Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~ Rapport de ZHPDiag v2014.5.19.68 - Nicolas Coolman (19/05/2014)
- ~ Lancé par Romain (19/05/2014 18:52:17)
- ~ Adresse du Site Web http://nicolascoolman.webs.com
- ~ Blog d'analyse software : http://nicolascoolman.byethost7.com
- ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
- ~ Traduit par Nicolas Coolman
- ~ Etat de la version :
- ~ Liste blanche : Activée par le programme
- ~ Elévation des Privilèges : OK
- ~ User Account Control (UAC): Deactivate by program
- ---\\ Navigateurs Internet
- MSIE: Internet Explorer v11.0.9600.17107
- MFIE: Mozilla Firefox 29.0.1 (Defaut)
- GCIE: Google Chrome v34.0.1847.137
- ---\\ Informations sur les produits Windows
- ~ Langage: Français
- Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
- Windows Server License Manager Script : OK
- ~ Windows Operating System - Windows(R) 7, OEM_SLP channel
- System Locked Preinstallation (OEM_SLP) : OK
- Windows ID Activation : OK
- ~ Windows Partial Key : 3Q6C9
- Windows License : OK
- ~ Windows Remaining Initializations Number : 1
- Software Protection Service (Protection logicielle) : OK
- Windows Automatic Updates : OK
- Windows Activation Technologies : OK
- ---\\ Logiciels de protection du système
- Panda Cloud Cleaner v1.0.98
- Panda Internet Security 2014 v19.01.01
- Windows Defender W7
- ---\\ Logiciels d'optimisation du système
- ---\\ Logiciels de partage PeerToPeer
- ---\\ Surveillance de Logiciels
- Adobe Flash Player 13 Plugin
- Adobe Reader XI
- Java 7 Update 51
- Java 7 Update 55
- ---\\ Informations sur le système
- ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
- ~ Operating System: 64 Bits
- Boot mode: Normal (Normal boot)
- Total RAM: 8094 MB (78% free)
- System Restore: Activé (Enable)
- System drive C: has 371 GB (40%) free of 910 GB
- ---\\ Mode de connexion au système
- ~ Computer Name: ROMAIN-HP
- ~ User Name: Romain
- ~ All Users Names: Romain, HomeGroupUser$, Administrateur,
- ~ Unselected Option: None
- Logged in as Administrator
- ---\\ Variables d'environnement
- ~ System Unit : C:\
- ~ %AppZHP% : C:\Users\Romain\AppData\Roaming\ZHP\
- ~ %AppData% : C:\Users\Romain\AppData\Roaming\
- ~ %Desktop% : C:\Users\Romain\Desktop\
- ~ %Favorites% : C:\Users\Romain\Favorites\
- ~ %LocalAppData% : C:\Users\Romain\AppData\Local\
- ~ %StartMenu% : C:\Users\Romain\AppData\Roaming\Microsoft\Windows\Start Menu\
- ~ %Windir% : C:\Windows\
- ~ %System% : C:\Windows\System32\
- ---\\ Enumération des unités disques
- C: Hard drive, Flash drive, Thumb drive (Free 371 Go of 910 Go)
- D: CD-ROM drive (Not Inserted)
- F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
- ---\\ Etat du Centre de Sécurité Windows
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
- ~ Security Center: 41 Legitimates Filtered in 00mn 00s
- ---\\ Recherche particulière de fichiers génériques
- [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.12/04/2012 - 09:30:16.) -- C:\Windows\Explorer.exe [2871808]
- [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
- [MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
- [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
- [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
- [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
- [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
- [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
- [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
- [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
- [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
- [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
- [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
- [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/04/2012 - 09:32:56.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
- [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
- [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
- [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
- [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
- [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
- [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
- [MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.12/04/2012 - 09:27:58.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
- ~ Generic Processes: Scanned in 00mn 00s
- ---\\ Etat des fichiers cachés (Caché/Total)
- ~ Mes images (My Pictures) : 1/246
- ~ Mes musiques (My Musics) : 1/5875
- ~ Mes Videos (My Videos) : 1/1956
- ~ Mes Favoris (My Favorites) : 1/36
- ~ Mes Documents (My Documents) : 1/18051
- ~ Mon Bureau (My Desktop) : 1/21
- ~ Menu demarrer (Programs) : 1/129
- ~ Hidden Files: Scanned in 00mn 00s
- ---\\ Processus lancés
- [MD5.60BCE8BBD1C515007BB335ACEFBFC246] - (.HP - HP Service.) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768] [PID.880]
- [MD5.341457B79B3FC31A80C346C767045879] - (.Panda Security, S.L. - Anti-malware protection support executable.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PskSvc.exe [28992] [PID.380]
- [MD5.2DD0F646190AA1ACF3B8F7941FBCFF1B] - (.Panda Security, S.L. - TPSrv Application.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\TPSrvWow.exe [173816] [PID.372]
- [MD5.E196DF9B4DA221A263B6EC7F0CFCD542] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2014\WebProxy.exe [108512] [PID.1452]
- [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1876]
- [MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2732]
- [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2620]
- [MD5.8313DC0085E8D05ED6662E90C6918443] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464] [PID.2260]
- [MD5.2BEC76BDCD1BC080210325E7B5094834] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200] [PID.2288]
- [MD5.13E838EA8652F8451F29301D3B56B17B] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648] [PID.2652]
- [MD5.54F00466439F749EDDF29CBA0BC1A28A] - (.Panda Security, S.L. - Panda Software Controler.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsCtrls.exe [177440] [PID.2704]
- [MD5.F458128A5321BB48DF7B3D8E279F6393] - (.Panda Security, S.L. - Panda Function Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavFnSvr.exe [202016] [PID.2748]
- [MD5.2AE3F6B23448443BBEF5DE207159213B] - (.Panda Security, S.L. - Panda Process Protection Service.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768] [PID.2128]
- [MD5.4D8C2645A12FDDF9CD4A68DDE8496BEF] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\pavsrvx86.exe [313664] [PID.2596]
- [MD5.CC85A36EB009F45A53FF5344CCEFD58E] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\AVENGINE.exe [225088] [PID.2568]
- [MD5.532053E8E3BB8FA7166AB4E7685FDDCC] - (.Panda Security International - Panda Host Service.) -- c:\program files (x86)\panda security\panda internet security 2014\firewall\PSHOST.exe [226560] [PID.2364]
- [MD5.196C450F2779D0B462C444DA4906EA7F] - (.Panda Security S.L. - Panda Interface Manager Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsImSvc.exe [108288] [PID.2708]
- [MD5.6241810294275CEA59EBA9733080E5EE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.648]
- [MD5.BD9457699AC9C1A0FE43398043617279] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276824] [PID.2600]
- [MD5.F76057596EF65049869098677AB72C30] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [362840] [PID.3208]
- [MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.4344]
- [MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.3448]
- [MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.3412]
- [MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.2420]
- [MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840] [PID.2388]
- [MD5.863020614D27D74CFC4194C598DEAD40] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\ApVxdWin.exe [1062880] [PID.4944]
- [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4876]
- [MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1129760] [PID.4300]
- [MD5.0737D18842CE3C65FC0D04DA0D4875B1] - (.Pas de propriétaire - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073768] [PID.3304]
- [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.5380]
- [MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.5356]
- [MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.5624]
- [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.5816]
- [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.5244]
- [MD5.4738DC864215B00B886E27A8D18CC326] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5936]
- [MD5.D4106AC79DA6DF822AD3BFCD09802F5D] - (.Panda Security, S.L. - Panda AntiSpam Trainer.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\SRVLOAD.exe [91648] [PID.5184]
- [MD5.74D1E004483998E076FBBC0DE9B59763] - (.Panda Security, S.L. - PavBckPT Aplicación.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavBckPT.exe [112128] [PID.2864]
- [MD5.292C1E04626EED84C668E7714DD6DB66] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3695912] [PID.6968]
- [MD5.44784D4AC3DA254F54BFD2249AD2D2EB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7876096] [PID.6868]
- ~ Processes Running: Scanned in 00mn 00s
- ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
- C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Preferences
- G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
- G2 - GCE: Preference [User Data\Default] [emikpifndnjfkgofoglceekhkbaicbde] Free Rider HD v.1.1 (Activé)
- G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
- G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
- G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
- ---\\ Liste des dossiers d'extension Google Chrome
- G2 - EXT: C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [Documents Google]
- ~ Google Lines Browser: 55 Legitimates Filtered in 00mn 02s
- ---\\ Internet Explorer, Proxy Management (R5)
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
- ~ Proxy management: Scanned in 00mn 00s
- ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
- F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
- F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
- F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Hosts file redirection (O1)
- ~ Le fichier hosts est sain (The hosts file is clean).
- ~ Hosts File: Scanned in 00mn 00s
- ~ Nombre de lignes (Lines number): 19
- ---\\ Autres liens utilisateurs (O4)
- O4 - GS\QuickLaunch [Romain]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- ~ Global Startup: 1 Legitimates Filtered in 00mn 00s
- ---\\ Applications lancées au démarrage du système (O4)
- O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
- O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
- O4 - HKLM\..\Run: [BoxSync] . (.Box, Inc. - Box Sync.) -- c:\Program Files\Box\Box Sync\BoxSync.exe
- O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
- O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
- O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
- O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
- O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
- O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
- O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
- O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
- O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
- O4 - HKLM\..\Wow6432Node\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\APVXDWIN.exe
- O4 - HKLM\..\Wow6432Node\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\Inicio.exe
- O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
- O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
- O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
- O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- ~ Application: Scanned in 00mn 00s
- ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
- O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
- ~ IE Extra Buttons: Scanned in 00mn 00s
- ---\\ Modification Domaine/Adresses DNS (O17)
- O17 - HKLM\System\CCS\Services\Tcpip\..\{1488A7A4-4516-4CE9-B90E-372E736FF2B4}: DhcpNameServer = 172.20.10.1
- O17 - HKLM\System\CCS\Services\Tcpip\..\{70267791-1318-455C-B279-F724C3CA5312}: DhcpNameServer = 192.168.1.1 192.168.1.1
- O17 - HKLM\System\CS1\Services\Tcpip\..\{1488A7A4-4516-4CE9-B90E-372E736FF2B4}: DhcpNameServer = 172.20.10.1
- O17 - HKLM\System\CS1\Services\Tcpip\..\{70267791-1318-455C-B279-F724C3CA5312}: DhcpNameServer = 192.168.1.1 192.168.1.1
- O17 - HKLM\System\CS2\Services\Tcpip\..\{1488A7A4-4516-4CE9-B90E-372E736FF2B4}: DhcpNameServer = 172.20.10.1
- O17 - HKLM\System\CS2\Services\Tcpip\..\{70267791-1318-455C-B279-F724C3CA5312}: DhcpNameServer = 192.168.1.1 192.168.1.1
- O17 - HKLM\System\CS2\Services\Tcpip\..\{E098E3DB-14EA-4B9C-B273-B44E98831E7B}: DhcpNameServer = 192.168.1.1 192.168.1.1
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
- ~ Domain: Scanned in 00mn 00s
- ---\\ Protocole additionnel (O18)
- O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
- ~ Protocole Additionnel: Scanned in 00mn 00s
- ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
- O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr64.dll
- O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
- ~ Winlogon: Scanned in 00mn 00s
- ---\\ Tâches planifiées en automatique (O39)
- [MD5.00000000000000000000000000000000] [APT] [{6B6D04BF-D29A-474E-88EC-C19A53994775}] (...) -- C:\Users\Romain\Downloads\win64_153318.exe (.not file.) [0]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForRomain [336]
- ~ Scheduled Task: 54 Legitimates Filtered in 00mn 00s
- ---\\ HKCU & HKLM Software Keys
- [HKCU\Software\AnnyStudio]
- [HKLM\Software\UnifL]
- ~ Key Software: 332 Legitimates Filtered in 00mn 00s
- ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
- O43 - CFD: 11/05/2014 - 23:47:57 - [] ----D C:\Program Files (x86)\SP55068
- O43 - CFD: 03/02/2014 - 21:45:12 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
- O43 - CFD: 29/04/2014 - 21:18:13 - [] ----D C:\Users\Romain\AppData\Roaming\library_dir
- ~ Program Folder: 212 Legitimates Filtered in 00mn 00s
- ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
- O44 - LFC:[MD5.64A0869F18560CD529120ADE00155C3E] - 11/05/2014 - 21:53:12 ---A- . (...) -- C:\Windows\System32\atipblup.dat [3917]
- O44 - LFC:[MD5.CFE52230DC51DDC1039FB5B67F301998] - 19/05/2014 - 06:37:31 ---A- . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG [1132]
- O44 - LFC:[MD5.CFE52230DC51DDC1039FB5B67F301998] - 19/05/2014 - 06:37:31 ---A- . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG.bck [1132]
- O44 - LFC:[MD5.3CE4D7E92B32A96D679E33E20653A1C7] - 19/05/2014 - 17:38:09 ---A- . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT [562712]
- O44 - LFC:[MD5.3CE4D7E92B32A96D679E33E20653A1C7] - 19/05/2014 - 17:38:09 ---A- . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT.bck [562712]
- ~ Files: 48 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
- O53 - SMSR:HKLM\...\startupreg\BoxSync [Key] . (.Box, Inc. - Box Sync.) -- c:\Program Files\Box\Box Sync\BoxSync.exe
- ~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
- O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
- O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
- ~ MWPS: 16 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
- O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
- ~ MWPE Keys: 12 Legitimates Filtered in 00mn 00s
- ---\\ Liste des pilotes du système (SDL) (O58)
- O58 - SDL:25/01/2014 - 13:28:07 ---A- . (.Pas de propriétaire - COMFiltr.) -- C:\Windows\System32\Drivers\COMFiltr.sys [15928]
- O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
- O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
- O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
- O58 - SDL:06/03/2012 - 05:04:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [536064]
- O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
- ~ Drivers: 90 Legitimates Filtered in 00mn 00s
- ---\\ Liste des outils de désinfection (LATC) (O63)
- O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
- ~ ADS: Scanned in 00mn 00s
- ---\\ Liste les services legacy du registre (LALS) (O64)
- O64 - Services: CurCS - 28/02/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
- ~ Legacy: 86 Legitimates Filtered in 00mn 00s
- ---\\ Menu de démarrage Internet (SMI) (O68)
- O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
- O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
- O69 - SBI: SearchScopes [HKCU] {C5A3B93B-F3CE-4C1A-A59E-250B33748D32} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
- O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
- ~ Keys: Scanned in 00mn 00s
- ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
- C:\MinGW\msys\1.0\bin\ssh-keygen.exe =>.Crack,Keygen
- C:\MinGW\msys\1.0\bin\ssh-keygen.exe =>.Crack,Keygen
- ~ Files: Scanned in 00mn 12s
- ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
- O87 - FAEL: "{B6898DA0-5658-41CA-8449-9760F0375045}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{E0D80A65-42CD-41DB-8A42-FE135DE73820}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- ~ Firewall: 2 Legitimates Filtered in 00mn 01s
- ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
- SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- SS - | Demand 10/03/2014 28768 | (BoxSyncUpdateService) . (.Box Inc..) - C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
- SS - | Auto 01/02/2012 945440 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
- SS - | Demand 28/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
- SS - | Auto 25/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Demand 25/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
- SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
- SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
- SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
- SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
- SS - | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
- SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
- SR - | Auto 01/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
- SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
- SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
- SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
- SR - | Auto 07/06/2013 1641768 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
- SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
- SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
- SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
- SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
- SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
- SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
- SR - | Auto 01/04/2014 49464 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
- SR - | Auto 05/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
- SR - | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
- SR - | Auto 02/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
- SR - | Auto 16/03/2012 162648 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
- SR - | Auto 16/03/2012 276824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
- SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsCtrls.exe
- SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavFnSvr.exe
- SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
- SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\pavsrvx86.exe
- SR - | Auto 26/11/2009 226560 | (PSHost) . (.Panda Security International.) - c:\program files (x86)\panda security\panda internet security 2014\firewall\PSHOST.exe
- SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsImSvc.exe
- SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PskSvc.exe
- SR - | Auto 06/03/2012 314880 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
- SR - | Auto 25/02/2014 173816 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\TPSrvWow.exe
- SR - | Demand 07/01/2013 401856 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
- SR - | Auto 16/03/2012 362840 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
- SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
- SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- ~ Services: Scanned in 00mn 04s
- ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
- Run by Romain at 19/05/2014 18:52:58
- ~ OS 64 not supported by MBR tool
- ~ MBR: 0 Legitimates Filtered in 00mn 00s
- ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
- Written by ad13, http://ad13.geekstog
- Run by Romain at 19/05/2014 18:53:00
- ********* Dump file Name *********
- C:\PhysicalDisk0_MBR.bin
- ~ MBR: Scanned in 00mn 02s
- ---\\ Scan Additionnel (O88)
- Database Version : 13029 - (19/05/2014)
- Clés trouvées (Keys found) : 0
- Valeurs trouvées (Values found) : 1
- Dossiers trouvés (Folders found) : 0
- Fichiers trouvés (Files found) : 0
- ~ Additionnel Scan: 492251 Items scanned in 00mn 19s
- ---\\ Récapitulatif des détections trouvées sur votre station
- ~ MSI: 0 link(s) detected in 00mn 00s
- ~ 988 Legitimates filtered by white list
- End of the scan (461 lines in 01mn 03s)(2)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement