5.00000000000000000000000000000000] [APT] [{A4FAD194-39B0-428D-AE1A-C23644835D84}] (...) -- C:\Users\Marvin\Downloads\BROFORCE_Brototype_Windows\BROFORCE_Brototype.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CE1A2DB1-E31F-4A7C-AB74-CA4D4308725D}] (...) -- C:\GameHouse Games\Cut the Rope\CutTheRope.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: Contagion - (.Monochrome LLC.) [HKLM][64Bits] -- Steam App 238430
O42 - Logiciel: Goat Simulator - (...) [HKLM][64Bits] -- R29hdFNpbXVsYXRvcg==_is1
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 279 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2014 - 14:52:03 - [] ----D C:\Program Files (x86)\Goat Simulator
O43 - CFD: 11/04/2014 - 19:53:56 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 18/04/2014 - 19:59:52 - [] -SH-D C:\Users\Marvin\AppData\Local\EmieSiteList
O43 - CFD: 18/04/2014 - 19:59:52 - [] -SH-D C:\Users\Marvin\AppData\Local\EmieUserList
O43 - CFD: 19/04/2014 - 12:31:58 - [] ----D C:\Users\Marvin\AppData\Local\Win7UI
~ Program Folder: 163 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A8195D18342858EABCC67D60C47257A6] - 12/04/2014 - 06:30:25 ---A- . (...) -- C:\Windows\WindowsUpdate (1).log [1665824]
O44 - LFC:[MD5.E298081C108A8FB4C1C48FC105973710] - 12/04/2014 - 06:56:42 ---A- . (...) -- C:\Windows\DtcInstall.log [4893]
O44 - LFC:[MD5.CFF445C4413902FC39FC81895998B579] - 12/04/2014 - 07:05:46 ---A- . (...) -- C:\Windows\System32\emptyregdb.dat [23108]
O44 - LFC:[MD5.736F372780E8B1707385435C29E0C21D] - 12/04/2014 - 07:06:03 ---A- . (...) -- C:\Windows\comsetup.log [6523]
O44 - LFC:[MD5.9B2C4A2B498F91D769AD53FAB4794D1A] - 12/04/2014 - 07:06:04 ---A- . (...) -- C:\Windows\diagerr.xml [28578]
O44 - LFC:[MD5.9B2C4A2B498F91D769AD53FAB4794D1A] - 12/04/2014 - 07:06:04 ---A- . (...) -- C:\Windows\diagwrn.xml [28578]
O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 12/04/2014 - 07:41:03 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387210]
O44 - LFC:[MD5.528F558212E5C2358F28E1624A473392] - 12/04/2014 - 08:12:02 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [24544]
O44 - LFC:[MD5.8F18FE6AF5D85C0FBA83BE6C8489D2CC] - 12/04/2014 - 08:18:54 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3649185]
O44 - LFC:[MD5.F7424D6CF244922D045D00F3EF111535] - 12/04/2014 - 08:43:12 ---A- . (...) -- C:\Windows\System32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat [244]
O44 - LFC:[MD5.3BC10FA856911EAE5FE7CD700FE137B5] - 12/04/2014 - 08:43:12 ---A- . (...) -- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat [451]
O44 - LFC:[MD5.DA678C670EA5BC7529636A44F1A87230] - 12/04/2014 - 08:43:42 ---A- . (...) -- C:\Windows\System32\results.xml [16264]
O44 - LFC:[MD5.E47A844AC4B2A85B1E4EAE78C6E40FD9] - 12/04/2014 - 08:56:54 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [180]
O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 12/04/2014 - 09:16:27 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
O44 - LFC:[MD5.DEAF0FD88FB596B8CEEF9C5F65359AD0] - 12/04/2014 - 23:37:57 ---A- . (...) -- C:\Windows\DPINST.LOG [10498]
O44 - LFC:[MD5.38839344F7A7B77FF533DD52B4450244] - 12/04/2014 - 23:37:57 ---A- . (...) -- C:\Windows\Synaptics.log [1480]
O44 - LFC:[MD5.8B916E7CAAD84767503F2689F41BADEE] - 19/04/2014 - 10:36:24 ---A- . (...) -- C:\Windows\DirectX.log [62662]
O44 - LFC:[MD5.A269AE8D704AE5BABD74E4998960D89E] - 20/04/2014 - 11:09:03 ---A- . (...) -- C:\Windows\ntbtlog.txt [990284]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/04/2014 - 12:42:24 ---A- . (...) -- C:\Recovery.txt [0]
~ Files: 372 Legitimates Filtered in 00mn 07s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.A5B22EACF1DA28E19CC9F80D37978657] - 20/10/2009 - 09:34:26 ---A- . (.QUANTA - Quanta Generic IO Access.) -- C:\Windows\System32\Drivers\QRDCIO.sys [9728]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 20 Legitimates Filtered in 00mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{27717A5A-9B0F-48AB-A2C6-B8913C0CB588}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe (.not file.)
O87 - FAEL: "{7E69EC38-9618-4B63-83DB-8913B6F59B0B}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe (.not file.)
O87 - FAEL: "{045A45E0-4AA5-4078-B3DD-F5458130F668}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe (.not file.)
O87 - FAEL: "{07725F26-47F5-4CBA-8962-E0C6BA0D29B0}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe (.not file.)
O87 - FAEL: "{D19303F5-CB7C-46E8-A5FE-D6F2A1BDE94F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
O87 - FAEL: "{720B7DAB-9695-480E-BE19-B27B86609161}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
~ Firewall: 307 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
~ Update Products: 56 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/03/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28/02/2013 227968 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
SR - | Demand 18/01/2013 660040 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SR - | Auto 17/03/2014 282096 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 26/04/2013 431656 | (LMSvc) . (.Acer Incorporate.) - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 14/07/2012 769432 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 02/04/2014 1615192 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 02/04/2014 20541216 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 27/03/2014 581568 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
SR - | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 18/10/2013 86096 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 10/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\WINDOWS\system32\vmnetdhcp.exe
SR - | Auto 09/10/2013 905272 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 10/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\WINDOWS\system32\vmnat.exe
SR - | Auto 18/10/2013 14405200 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 07s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (19/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 324432 Items scanned in 00mn 45s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s



~ 1362 Legitimates filtered by white list
End of the scan (442 lines in 01mn 46s)(0)

Publicité


Signaler le contenu de ce document

Publicité