Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
- ~ Lancé par Psyko (22/04/2015 07:22:19)
- ~ Facebook : https://www.facebook.com/nicolascoolman1
- ~ Adresse du Forum http://forum.nicolascoolman.fr
- ~ Traduit par Nicolas Coolman
- ~ Etat de la version : Version à jour.
- ~ Liste blanche : Activée par le programme
- ~ Elévation des Privilèges : OK
- ~ User Account Control (UAC): Activate by user
- ---\\ Navigateurs Internet
- MSIE: Internet Explorer v11.0.9600.17728
- MFIE: Mozilla Firefox 36.0.1
- GCIE: Google Chrome v42.0.2311.90 (Defaut)
- ---\\ Informations sur les produits Windows
- ~ Langage: Français
- Windows Server License Manager Script : OK
- ~ Windows Operating System - Windows(R) 7, OEM_SLP channel
- System Locked Preinstallation (OEM_SLP) : OK
- Windows ID Activation : OK
- ~ Windows Partial Key : HYRR2
- Windows License : OK
- ~ Windows Remaining Initializations Number : 3
- Software Protection Service (Protection logicielle) : OK
- Windows Automatic Updates : OK
- Windows Activation Technologies : OK
- Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
- ---\\ Logiciels de protection du système
- Malwarebytes Anti-Malware version 2.1.4.1018
- Windows Defender W7 (Activate)
- ---\\ Logiciels d'optimisation du système
- CCleaner v5.04
- ---\\ Logiciels de partage PeerToPeer
- qBittorrent 3.1.12 v3.1.12 =>P2P.BitTorrent
- µTorrent v3.3.0.29342 =>P2P.µTorrent
- ---\\ Surveillance de Logiciels
- ---\\ Informations sur le système
- ~ Processor: AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD
- ~ Operating System: 64 Bits
- Boot mode: Normal (Normal boot)
- Total RAM: 16384 MB (20% free)
- System Restore: Activé (Enable)
- System drive C: has 67 GB (36%) free of 186 GB
- ---\\ Mode de connexion au système
- ~ Computer Name: PSYKO-PC
- ~ User Name: Psyko
- ~ All Users Names: Psyko, Administrateur,
- ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
- Logged in as Administrator
- ---\\ Variables d'environnement
- ~ System Unit : C:\
- ~ %AppZHP% : C:\Users\Psyko\AppData\Roaming\ZHP\
- ~ %AppData% : C:\Users\Psyko\AppData\Roaming\
- ~ %Desktop% : C:\Users\Psyko\Desktop\
- ~ %Favorites% : C:\Users\Psyko\Favorites\
- ~ %LocalAppData% : C:\Users\Psyko\AppData\Local\
- ~ %StartMenu% : C:\Users\Psyko\AppData\Roaming\Microsoft\Windows\Start Menu\
- ~ %Windir% : C:\Windows\
- ~ %System% : C:\Windows\System32\
- ---\\ Enumération des unités disques
- A: Floppy drive, Flash card reader, USB Key (Not Inserted)
- C: Hard drive, Flash drive, Thumb drive (Free 67 Go of 186 Go)
- D: Hard drive, Flash drive, Thumb drive (Free 223 Go of 298 Go)
- E: Hard drive, Flash drive, Thumb drive (Free 184 Go of 932 Go)
- F: CD-ROM drive (Not Inserted)
- J: CD-ROM drive (Not Inserted)
- K: CD-ROM drive (Not Inserted)
- L: CD-ROM drive (Not Inserted)
- ---\\ Etat du Centre de Sécurité Windows
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
- ~ Security Center: 41 Legitimates Filtered in 00mn 00s
- ---\\ Recherche particulière de fichiers génériques
- [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
- [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
- [MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
- [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
- [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
- [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
- [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
- [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
- [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
- [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
- [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
- [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
- [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
- [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
- [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
- [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
- [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
- [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
- [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
- [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
- [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
- [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
- ~ Generic Processes: Scanned in 00mn 00s
- ---\\ Etat des fichiers cachés (Caché/Total)
- ~ Mes images (My Pictures) : 1/49
- ~ Mes musiques (My Musics) : 1/3
- ~ Mes Favoris (My Favorites) : 1/26
- ~ Mes Documents (My Documents) : 1/2632
- ~ Mon Bureau (My Desktop) : 2/3536
- ~ Menu demarrer (Programs) : 1/57
- ~ Hidden Files: Scanned in 00mn 11s
- ---\\ Processus lancés
- [MD5.0E35A55D8BC0359BD0AE16C4A6356240] - (.Pas de propriétaire - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [565760] [PID.1496]
- [MD5.F5143A7CA66EB913B5463BED3D3DD8D2] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe [3120448] [PID.2428]
- [MD5.D0A518D233620D59A3D2D79511FBB736] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6212408] [PID.2452]
- [MD5.D1AAF28F39E00E4962EB80CCF32D48DB] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144] [PID.2192]
- [MD5.E7309A136B873F51F58EF6030AB1975F] - (.Logitech Inc. - Logitech LCD Movie Viewer.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe [1039640] [PID.3856]
- [MD5.F64BA2422D5AC4357261C3B1F539ED4B] - (.Logitech Inc. - Logitech LCD Video Player for YouTube™.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe [1246488] [PID.4072]
- [MD5.8EAADE6187C83AD70D99EDD9BF0CFAEA] - (.Logitech Inc. - Logitech G-series Media Display.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe [664344] [PID.3668]
- [MD5.872180A6ED5AC4A8D2D6F5B382622DC1] - (.Logitech Inc. - Logitech LCD Webcam Viewer.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe [703256] [PID.3992]
- [MD5.73162936309F3D1ADBE47602EFF47F17] - (.Pas de propriétaire - RTSS.) -- C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [197632] [PID.4980]
- [MD5.3A66FFD5CB7842772EF1B822A1A1F01F] - (.Pas de propriétaire - EncoderServer.) -- C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe [26112] [PID.3688]
- [MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.4284]
- [MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.7044]
- [MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.1580]
- [MD5.58FBDA10FC403CF9F82ABD0A68129BA3] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576] [PID.1976]
- [MD5.86701B8E4C53280AA8642AC85F8500F4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1764]
- [MD5.E27891A49DF92004041FEC5C3A2D4230] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2364]
- [MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] - (...) -- C:\Windows\system32\PnkBstrA.exe [76152] [PID.2760]
- ~ Processes Running: Scanned in 00mn 00s
- ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
- C:\Users\Psyko\AppData\Local\Google\Chrome\User Data\Default\Preferences
- ---\\ Liste des dossiers d'extension Google Chrome
- ~ Google Lines Browser: 15 Legitimates Filtered in 00mn 18s
- ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
- C:\Users\Psyko\AppData\Roaming\Mozilla\Firefox\Profiles\7ywcki6d.default\prefs.js
- C:\Users\Psyko\AppData\Roaming\Mozilla\Firefox\Profiles\7ywcki6d.default\user.js
- ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Proxy Management (R5)
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
- ~ Proxy management: Scanned in 00mn 00s
- ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
- F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
- F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
- F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Hosts file redirection (O1)
- ~ Le fichier hôte est sain (The hosts file is clean) (22)
- ~ Hosts File: Scanned in 00mn 00s
- ---\\ Autres liens utilisateurs (O4)
- O4 - GS\TaskBar [Psyko]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Psyko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- ~ Global Startup: 1 Legitimates Filtered in 00mn 04s
- ---\\ Applications lancées au démarrage du système (O4)
- O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
- O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
- O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe =>.Logitech Inc
- O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
- O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
- O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-21-3690895531-1721482217-730911594-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
- ~ Application: Scanned in 00mn 00s
- ---\\ Modification Domaine/Adresses DNS (O17)
- O17 - HKLM\System\CCS\Services\Tcpip\..\{35594E7C-954B-48A2-A3E3-A3BD81167946}: DhcpNameServer = 192.168.1.1
- O17 - HKLM\System\CS1\Services\Tcpip\..\{35594E7C-954B-48A2-A3E3-A3BD81167946}: DhcpNameServer = 192.168.1.1
- O17 - HKLM\System\CS2\Services\Tcpip\..\{35594E7C-954B-48A2-A3E3-A3BD81167946}: DhcpNameServer = 192.168.1.1
- O17 - HKLM\System\CS3\Services\Tcpip\..\{35594E7C-954B-48A2-A3E3-A3BD81167946}: DhcpNameServer = 192.168.1.1
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
- ~ Domain: Scanned in 00mn 00s
- ---\\ Protocole additionnel (O18)
- O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
- ~ Protocole Additionnel: Scanned in 00mn 00s
- ---\\ Liste des services NT non Microsoft et non désactivés (O23)
- O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
- ~ Services: 14 Legitimates Filtered in 00mn 15s
- ---\\ Tâches planifiées en automatique (O39)
- [MD5.0E35A55D8BC0359BD0AE16C4A6356240] [APT] [MSIAfterburner] (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [565760]
- [MD5.00000000000000000000000000000000] [APT] [ProPCCleaner_Popup] (...) -- C:\Program Files (x86)\Pro PC Cleaner\Splash.exe (.not file.) [0] =>PUP.DoctorPC
- [MD5.00000000000000000000000000000000] [APT] [ProPCCleaner_Start] (...) -- C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe (.not file.) [0] =>PUP.DoctorPC
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
- ~ Scheduled Task: 9 Legitimates Filtered in 00mn 02s
- ---\\ Logiciels installés (O42)
- O42 - Logiciel: FalNET G19 Display Manager - (.FalNET.) [HKLM][64Bits] -- FalNET G19 Display Manager_is1
- O42 - Logiciel: Flawless Widescreen version 1.0.15 - (.Flawless Widescreen.) [HKLM][64Bits] -- {7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1
- O42 - Logiciel: G19_BF3 0.3.0 by Timisoft - (.Timisoft.) [HKLM][64Bits] -- {126AFEB1-A5D6-4C22-98BE-F55DC27ECB47}
- O42 - Logiciel: G19_BF4 0.1.4 by Timisoft - (.Timisoft.) [HKLM][64Bits] -- {59C24EB1-15A4-41DB-82B1-ADE7A8A761E8}
- O42 - Logiciel: Internet Calculator v3.0.1 - (.Timisoft.) [HKLM][64Bits] -- {EBDC4E1E-BC18-4EFD-AE87-6D51AA06B1A4}
- O42 - Logiciel: LCDHost - a compositing plugin manager for LCD's - (.Link Data Stockholm.) [HKCU][64Bits] -- LCDHost
- O42 - Logiciel: RadeonPro 1.0 (Build 1.1.1.0) - (...) [HKLM][64Bits] -- RadeonPro_is1
- O42 - Logiciel: Robocraft - (.Freejam.) [HKLM][64Bits] -- Steam App 301520
- O42 - Logiciel: Vanity Pack version 2.0.0b10 - (...) [HKLM][64Bits] -- VanityPack_is1
- ~ Logic: 30 Legitimates Filtered in 00mn 00s
- ---\\ HKCU & HKLM Software Keys
- [HKCU\Software\CodeLeap]
- [HKCU\Software\Drivers]
- [HKCU\Software\Freejam]
- [HKCU\Software\Link Data]
- [HKCU\Software\MediaProgramasGen] =>Adware.InstallCore
- [HKCU\Software\Mojang]
- [HKCU\Software\OB]
- [HKCU\Software\ProductSetup] =>Adware.InstallCore
- [HKCU\Software\RadeonPro]
- [HKCU\Software\SKS]
- [HKCU\Software\System32]
- [HKCU\Software\Win]
- [HKLM\Software\Onihr]
- [HKLM\Software\Wow6432Node\685D6D1C-D73A-4F37-B7E5E53660311DDB]
- [HKLM\Software\Wow6432Node\Mojang]
- [HKLM\Software\Wow6432Node\Onihr]
- [HKLM\Software\Wow6432Node\RadeonPro]
- ~ Key Software: 503 Legitimates Filtered in 00mn 00s
- ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
- O43 - CFD: 10/04/2015 - 20:00:03 - [] ----D C:\Program Files (x86)\FalNET G19 Display Manager
- O43 - CFD: 11/03/2015 - 19:34:39 - [] ----D C:\Program Files (x86)\Flawless Widescreen
- O43 - CFD: 20/04/2015 - 17:35:58 - [] ----D C:\Program Files (x86)\RadeonPro
- O43 - CFD: 21/04/2015 - 18:05:26 - [] ----D C:\Program Files (x86)\Teleport Pro
- O43 - CFD: 27/03/2015 - 19:03:06 - [] ----D C:\Program Files (x86)\Timisoft
- O43 - CFD: 16/04/2015 - 15:09:38 - [] ----D C:\Program Files (x86)\Vanity Pack
- O43 - CFD: 18/03/2015 - 12:32:04 - [] ----D C:\Program Files (x86)\Windows Loader
- O43 - CFD: 08/04/2015 - 04:02:35 - [] ----D C:\ProgramData\RhinoSoft
- O43 - CFD: 06/04/2015 - 00:42:43 - [] ----D C:\ProgramData\RzSurroundVAD_1.1.60.0
- O43 - CFD: 27/03/2015 - 19:03:06 - [] ----D C:\ProgramData\Timisoft
- O43 - CFD: 10/04/2015 - 19:49:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FalNET G19 Display Manager
- O43 - CFD: 11/03/2015 - 19:33:09 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flawless Widescreen
- O43 - CFD: 16/03/2015 - 22:08:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Wipe Tool
- O43 - CFD: 27/03/2015 - 12:23:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
- O43 - CFD: 20/04/2015 - 08:53:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mephisto
- O43 - CFD: 15/04/2015 - 05:58:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mythix Repacks
- O43 - CFD: 20/04/2015 - 17:32:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadeonPro
- O43 - CFD: 08/04/2015 - 04:01:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serv-U
- O43 - CFD: 21/04/2015 - 18:05:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teleport Pro
- O43 - CFD: 27/03/2015 - 19:03:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Timisoft
- O43 - CFD: 16/04/2015 - 15:04:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vanity Pack
- O43 - CFD: 28/02/2015 - 23:37:23 - [] ----D C:\Users\Psyko\AppData\Roaming\library_dir
- O43 - CFD: 20/04/2015 - 17:38:11 - [] ----D C:\Users\Psyko\AppData\Roaming\RadeonPro
- O43 - CFD: 18/03/2015 - 13:07:44 - [0] ----D C:\Users\Psyko\AppData\Roaming\Store =>PUP.Nosibay
- O43 - CFD: 18/03/2015 - 13:07:45 - [0] ----D C:\Users\Psyko\AppData\Roaming\WTools =>PUP.Nosibay
- O43 - CFD: 18/03/2015 - 10:32:40 - [] -SH-D C:\Users\Psyko\AppData\Local\EmieBrowserModeList
- O43 - CFD: 10/04/2015 - 19:52:09 - [] ----D C:\Users\Psyko\AppData\Local\FalNET
- O43 - CFD: 19/04/2015 - 20:45:44 - [] ----D C:\Users\Psyko\AppData\Local\G19SkyNET
- O43 - CFD: 12/04/2015 - 06:36:44 - [] ----D C:\Users\Psyko\AppData\Local\openvr
- O43 - CFD: 06/04/2015 - 09:41:52 - [] ----D C:\Users\Psyko\AppData\Local\RzStats
- O43 - CFD: 11/03/2015 - 09:10:51 - [] ----D C:\Users\Psyko\AppData\Local\sgate_Media
- O43 - CFD: 19/04/2015 - 20:34:15 - [] ----D C:\Users\Psyko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCDHost
- O43 - CFD: 21/04/2015 - 18:05:24 - [0] ----D C:\Users\Psyko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teleport Pro
- ~ Program Folder: 359 Legitimates Filtered in 00mn 02s
- ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
- O44 - LFC:[MD5.8126331FBD4ED29EB3B356F9C905064D] - 14/04/2015 - 10:15:10 ---A- . (...) -- C:\Windows\GVTDrv64.sys [30528]
- O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 15/04/2015 - 00:15:53 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
- O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/04/2015 - 08:04:08 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
- O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/04/2015 - 08:04:08 ---A- . (...) -- C:\Windows\diagwrn.xml [1908]
- O44 - LFC:[MD5.E37A061764C721276691FDE3F3DD1616] - 19/04/2015 - 08:55:05 ---A- . (...) -- C:\Windows\capsys184523.log [20]
- O44 - LFC:[MD5.9F3AEEFF883D73156BBCA1E0091C991C] - 19/04/2015 - 08:55:05 ---A- . (...) -- C:\Windows\windefendam.log [4448]
- O44 - LFC:[MD5.B017973F186A0B3B4AA40774FEB3335B] - 19/04/2015 - 16:48:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [73648]
- O44 - LFC:[MD5.7315B716F9CBAF7C0016C49D72ADE8A0] - 20/04/2015 - 07:55:23 ---A- . (...) -- C:\Windows\DirectX.log [92745]
- ~ Files: 143 Legitimates Filtered in 01mn 07s
- ---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
- O51 - MPSK:{148b585f-c740-11e4-9675-00241d732d2b}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
- O51 - MPSK:{3d7368f9-c216-11e4-91aa-00241d732d2b}\AutoRun\command. (...) -- J:\Setup.exe (.not file.)
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
- O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
- O52 - TDSD: \Drivers32\"VIDC.TMB1"="tmb1-v64.dll" . (...) -- C:\Windows\System32\tmb1-v64.dll
- O52 - TDSD: \drivers.desc\"tmb1-v64.dll"="PlayClaw 3 video decoder 64" . (...) -- C:\Windows\System32\tmb1-v64.dll
- ~ TDSD: 9 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
- O53 - SMSR:HKLM\...\startupreg\KrakenLauncher [Key] . (...) -- C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenHelper.exe (.not file.)
- ~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
- O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
- O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
- ~ MWPS: 16 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
- O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
- ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
- ---\\ Liste des pilotes du système (SDL) (O58)
- O58 - SDL:04/03/2015 - 13:13:08 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [271424]
- O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
- O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
- O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
- O58 - SDL:14/06/2007 - 15:28:52 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\Windows\System32\Drivers\PAC7302.SYS [526848]
- O58 - SDL:09/02/2015 - 08:17:56 ---A- . (.Windows (R) Win 7 DDK provider - RazerSurround VAD Audio driver.) -- C:\Windows\System32\Drivers\RzSurroundVAD.sys [40640]
- O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
- ~ Drivers: 73 Legitimates Filtered in 00mn 02s
- ---\\ Liste des outils de désinfection (LATC) (O63)
- O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
- ~ ADS: Scanned in 00mn 00s
- ---\\ Liste les services legacy du registre (LALS) (O64)
- O64 - Services: CurCS - 11/02/2014 - C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys (AODDriver4.3) .(.Advanced Micro Devices - AMD OverDrive Service Driver.) - LEGACY_AODDRIVER4.3
- O64 - Services: CurCS - 11/03/2013 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (RTCore64) .(...) - LEGACY_RTCORE64
- O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
- ~ Legacy: 92 Legitimates Filtered in 00mn 00s
- ---\\ Associations Shell Spawning (O67)
- O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
- ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
- ---\\ Menu de démarrage Internet (SMI) (O68)
- O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
- O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
- O69 - SBI: SearchScopes [HKCU] {c9ab6446-7efc-47fe-966c-dc54324eff9f} [DefaultScope] - (Bing) - http://www.bing.com
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche particulière à la racine du système (SPRF) (O84)
- [MD5.3E588EBFD36C38ADA0FC9092D6A33FAB] [SPRF][31/03/2015] (.Pas de propriétaire - Crash Handling Module.) -- C:\Users\Psyko\AppData\Roaming\CrashRpt1402.dll [159200]
- [MD5.AB3BB70A429AEB4CAA3A2C9B4AFA87ED] [SPRF][31/03/2015] (...) -- C:\Users\Psyko\AppData\Roaming\Sys11965 DataCollection.dat [20]
- [MD5.67A861A518F9ACB6958127C93F1BF6AF] [SPRF][15/04/2015] (.Pas de propriétaire - FTB_Launcher.) -- C:\Users\Psyko\Desktop\FTB_Launcher.exe [6628649]
- [MD5.8692DEA1C02BDD131D1D3DA0B6505B6C] [SPRF][19/04/2010] (.Nikolay.IT - RatioMaster.NET.) -- C:\Users\Psyko\Desktop\RatioMaster.NET.exe [260608]
- [MD5.41B4F93CF1331ED0053E86E6E6DB06CB] [SPRF][01/04/2015] (...) -- C:\Users\Psyko\Desktop\zozts.bat [1064]
- ~ Files: 8 Legitimates Filtered in 00mn 01s
- ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
- O87 - FAEL: "{5B362EAB-7937-43D8-BDD6-EAAE21FD104B}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Psyko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{0F7D3146-C9D9-47F5-B744-A6C1A5B1AD23}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Psyko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- ~ Firewall: 2 Legitimates Filtered in 00mn 08s
- ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
- SS - | Demand 22/07/1658 0 | (c2wts) . (...) - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe
- SS - | Demand 22/07/1658 0 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe
- SS - | Disabled 17/12/2012 137488 | (Futuremark SystemInfo Service) . (.Futuremark Corporation.) - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
- SS - | Auto 28/02/2015 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Demand 28/02/2015 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Disabled 05/03/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
- SS - | Demand 10/04/2015 1931632 | (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
- SS - | Auto 04/11/2013 20608 | (RadeonPro Support Service) . (.Mr. John aka japamd.) - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
- SS - | Demand 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
- SS - | Auto 05/08/2013 1126240 | (Serv-U-Gateway) . (.SolarWinds Worldwide, LLC. +1(866) 530-810.) - C:\Program Files\RhinoSoft\Serv-U Gateway\Serv-U-Gateway.exe
- SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
- SS - | Demand 14/04/2015 836288 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
- SS - | Disabled 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
- SR - | Auto 31/03/2015 246272 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
- SR - | Auto 31/03/2015 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
- SR - | Auto 17/01/2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
- SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
- SR - | Auto 01/10/2014 1349576 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
- SR - | Auto 10/04/2015 2823496 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
- SR - | Auto 17/03/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
- SR - | Auto 17/03/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
- SR - | Auto 27/03/2015 76152 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
- SR - | Auto 05/08/2013 614248 | (Serv-U) . (.SolarWinds Worldwide, LLC. +1(866) 530-810.) - C:\Program Files\RhinoSoft\Serv-U\Serv-U.exe
- SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- SR - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
- SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- ~ Services: Scanned in 00mn 12s
- ---\\ Scan Additionnel (O88)
- Database Version : 13008 - (20/04/2015)
- Clés trouvées (Keys found) : 0
- Valeurs trouvées (Values found) : 1
- Dossiers trouvés (Folders found) : 2
- Fichiers trouvés (Files found) : 2
- C:\Users\Psyko\AppData\Roaming\Store =>PUP.Nosibay^
- C:\Users\Psyko\AppData\Roaming\WTools =>PUP.Nosibay^
- [HKCU\Software\MediaProgramasGen] =>Adware.InstallCore^
- [HKCU\Software\ProductSetup] =>Adware.InstallCore^
- ~ Additionnel Scan: 767627 Items scanned in 02mn 42s
- ---\\ Informations complémentaires sur les modules
- ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
- ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
- ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
- ~ AMI: 3 Legitimates Filtered in 00mn 00s
- ---\\ Récapitulatif des détections trouvées sur votre station
- http://www.nicolascoolman.fr/blog/ =>PUP.DoctorPC
- http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
- http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
- ~ MSI: 3 link(s) detected in 00mn 00s
- ~ 1216 Legitimates filtered by white list
- End of the scan (488 lines in 05mn 46s)(0.11)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement