Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~ Rapport de ZHPDiag v2015.4.13.38 - Nicolas Coolman (13/04/2015)
- ~ Lancé par Knoell (15/04/2015 23:14:05)
- ~ Facebook : https://www.facebook.com/nicolascoolman1
- ~ Adresse du Forum http://forum.nicolascoolman.fr
- ~ Traduit par Nicolas Coolman
- ~ Etat de la version : Version à jour.
- ~ Liste blanche : Activée par le programme
- ~ Elévation des Privilèges : OK
- ~ User Account Control (UAC): Activate by user
- ---\\ Navigateurs Internet
- MSIE: Internet Explorer v11.0.9600.17728
- GCIE: Google Chrome v42.0.2311.90 (Defaut)
- ---\\ Informations sur les produits Windows
- ~ Langage: Français
- Windows Server License Manager Script : OK
- ~ Windows(R) Operating System, VOLUME_KMSCLIENT channel
- Windows ID Activation : OK
- ~ Windows Partial Key : 9D6T9
- Windows License : OK
- Expiration Licence Windows : 162105 minute(s) (113 jour(s))
- ~ Windows Remaining Initializations Number : 999
- Software Protection Service (Protection logicielle) : OK
- Windows Automatic Updates : OK
- Windows Activation Technologies : OK
- Windows 8.1 Pro, 64-bit (Build 9600)
- ---\\ Logiciels de protection du système
- Kaspersky Internet Security v15.0.2.361
- Windows Defender W8 (Deactivate)
- ---\\ Logiciels d'optimisation du système
- CCleaner v5.03
- ---\\ Logiciels de partage PeerToPeer
- qBittorrent 3.1.12 v3.1.12 =>P2P.BitTorrent
- ---\\ Surveillance de Logiciels
- ---\\ Informations sur le système
- ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
- ~ Operating System: 64 Bits
- Boot mode: Normal (Normal boot)
- Total RAM: 8113 MB (52% free)
- System Restore: Activé (Enable)
- System drive C: has 25 GB (22%) free of 111 GB
- ---\\ Mode de connexion au système
- ~ Computer Name: XNOOZTV
- ~ User Name: Knoell
- ~ All Users Names: postgres, Knoell, HomeGroupUser$, Guest, Administrator,
- ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
- Logged in as Administrator
- ---\\ Variables d'environnement
- ~ System Unit : C:\
- ~ %AppZHP% : C:\Users\Knoell\AppData\Roaming\ZHP\
- ~ %AppData% : C:\Users\Knoell\AppData\Roaming\
- ~ %Desktop% : C:\Users\Knoell\Desktop\
- ~ %Favorites% : C:\Users\Knoell\Favorites\
- ~ %LocalAppData% : C:\Users\Knoell\AppData\Local\
- ~ %StartMenu% : C:\Users\Knoell\AppData\Roaming\Microsoft\Windows\Start Menu\
- ~ %Windir% : C:\Windows\
- ~ %System% : C:\Windows\System32\
- ---\\ Enumération des unités disques
- C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 111 Go)
- D: Hard drive, Flash drive, Thumb drive (Free 369 Go of 932 Go)
- E: CD-ROM drive (Not Inserted)
- ---\\ Etat du Centre de Sécurité Windows
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
- ~ Security Center: 49 Legitimates Filtered in 00mn 00s
- ---\\ Recherche particulière de fichiers génériques
- [MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
- [MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
- [MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
- [MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
- [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
- [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
- [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
- [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
- [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
- [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
- [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
- [MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.04/11/2014 - 07:54:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
- [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
- [MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
- [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
- [MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
- [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
- [MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.08/11/2014 - 04:58:31.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
- [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:54:34.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
- [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
- [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
- ~ Generic Processes: Scanned in 00mn 00s
- ---\\ Etat des fichiers cachés (Caché/Total)
- ~ Mes images (My Pictures) : 2/16
- ~ Mes musiques (My Musics) : 1/10
- ~ Mes Favoris (My Favorites) : 1/3
- ~ Mes Documents (My Documents) : 3/943
- ~ Mon Bureau (My Desktop) : 2/14134
- ~ Menu demarrer (Programs) : 1/30
- ~ Hidden Files: Scanned in 00mn 01s
- ---\\ Processus lancés
- [MD5.E9E5DADB85F756F83B61816AE0287EEA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe [192160] [PID.1656]
- [MD5.638644168D9B5B5093AD84C9C162B550] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296] [PID.4504]
- [MD5.10AA923C7622D57C3D4B1D9A4EAF14BC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744] [PID.5628]
- [MD5.94269C1CF8F45C7B82AEDE9B8F3225CE] - (...) -- C:\Users\Knoell\AppData\Roaming\nvxasync\nvxasync.exe [153822720] [PID.6492]
- [MD5.A381DE7A9E3EB7915242F91730F3B4D0] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.7184]
- [MD5.85C275BAFD6A700980813CCFA11A5E14] - (.Skillbrains - Lightshot.) -- C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe [477184] [PID.7364] =>PUP.SkillBrains
- [MD5.A55FB42F0642DBF4817543A58E97721F] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232] [PID.7372]
- [MD5.9777A48B44AD899DED87EB5767AFD516] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.6808]
- [MD5.94269C1CF8F45C7B82AEDE9B8F3225CE] - (...) -- C:\ProgramData\nvxasync\cvxasync.exe [153822720] [PID.4336]
- [MD5.05EF48203CC819B57F8665217FB6DDF5] - (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe [3632472] [PID.5300]
- [MD5.B274C20BB8E7A9D27F147C1F87B05D26] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480] [PID.6592]
- [MD5.73CD25C93C41D174AFFCB140A10A8B1E] - (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\Steam.exe [2889408] [PID.9772]
- [MD5.28E8693CE398825659632336C4B24451] - (.Valve Corporation - Steam Client WebHelper.) -- D:\Program Files (x86)\Steam\bin\steamwebhelper.exe [1543872] [PID.6888]
- [MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.3904]
- [MD5.76A12E1111EFB89E20903096D7C3CAF6] - (.Kaspersky Lab ZAO - Kaspersky Native Messaging Server for plugi.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe [854824] [PID.9916]
- [MD5.367DF91FA6F9ED1C951CCB11A6751C3E] - (...) -- D:\Telechargement\gta 5\Grand Theft Auto V\PlayGTAV.exe [494080] [PID.9472]
- [MD5.3446EFE5B35A7478CA26932084F2E1C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8197120] [PID.208]
- ~ Processes Running: Scanned in 00mn 01s
- ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
- C:\Users\Knoell\AppData\Local\Google\Chrome\User Data\Default\Preferences
- ---\\ Liste des dossiers d'extension Google Chrome
- ~ Google Lines Browser: 9 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
- R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com
- ~ IE Browser: 15 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Proxy Management (R5)
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
- ~ Proxy management: Scanned in 00mn 00s
- ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
- F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
- F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
- F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Hosts file redirection (O1)
- ~ Le fichier hôte est sain (The hosts file is clean) (6)
- ~ Hosts File: Scanned in 00mn 00s
- ---\\ Autres liens utilisateurs (O4)
- O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
- O4 - GS\QuickLaunch [Knoell]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
- ~ Global Startup: 2 Legitimates Filtered in 00mn 00s
- ---\\ Applications lancées au démarrage du système (O4)
- O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
- O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
- O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
- O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
- O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
- O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
- O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
- O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
- O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
- O4 - HKCU\..\Run: [nvxasync] . (...) -- C:\Users\Knoell\AppData\Roaming\nvxasync\nvxasync.exe
- O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
- O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
- O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
- O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
- O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
- O4 - HKLM\..\Wow6432Node\Run: [Lightshot] . (.Pas de propriétaire - Starter Module.) -- C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe =>PUP.SkillBrains
- O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
- O4 - HKUS\S-1-5-21-1852345635-2103911194-1630133388-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
- O4 - HKUS\S-1-5-21-1852345635-2103911194-1630133388-1001\..\Run: [AdobeBridge] Clé orpheline
- O4 - HKUS\S-1-5-21-1852345635-2103911194-1630133388-1001\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
- O4 - HKUS\S-1-5-21-1852345635-2103911194-1630133388-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
- O4 - HKUS\S-1-5-21-1852345635-2103911194-1630133388-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
- O4 - HKUS\S-1-5-21-1852345635-2103911194-1630133388-1001\..\Run: [nvxasync] . (...) -- C:\Users\Knoell\AppData\Roaming\nvxasync\nvxasync.exe
- ~ Application: Scanned in 00mn 00s
- ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
- O9 - Extra button: Clavier virtuel [64Bits] - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kbrd.ico
- ~ IE Extra Buttons: Scanned in 00mn 00s
- ---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
- O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
- O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
- ~ IE Zone Confiance: Scanned in 00mn 00s
- ---\\ Modification Domaine/Adresses DNS (O17)
- O17 - HKLM\System\CCS\Services\Tcpip\..\{753265D7-75D3-4CB8-8B05-81269EC8459A}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CCS\Services\Tcpip\..\{753265D7-75D3-4CB8-8B05-81269EC8459A}: DhcpNameServer = 192.168.0.254
- O17 - HKLM\System\CCS\Services\Tcpip\..\{AEECDC70-1495-4C3F-85B5-DE5B542AC4D0}: DhcpNameServer = 192.168.0.254
- O17 - HKLM\System\CCS\Services\Tcpip\..\{EED1E010-992C-4686-893E-A5050470CE1F}: DhcpNameServer = 8.8.8.8 8.8.4.4
- O17 - HKLM\System\CS1\Services\Tcpip\..\{753265D7-75D3-4CB8-8B05-81269EC8459A}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CS1\Services\Tcpip\..\{753265D7-75D3-4CB8-8B05-81269EC8459A}: DhcpNameServer = 192.168.0.254
- O17 - HKLM\System\CS1\Services\Tcpip\..\{AEECDC70-1495-4C3F-85B5-DE5B542AC4D0}: DhcpNameServer = 192.168.0.254
- O17 - HKLM\System\CS1\Services\Tcpip\..\{EED1E010-992C-4686-893E-A5050470CE1F}: DhcpNameServer = 8.8.8.8 8.8.4.4
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
- ~ Domain: Scanned in 00mn 00s
- ---\\ Protocole additionnel (O18)
- O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
- ~ Protocole Additionnel: Scanned in 00mn 00s
- ---\\ Liste des services NT non Microsoft et non désactivés (O23)
- O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
- ~ Services: 19 Legitimates Filtered in 00mn 02s
- ---\\ Enumère les données de BootExecute (BEX) (O34)
- O34 - HKLM BootExecute: (aswBoot.exe /M:749b5d81 /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found
- ~ BEX: 2 Legitimates Filtered in 00mn 00s
- ---\\ Tâches planifiées en automatique (O39)
- [MD5.6ADBA304E2577A2A1651A59296510818] [APT] [cryptex] (...) -- C:\Users\Knoell\AppData\Local\Temp\ariana.exe [675840]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
- ~ Scheduled Task: 9 Legitimates Filtered in 00mn 01s
- ---\\ Logiciels installés (O42)
- O42 - Logiciel: Developer's Image Library - (...) [HKLM][64Bits] -- DevIL
- O42 - Logiciel: HAWKEN - (.Reloaded Games.) [HKLM][64Bits] -- Steam App 271290
- O42 - Logiciel: UwAmp (Uninstall) - (...) [HKLM][64Bits] -- UwAmp
- ~ Logic: 23 Legitimates Filtered in 00mn 00s
- ---\\ HKCU & HKLM Software Keys
- [HKCU\Software\Clubic]
- [HKCU\Software\Drivers]
- [HKCU\Software\Freejam]
- [HKCU\Software\Reg]
- [HKCU\Software\System32]
- [HKCU\Software\UwAmp]
- [HKCU\Software\VIS-Games]
- [HKCU\Software\Win]
- [HKCU\Software\¥ž!ÿ¥ž!ÿ¥ž!ÿ¥ž!ÿ¥ž!ÿ¥ž!ÿio]
- [HKLM\Software\Wow6432Node\Reg]
- ~ Key Software: 311 Legitimates Filtered in 00mn 00s
- ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
- O43 - CFD: 01/04/2015 - 11:37:54 - [] ----D C:\Program Files (x86)\Developer's Image Library
- O43 - CFD: 15/04/2015 - 09:47:21 - [] RSHAD C:\ProgramData\nvxasync
- O43 - CFD: 26/02/2015 - 19:38:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snaz
- O43 - CFD: 30/09/2013 - 05:54:53 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
- O43 - CFD: 14/03/2015 - 13:05:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UwAmp
- O43 - CFD: 20/03/2015 - 14:09:25 - [] ----D C:\Users\Knoell\AppData\Roaming\.StarMade
- O43 - CFD: 06/03/2015 - 16:57:17 - [] ----D C:\Users\Knoell\AppData\Roaming\Emodyz Life
- O43 - CFD: 15/04/2015 - 22:58:10 - [] ----D C:\Users\Knoell\AppData\Roaming\Imminent
- O43 - CFD: 15/04/2015 - 09:47:47 - [] RSHAD C:\Users\Knoell\AppData\Roaming\nvxasync
- O43 - CFD: 05/03/2015 - 02:10:57 - [] -SH-D C:\Users\Knoell\AppData\Local\EmieBrowserModeList
- O43 - CFD: 24/03/2015 - 19:30:06 - [] ----D C:\Users\Knoell\AppData\Local\pip
- O43 - CFD: 06/04/2015 - 01:34:27 - [] ----D C:\Users\Knoell\AppData\Local\Quickscope_Simulator
- O43 - CFD: 15/04/2015 - 17:29:39 - [0] ----D C:\Users\Knoell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
- O43 - CFD: 14/03/2015 - 13:05:03 - [0] ----D C:\Users\Knoell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UwAmp
- ~ Program Folder: 252 Legitimates Filtered in 00mn 00s
- ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
- O44 - LFC:[MD5.111011F4D527CE443544F7574E599BD9] - 02/04/2015 - 20:54:38 ---A- . (...) -- C:\Windows\System32\KeyboardFilterShim.sdb [2412]
- O44 - LFC:[MD5.459AEE6534F08322ECA4E9359C0CDABE] - 02/04/2015 - 20:54:53 ---A- . (.Pas de propriétaire - Application ContextH.) -- C:\Windows\System32\BWContextHandler.dll [53248]
- O44 - LFC:[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - 02/04/2015 - 20:54:59 ---A- . (.Pas de propriétaire - Gestionnaire de contexte pour réseau person.) -- C:\Windows\System32\BthpanContextHandler.dll [96256]
- O44 - LFC:[MD5.97F55D94100BA13A9C0647A4F193700A] - 02/04/2015 - 20:55:12 ---A- . (.Windows (R) Win 7 DDK provider - DSC.) -- C:\Windows\System32\DscCoreConfProv.dll [200192]
- O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 02/04/2015 - 23:39:35 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75]
- O44 - LFC:[MD5.630AD1D0E6624FE0D7B9DF6EF1EEE6BF] - 03/04/2015 - 13:05:00 ---A- . (...) -- C:\Windows\AZPR3.INI [1032]
- O44 - LFC:[MD5.0F188021C49A15BC264553C1E2D71DEC] - 08/04/2015 - 18:52:00 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [4336074]
- O44 - LFC:[MD5.B45B99B2940DEC2E830B22298D959E13] - 09/04/2015 - 01:58:18 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [29329]
- O44 - LFC:[MD5.0F484EDB4E5EDE98645C0B4EEA850258] - 09/04/2015 - 01:58:18 ---A- . (...) -- C:\Windows\System32\nvmcumd.dll [849552]
- O44 - LFC:[MD5.C9B769FE3FDB71C79ED2A58C86045327] - 13/04/2015 - 15:30:35 ---A- . (...) -- C:\Windows\DirectX.log [92939]
- O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 14/04/2015 - 19:54:35 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
- O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/04/2015 - 11:56:42 ---A- . (...) -- C:\Windows\System32\--debugoff [0]
- O44 - LFC:[MD5.69BCD9256E7101E5FE92B423A90B542E] - 15/04/2015 - 11:56:51 ---A- . (...) -- C:\Windows\System32\--traceoff [6078]
- O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/04/2015 - 15:42:41 ---A- . (...) -- C:\autoexec.bat [0]
- O44 - LFC:[MD5.66EA799A511B8A1F79D4530540A213F4] - 15/04/2015 - 15:58:16 ---A- . (...) -- C:\spyhunter.fix [2189] =>Crapware.SpyHunter
- O44 - LFC:[MD5.83C2B6D0E0847FB6E19E0D0574D84936] - 15/04/2015 - 16:29:42 ---A- . (...) -- C:\Install.log [704]
- ~ Files: 2402 Legitimates Filtered in 00mn 02s
- ---\\ Déni du service (Local Security Authority) (O48)
- ~ LSA: 3 Legitimates Filtered in 00mn 00s
- ---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
- O51 - MPSK:{25c2dafd-db12-11e4-8264-74d435abfbc8}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
- O51 - MPSK:{eda3c38e-d503-11e4-825e-74d435abfbc8}\AutoRun\command. (...) -- F:\BlacklistAutoRun.exe (.not file.)
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
- O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
- ~ TDSD: 5 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
- O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
- O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
- ~ MWPS: 17 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
- O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
- ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
- ---\\ Liste des pilotes du système (SDL) (O58)
- O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
- O58 - SDL:26/01/2015 - 18:29:28 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0).) -- C:\Windows\System32\Drivers\ptun0901.sys [27136]
- O58 - SDL:13/10/2014 - 06:57:48 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [110336]
- O58 - SDL:13/10/2014 - 06:57:48 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
- O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [206080]
- O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
- O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
- O58 - SDL:17/05/2014 - 01:42:36 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
- ~ Drivers: 65 Legitimates Filtered in 00mn 00s
- ---\\ Liste des outils de désinfection (LATC) (O63)
- O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
- ~ ADS: Scanned in 00mn 00s
- ---\\ Associations Shell Spawning (O67)
- O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
- ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
- ---\\ Menu de démarrage Internet (SMI) (O68)
- O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
- O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
- O69 - SBI: SearchScopes [HKCU] {828B376B-F2F6-4778-928C-E29EC877535E} [DefaultScope] - (SurfVox) - http://www.google.com
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche particulière à la racine du système (SPRF) (O84)
- [MD5.DB7A94BCC5CCE7AF48B01395DB3D2D33] [SPRF][15/04/2015] (...) -- C:\ProgramData\ntuser.dat [262144]
- [MD5.A3CCFD0AA0B17FD23AA9FD0D84B86C05] [SPRF][23/07/2013] (.Simon Tatham - SSH, Telnet and Rlogin client.) -- C:\Users\Knoell\Desktop\putty (1).exe [483328]
- ~ Files: 2 Legitimates Filtered in 00mn 00s
- ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
- SS - | Demand 22/07/1658 0 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\WINDOWS\system32\EasyAntiCheat.exe
- SS - | Auto 15/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Demand 15/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
- SS - | Demand 31/01/2014 887232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
- SS - | Demand 11/04/2015 1931632 | (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
- SS - | Auto 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
- SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
- SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
- SS - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- SR - | Auto 23/12/2014 193400 | (AVP15.0.2) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
- SR - | Auto 21/11/2014 393728 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
- SR - | Auto 19/11/2014 388824 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
- SR - | Auto 19/11/2014 786136 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
- SR - | Demand 27/02/2015 1272592 | (Disc Soft Lite Bus Service) . (.Disc Soft Ltd.) - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe =>.DT Soft Ltd
- SR - | Auto 28/03/2015 1152144 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
- SR - | Auto 11/04/2014 16232 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
- SR - | Demand 18/02/2014 171480 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
- SR - | Auto 20/03/2014 154584 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
- SR - | Auto 20/03/2014 398296 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
- SR - | Auto 15/10/2014 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
- SR - | Auto 28/03/2015 1878672 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
- SR - | Auto 28/03/2015 22995600 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
- SR - | Auto 08/04/2015 936264 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
- SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
- SR - | Auto 13/10/2014 743688 | (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
- SR - | Demand 14/04/2015 836288 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
- SR - | Auto 08/04/2015 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- SR - | Auto 19/03/2015 5448464 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
- SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
- SR - | Auto 25/03/2015 17720 | (XTU3SERVICE) . (.Intel(R) Corporation.) - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
- ~ Services: Scanned in 00mn 05s
- ---\\ Scan Additionnel (O88)
- Database Version : 13008 - (13/04/2015)
- Clés trouvées (Keys found) : 0
- Valeurs trouvées (Values found) : 3
- Dossiers trouvés (Folders found) : 1
- Fichiers trouvés (Files found) : 1
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Lightshot =>PUP.SkillBrains^
- C:\Users\Knoell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
- C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe =>PUP.SkillBrains^
- ~ Additionnel Scan: 241476 Items scanned in 00mn 08s
- ---\\ Informations complémentaires sur les modules
- ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
- ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
- ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
- ~ AMI: 3 Legitimates Filtered in 00mn 00s
- ---\\ Récapitulatif des détections trouvées sur votre station
- http://www.nicolascoolman.fr/blog/ =>PUP.SkillBrains
- http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
- ~ MSI: 2 link(s) detected in 00mn 00s
- ~ 3172 Legitimates filtered by white list
- End of the scan (473 lines in 00mn 32s)(0.11)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement