API tools faq
paste
Guest User

Untitled

a guest
Aug 12th, 2013
2,464
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.34 KB | None | 0 0
raw download clone embed print report
  1. Rapport de ZHPDiag v2013.8.10.15 par Nicolas Coolman, Update du 2013-08-10
  2. Run by jimmy at 2013-08-12 17:09:20
  3. WebSite: http://nicolascoolman.webs.com
  4. State :
  5. WhiteList : Enable
  6. High Elevated Privileges : OK
  7. UAC : Activate by user
  8.  
  9.  
  10. ---\\ Web Browser
  11. MSIE: Internet Explorer v10.0.9200.16635
  12. MFIE: Mozilla Firefox 22.0 (Defaut)
  13.  
  14. ---\\ Windows Product Information
  15. ~ Langage: Français
  16. Windows 8 Business Edition, 64-bit (Build 9200)
  17. Windows Server License Manager Script : OK
  18. ~ ion : Windows(R) Operating System, RETAIL channel
  19. Windows ID Activation : OK
  20. ~ Windows Partial Key : MDR9V
  21. Windows License : OK
  22. ~ Windows Remaining Initializations Number : 1000
  23. Software Protection Service (Protection logicielle) : OK
  24. Windows Automatic Updates : OK
  25. Windows Activation Technologies : OK
  26.  
  27. ---\\ System Protection
  28. Kaspersky Internet Security 2013 v13.0.1.4190
  29. Windows Defender W8
  30.  
  31. ---\\ System Optimizer
  32. CCleaner v4.02 =>Piriform Ltd
  33.  
  34. ---\\ Peer To Peer (P2P)
  35. µTorrent v2.2.1 =>P2P.µTorrent
  36.  
  37. ---\\ Software Update
  38. Adobe Flash Player 11 Plugin
  39. Java 7 Update 21
  40. Java 7 Update 25
  41.  
  42. ---\\ System Information
  43. ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
  44. ~ Operating System: 64 Bits
  45. Boot mode: Normal (Normal boot)
  46. Total RAM: 8150 MB (40% free)
  47. System Restore: Activé (Enable)
  48. System drive C: has 70 GB (29%) free of 238 GB
  49.  
  50. ---\\ Logged in mode
  51. ~ Computer Name: TOUR-JIMMY
  52. ~ User Name: jimmy
  53. ~ All Users Names: UpdatusUser, jimmy, Administrateur,
  54. ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
  55. Logged in as Administrator
  56.  
  57. ---\\ Environnement Variables
  58. ~ System Unit : C:\
  59. ~ %AppData% : C:\Users\jimmy\AppData\Roaming\
  60. ~ %Desktop% : A:\Users\jimmy\Desktop\
  61. ~ %Favorites% : C:\Users\jimmy\Favorites\
  62. ~ %LocalAppData% : C:\Users\jimmy\AppData\Local\
  63. ~ %StartMenu% : C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\
  64. ~ %Windir% : C:\Windows\
  65. ~ %System% : C:\Windows\System32\
  66.  
  67. ---\\ DOS/Devices
  68. A:\ Hard drive, Flash drive, Thumb drive (Free 1804 Go of 1863 Go)
  69. C:\ Hard drive, Flash drive, Thumb drive (Free 70 Go of 238 Go)
  70. D:\ Hard drive, Flash drive, Thumb drive (Free 546 Go of 932 Go)
  71. E:\ CD-ROM drive (Not Inserted)
  72. F:\ CD-ROM drive (Free 0 Go of 0 Go)
  73.  
  74.  
  75.  
  76. ---\\ Security Center & Tools Informations
  77. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
  78. ~ Security Center: 29 Legitimates Filtered in 00mn 00s
  79.  
  80.  
  81.  
  82. ---\\ Recherche particulière de fichiers génériques
  83. [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.2013-06-01 - 06:34:21.) -- C:\Windows\Explorer.exe [2391280]
  84. [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2012-07-25 - 22:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
  85. [MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-06-11 - 18:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
  86. [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2012-10-11 - 00:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
  87. [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.2012-07-25 - 22:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
  88. [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2012-11-05 - 22:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
  89. [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2012-07-26 - 00:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
  90. [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2012-07-25 - 21:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
  91. [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2012-07-25 - 21:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
  92. [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2012-07-25 - 21:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
  93. [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2012-09-20 - 01:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
  94. [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.2012-07-25 - 21:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
  95. [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.2012-07-25 - 21:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
  96. [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2013-02-05 - 17:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
  97. [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.2012-07-25 - 21:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
  98. [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-02-02 - 05:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
  99. [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.2012-07-25 - 21:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
  100. [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2012-07-25 - 21:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
  101. [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2012-07-25 - 21:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
  102. [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.2012-07-26 - 00:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
  103. [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2013-06-01 - 06:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
  104. ~ Generic Processes: Scanned in 00mn 00s
  105.  
  106.  
  107.  
  108. ---\\ Etat des fichiers cachés (Caché/Total)
  109. ~ Mes images (My Pictures) : 1/2
  110. ~ Mes musiques (My Musics) : 1/10
  111. ~ Mes Favoris (My Favorites) : 1/5
  112. ~ Mes Documents (My Documents) : 1/819
  113. ~ Mon Bureau (My Desktop) : 3/1806
  114. ~ Menu demarrer (Programs) : 1/36
  115. ~ Hidden Files: Scanned in 00mn 00s
  116.  
  117.  
  118.  
  119. ---\\ Processus lancés
  120. [MD5.85206BFDD3388883F49CF4E3A68B7507] - (.Stardock - ObjectDock.) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [4142448] [PID.8544]
  121. [MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376] [PID.6864]
  122. [MD5.E0D50B1D0FB4B71D7DE0ECE999C69028] - (...) -- C:\Users\jimmy\AppData\Roaming\cacaoweb\cacaoweb.exe [452608] [PID.4892] =>PUP.CacaoWeb
  123. [MD5.6B412FCE75E2B1462C71D17B6E5C1484] - (.NVIDIA Corporation - NVIDIA Update COM object.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe [1209120] [PID.2388]
  124. [MD5.F9B37EE9DEAE9A9F8F7DB35A93643829] - (...) -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\einstein_S6CasA_1.05_windows_intelx86__SSE2.exe [27028617] [PID.8056]
  125. [MD5.C8D28F8B498CADBB9445AC4545BD41B7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.7624]
  126. [MD5.E9349A03FD81B4806714A16796B5E20A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.1044]
  127. [MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.1420]
  128. [MD5.B141F8F8B0FF37FFC51F9B71EE7A641B] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432] [PID.4264]
  129. [MD5.2254B9BE2F6F2C9F3CE326051AF65425] - (.Microsoft Corporation - Microsoft Visual C++ 2010 Express.) -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe [583504] [PID.4176]
  130. [MD5.BF516883A362948A6E81886ED24796B5] - (.Microsoft Corporation - MSBuild.exe.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe [267176] [PID.7888]
  131. [MD5.DEF9F717FC22E899D5109A031D236E52] - (.Microsoft Corporation - Microsoft® Program Database.) -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\ide\mspdbsrv.exe [116048] [PID.4480]
  132. [MD5.E1FE1E146C24CE2E70824937807D59F0] - (...) -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP5_1.39_windows_intelx86__BRP5-cuda32-nv301.exe [15909382] [PID.7792]
  133. [MD5.8266B91AD9900AF3CEA7F1D7DD26CED8] - (.Microsoft Corporation - Microsoft (R) Visual C++ Package Server.) -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcpackages\VCPkgSrv.exe [100176] [PID.3996]
  134. [MD5.D8DBE084F97536D7FDE2EE9B4574FB23] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7691264] [PID.8244]
  135. ~ Processes Running: Scanned in 00mn 01s
  136.  
  137.  
  138.  
  139. ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
  140. M2 - MFEP: prefs.js [jimmy - 8ljgm7it.default\[email protected]] [] cacaoweb v1.0.30 (..) =>PUP.CacaoWeb
  141. ~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
  142.  
  143.  
  144.  
  145. ---\\ Internet Explorer, Proxy Management (R5)
  146. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  147. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
  148. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
  149. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
  150. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
  151. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
  152. ~ Proxy management: Scanned in 00mn 00s
  153.  
  154.  
  155.  
  156. ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
  157. F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
  158. F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
  159. F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
  160. ~ Keys: Scanned in 00mn 00s
  161.  
  162.  
  163.  
  164. ---\\ Redirection du fichier Hosts (O1)
  165. ~ Le fichier hosts est sain (The hosts file is clean).
  166. ~ Hosts File: Scanned in 00mn 00s
  167. ~ Nombre de lignes (Lines number): 14
  168.  
  169.  
  170.  
  171. ---\\ Applications démarrées par registre & par dossier (O4)
  172. O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
  173. O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
  174. O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
  175. O4 - HKLM\..\Run: [XboxStat] . (.Microsoft Corporation - XBoxStat.exe.) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
  176. O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
  177. O4 - HKLM\..\Run: [AgentAntidote32] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
  178. O4 - HKLM\..\Run: [AgentAntidote64] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
  179. O4 - HKLM\..\Run: [boincmgr] . (.Space Sciences Laboratory - BOINC Manager for Windows.) -- C:\Program Files\BOINC\boincmgr.exe
  180. O4 - HKLM\..\Run: [boinctray] . (.Space Sciences Laboratory - BOINC System Tray for Windows.) -- C:\Program Files\BOINC\boinctray.exe
  181. O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\steam.exe
  182. O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
  183. O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\jimmy\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
  184. O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe
  185. O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
  186. O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
  187. O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
  188. O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
  189. O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  190. O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
  191. O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
  192. ~ Application: Scanned in 00mn 00s
  193.  
  194.  
  195.  
  196. ---\\ Autres liens utilisateurs (O4)
  197. O4 - GS\Desktop: Cain.lnk . (...) -- C:\Program Files (x86)\Cain\Cain.exe (.not file.)
  198. O4 - GS\Desktop: mdcrackGUI.lnk . (...) -- C:\Program Files (x86)\mdcrackGUI\mdcrackGUI.exe (.not file.)
  199. O4 - GS\Desktop: SpeedFan.lnk . (...) -- C:\Program Files (x86)\SpeedFan\speedfan.exe (.not file.)
  200. ~ Global Startup: Scanned in 00mn 00s
  201.  
  202.  
  203.  
  204. ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
  205. O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
  206. O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
  207. ~ IE Extra Buttons: Scanned in 00mn 00s
  208.  
  209.  
  210.  
  211. ---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
  212. O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
  213. O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
  214. ~ IE Zone Confiance: Scanned in 00mn 00s
  215.  
  216.  
  217.  
  218. ---\\ Modification Domaine/Adresses DNS (O17)
  219. O17 - HKLM\System\CCS\Services\Tcpip\..\{135AB9A2-C27F-41BB-9647-FE7C3AE198E0}: DhcpNameServer = 192.168.42.129
  220. O17 - HKLM\System\CCS\Services\Tcpip\..\{49BEF726-8AE6-4FCF-B068-66C9BB4B4F23}: DhcpNameServer = 192.168.0.1
  221. O17 - HKLM\System\CCS\Services\Tcpip\..\{B164C310-6330-43D7-A18B-A52FB62F5D76}: DhcpNameServer = 216.228.208.2 209.169.131.66
  222. O17 - HKLM\System\CS1\Services\Tcpip\..\{135AB9A2-C27F-41BB-9647-FE7C3AE198E0}: DhcpNameServer = 192.168.42.129
  223. O17 - HKLM\System\CS1\Services\Tcpip\..\{49BEF726-8AE6-4FCF-B068-66C9BB4B4F23}: DhcpNameServer = 192.168.0.1
  224. O17 - HKLM\System\CS1\Services\Tcpip\..\{B164C310-6330-43D7-A18B-A52FB62F5D76}: DhcpNameServer = 216.228.208.2 209.169.131.66
  225. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.208.2 209.169.131.66
  226. ~ Domain: Scanned in 00mn 00s
  227.  
  228.  
  229.  
  230. ---\\ Protocole additionnel (O18)
  231. O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
  232. O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
  233. ~ Protocole Additionnel: Scanned in 00mn 00s
  234.  
  235.  
  236.  
  237. ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
  238. O20 - AppInit_DLLs: . (...) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.dll (.not file.)
  239. ~ AppInit DLL: Scanned in 00mn 00s
  240.  
  241.  
  242.  
  243. ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
  244. O22 - SharedTaskScheduler: (no name) [64Bits] - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (.not file.)
  245. ~ STS/SSO: Scanned in 00mn 00s
  246.  
  247.  
  248.  
  249. ---\\ Tâches planifiées en automatique (O39)
  250. O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [222]
  251. [MD5.0ED398A4D031B9CFB10E3FEDF97AD836] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS.exe [614400] =>Trojan.Keygen
  252. [MD5.AE022945810805E64C94E08106801566] [APT] [Hybrid] (...) -- C:\IORRT\IORRT.bat [855]
  253. [MD5.AE022945810805E64C94E08106801566] [APT] [IORRT] (...) -- C:\IORRT\IORRT.bat [855]
  254. ~ Scheduled Task: 8 Legitimates Filtered in 00mn 02s
  255.  
  256.  
  257.  
  258. ---\\ Pilotes lancés au démarrage (O41)
  259. O41 - Driver: (lmimirr) . (. - .) - C:\Windows\system32\DRIVERS\lmimirr.sys (.not file.)
  260. ~ Drivers: 46 Legitimates Filtered in 00mn 00s
  261.  
  262.  
  263.  
  264. ---\\ Logiciels installés (O42)
  265. O42 - Logiciel: Dragon Nest Europe - (...) [HKLM][64Bits] -- Dragon Nest Europe
  266. O42 - Logiciel: Qubicle Constructor Basic Edition version 1.6 - (.Minddesk.) [HKLM][64Bits] -- {6B693F37-43D8-448C-8FEA-688AC8778203}_is1
  267. ~ Logic: 148 Legitimates Filtered in 00mn 00s
  268.  
  269.  
  270.  
  271. ---\\ HKCU & HKLM Software Keys
  272. [HKCU\Software\Apricorn]
  273. [HKCU\Software\DefaultCompany]
  274. [HKCU\Software\Eric Haines]
  275. [HKCU\Software\MT2Float]
  276. [HKCU\Software\VCMP]
  277. [HKCU\Software\cacaoweb] =>PUP.CacaoWeb
  278. [HKCU\Software\xcd]
  279. [HKLM\Software\Wow6432Node\InstallIQ]
  280. ~ Key Software: 252 Legitimates Filtered in 00mn 00s
  281.  
  282.  
  283.  
  284. ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
  285. O43 - CFD: 2013-07-03 - 21:25:17 - [0,151] ----D C:\Program Files (x86)\1-click run
  286. O43 - CFD: 2013-03-25 - 11:03:45 - [42,192] ----D C:\Program Files (x86)\Jts
  287. O43 - CFD: 2013-07-03 - 21:26:00 - [1368,899] ----D C:\Program Files (x86)\Kerbal Space Program 0.20.2
  288. O43 - CFD: 2013-06-08 - 16:12:45 - [8,921] ----D C:\Program Files (x86)\Qubicle Constructor Basic Edition
  289. O43 - CFD: 2013-07-13 - 14:24:27 - [0] ----D C:\ProgramData\APN
  290. O43 - CFD: 2013-07-04 - 10:30:49 - [0] ----D C:\ProgramData\Picroma
  291. O43 - CFD: 2013-05-05 - 14:10:51 - [0] ----D C:\ProgramData\tools4meta
  292. O43 - CFD: 2013-06-08 - 16:20:30 - [57,316] ----D C:\Users\jimmy\AppData\Roaming\.FriendlyCube
  293. O43 - CFD: 2013-06-30 - 11:54:37 - [0,000] ----D C:\Users\jimmy\AppData\Roaming\.StarMade =>Toolbar.Tarma
  294. O43 - CFD: 2013-08-12 - 05:54:48 - [0,432] ----D C:\Users\jimmy\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
  295. O43 - CFD: 2013-08-10 - 10:25:48 - [0,002] ----D C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
  296. ~ Program Folder: 205 Legitimates Filtered in 00mn 02s
  297.  
  298.  
  299.  
  300. ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
  301. O44 - LFC:[MD5.85F6CF34209CFE9FDE2337F08FAE09F9] - 2013-08-10 - 19:49:59 ---A- . (...) -- C:\Windows\AutoKMS.log [2537]
  302. O44 - LFC:[MD5.FBD5FF1BB12E5497C3E7170BA0D8B905] - 2013-08-10 - 19:56:53 ---A- . (...) -- C:\Windows\DirectX.log [1054]
  303. O44 - LFC:[MD5.9C0458C93226459B4880F4E358913B6A] - 2013-08-12 - 09:58:43 ---A- . (...) -- C:\Windows\ntbtlog.txt [173194]
  304. ~ Files: 20 Legitimates Filtered in 00mn 16s
  305.  
  306.  
  307.  
  308. ---\\ MountPoints2 Shell Key (O51)
  309. O51 - MPSK:{1af3c95d-ca12-11e2-bee2-fccd7fd14889}\AutoRun\command. (.HTC - HTC Sync Manager.) -- F:\HTC_Sync_Manager_PC.exe
  310. O51 - MPSK:{24428d8b-d54d-11e2-bee8-902b343e70bb}\AutoRun\command. (.HTC - HTC Sync Manager.) -- F:\HTC_Sync_Manager_PC.exe
  311. ~ Keys: Scanned in 00mn 00s
  312.  
  313.  
  314.  
  315. ---\\ Microsoft Windows Policies System (O55)
  316. O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
  317. O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
  318. O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
  319. ~ MWPS: 18 Legitimates Filtered in 00mn 00s
  320.  
  321.  
  322.  
  323. ---\\ Microsoft Windows Policies Explorer (O56)
  324. O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
  325. ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
  326.  
  327.  
  328.  
  329. ---\\ Liste des Drivers Système (O58)
  330. O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 2012-07-26 - 00:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
  331. O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 2009-03-18 - 17:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
  332. ~ Drivers: Scanned in 00mn 00s
  333.  
  334.  
  335.  
  336. ---\\ Liste des outils de nettoyage (O63)
  337. O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
  338. ~ ADS: Scanned in 00mn 00s
  339.  
  340.  
  341.  
  342. ---\\ Start Menu Internet (O68)
  343. O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  344. O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
  345. ~ Keys: Scanned in 00mn 00s
  346.  
  347.  
  348.  
  349. ---\\ Search Browser Infection (O69)
  350. O69 - SBI: prefs.js [jimmy - 8ljgm7it.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
  351. O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
  352. ~ Keys: Scanned in 00mn 00s
  353.  
  354.  
  355.  
  356. ---\\ Recherche particuliere à la racine de certains dossiers (O84)
  357. [MD5.48C8BA301BAD0C4A23AB3DCBA2A29F69] [SPRF][2013-06-21] (.NVIDIA Corporation - NVIDIA 3D Vision plugin.) -- C:\Users\jimmy\AppData\Local\Temp\nv3DVStreaming.dll [575984]
  358. [MD5.C6A168DEAA5C3090A8399E16CE0EA592] [SPRF][2013-06-21] (.NVIDIA Corporation - NVIDIA 3D Vision Control Panel API.) -- C:\Users\jimmy\AppData\Local\Temp\nvSCPAPI.dll [1154832]
  359. [MD5.F356B874D7C6C20FFF08B2CA923811DF] [SPRF][2013-06-21] (.NVIDIA Corporation - NVIDIA 3D Vision Control Panel 64bit API.) -- C:\Users\jimmy\AppData\Local\Temp\nvSCPAPI64.dll [1330968]
  360. [MD5.2222073BE0232E70A397B8302293AA9D] [SPRF][2013-06-21] (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Users\jimmy\AppData\Local\Temp\nvSCPAPISvr.exe [413472]
  361. [MD5.A6876FDC7216B1FAEE1335E4AA361240] [SPRF][2013-06-21] (.NVIDIA Corporation - NVIDIA API 3D Vision extention.) -- C:\Users\jimmy\AppData\Local\Temp\nvStereoApiI.dll [361744]
  362. [MD5.359F134350EA329A7C14E97D649EB1FA] [SPRF][2013-06-21] (.NVIDIA Corporation - Stereoscpic 3D driver Installer API.) -- C:\Users\jimmy\AppData\Local\Temp\nvStInst.exe [787232]
  363. [MD5.7E7EB7AFF595774E5E500B34058CC1A7] [SPRF][2013-07-18] (...) -- C:\Users\jimmy\AppData\Local\Temp\sfamcc00001.dll [192512]
  364. [MD5.F0E142B1EF4006222863D4E4A0B952B7] [SPRF][2012-12-16] (...) -- C:\Users\jimmy\AppData\Local\Temp\sfextra.dll [55296]
  365. [MD5.1B1D86A574E842946E5D5317892B45C5] [SPRF][2013-08-05] (.Skype Technologies S.A. - Skype.) -- C:\Users\jimmy\AppData\Local\Temp\SkypeSetup.exe [31954536]
  366. [MD5.06D5E5E952C61923C9D24C83E7FE1F45] [SPRF][2013-08-10] (...) -- C:\Users\jimmy\AppData\Local\Temp\vlc-2.0.7-win32.exe [22937227]
  367. [MD5.6C269C7F629DEED724ED32F931E384A1] [SPRF][2013-05-08] (...) -- A:\Users\jimmy\Desktop\FriendlyCubeLauncher-v2.1.exe [328941]
  368. [MD5.501E26080BFF03563B4A691C3B39A007] [SPRF][2013-07-16] (.techPowerUp (www.techpowerup.com) - GPU-Z - Video card Information Utility.) -- A:\Users\jimmy\Desktop\GPU-Z.0.7.2.exe [1344480]
  369. [MD5.0F1931E26C21219DB1C90E90037F11F6] [SPRF][2011-07-14] (...) -- A:\Users\jimmy\Desktop\Minecraft.exe [270142]
  370. [MD5.EEC8A9F1E71D8D66B4DE0DAAB316E75F] [SPRF][2013-01-16] (.Nattyware - The ultimate colour picker.) -- A:\Users\jimmy\Desktop\pixie.exe [11776]
  371. [MD5.26CEEF9B9FE30A2430266B0E085A6EDE] [SPRF][2013-06-30] (...) -- A:\Users\jimmy\Desktop\StarMade-starter.exe [1148298] =>Toolbar.Tarma
  372. ~ Files: Scanned in 00mn 06s
  373.  
  374.  
  375.  
  376. ---\\ Firewall Active Exception List (FirewallRules) (O87)
  377. O87 - FAEL: "{796B0D27-A252-4D3E-B603-1D489A160B06}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\Dragon Nest Europe\DragonNest.exe
  378. O87 - FAEL: "{7EDE3E0A-7679-4A01-B081-93F4D64B4C30}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\Dragon Nest Europe\DragonNest.exe
  379. ~ Firewall: 287 Legitimates Filtered in 00mn 19s
  380.  
  381.  
  382.  
  383. ---\\ Windows Installer Scan (O93) (NTFS)
  384. [MD5.73122534D527893BDEFD1F707FFB34F6] [WIS][2013-08-05] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\13e85d.msi [21803008]
  385. [MD5.99E620B9DFC24F35B33865BAA98DAE54] [WIS][2013-07-10] (.Space Sciences Laboratory, U.C. Berkeley - BOINC.) -- C:\Windows\Installer\145d892.msi [9222656]
  386. [MD5.9314BD51CD2E85ED6B8B0DDE55F2DD62] [WIS][2013-06-04] (.HTC Corporation - HTC Driver.) -- C:\Windows\Installer\168fc579.msi [17349888]
  387. [MD5.96E6D181192A995214493A6828E4287D] [WIS][2012-12-07] (.HTC - .) -- C:\Windows\Installer\168fc57f.msi [576512]
  388. [MD5.2BFD52D320118466A39949B797D9C4AD] [WIS][2012-09-12] (.Kaspersky Lab - Kaspersky Internet Security 2013.) -- C:\Windows\Installer\2f4f7e4.msi [2789376]
  389. [MD5.3BEA739AF7E8189D713E28A0100E0DFA] [WIS][2013-07-03] (.LogMeIn, Inc. - LogMeIn Hamachi Installer.) -- C:\Windows\Installer\3eb2.msi [4296704]
  390. [MD5.71E8D3D1679A9D803302FF2923406DEF] [WIS][2013-05-05] (.Pete Shinners, Rene Dudfield, Marcus von Ap - Python 3.2 pygame-1.9.2a0.) -- C:\Windows\Installer\4be168c.msi [6422528]
  391. [MD5.075AFFBDFC36C956D9C2176B215F7F16] [WIS][2009-09-30] (.Microsoft - Microsoft Xbox 360 Accessories.) -- C:\Windows\Installer\7dd0209.msi [1219584]
  392. [MD5.5102694E49576312C0AF6E1CDB85D3F3] [WIS][2013-07-06] (.GIGABYTE Technology Co.,Ltd. - GIGABYTE OC_GURU II.) -- C:\Windows\Installer\c134268.msi [12881920]
  393. [MD5.73792BA1B556400D5DF1444853235DB7] [WIS][2013-01-30] (.Logitech Inc - Logitech Gaming Software.) -- C:\Windows\Installer\c301dd9.msi [188928]
  394. ~ WIS: 109 Legitimates Filtered in 00mn 09s
  395.  
  396.  
  397.  
  398. ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
  399. SS - | Demand 2013-07-18 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  400. SR - | Auto 2012-12-02 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
  401. SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  402. SR - | Auto 2012-11-21 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
  403. SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
  404. SR - | Auto 2013-06-28 2470736 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
  405. SS - | Demand 2005-11-14 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  406. SR - | Auto 2012-07-27 636952 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
  407. SS - | Demand 2013-05-31 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
  408. SR - | Auto 2012-08-09 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
  409. SR - | Auto 2012-08-09 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  410. SR - | Auto 2013-08-04 2650960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
  411. SS - | Demand 2013-07-02 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
  412. SR - | Auto 2013-07-27 14984480 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
  413. SR - | Auto 2013-06-21 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
  414. SR - | Auto 2013-07-27 1889568 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
  415. SR - | Auto 167424 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
  416. SR - | Auto 0 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
  417. SS - | Auto 2013-06-21 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
  418. SS - | Demand 2013-07-26 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  419. SS - | Demand 2010-02-19 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
  420. SR - | Auto 2012-08-09 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  421. SS - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
  422. SS - | Demand 2012-09-20 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  423. ~ Services: Scanned in 00mn 09s
  424.  
  425.  
  426.  
  427. ---\\ Scan Additionnel (O88)
  428. Database Version : v2.12849 - (2013-08-10)
  429. Clés trouvées (Keys found) : 2
  430. Valeurs trouvées (Values found) : 1
  431. Dossiers trouvés (Folders found) : 4
  432. Fichiers trouvés (Files found) : 4
  433.  
  434. [HKCU\Software\cacaoweb] =>PUP.CacaoWeb
  435. [HKLM\Software\Wow6432Node\InstallIQ] =>Toolbar.Agent
  436. [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
  437. C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\8ljgm7it.default\[email protected] =>PUP.CacaoWeb^
  438. C:\Users\jimmy\AppData\Roaming\.StarMade =>Toolbar.Tarma^
  439. C:\Users\jimmy\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
  440. C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\8ljgm7it.default\Extensions\[email protected] =>PUP.CacaoWeb
  441. C:\Users\jimmy\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^
  442. C:\WINDOWS\AutoKMS.exe =>Trojan.Keygen^
  443. A:\Users\jimmy\Desktop\StarMade-starter.exe =>Toolbar.Tarma^
  444. C:\Windows\AutoKMS.exe =>Trojan.Keygen
  445. ~ Additionnel Scan: 515406 Items scanned in 00mn 21s
  446.  
  447.  
  448.  
  449. ---\\ Récapitulatif des détections trouvées sur votre station
  450. ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb
  451. ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
  452. ~ MSI: 2 link(s) detected in 00mn 21s
  453.  
  454.  
  455.  
  456. ~ 1136 Legitimates filtered by white list
  457. End of the scan (456 lines in 01mn 38s)(0)
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!