Posté le 11 juin 2015
Télécharger | Reposter | Largeur fixe

~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par djeboudienne (11/06/2015 19:00:09)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17843 (Defaut)
MFIE: Mozilla Firefox 36.0.1
GCIE: Google Chrome v43.0.2357.124

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.1.6.1022
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3818 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 601 GB (87%) free of 684 GB

---\\ Mode de connexion au système
~ Computer Name: DJEBOUDIENNE-PC
~ User Name: djeboudienne
~ All Users Names: HomeGroupUser$, djeboudienne, Administrateur, adama,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\DJEBOUDIENNE\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DJEBOUDIENNE\AppData\Roaming\
~ %Desktop% : C:\Users\DJEBOUDIENNE\Desktop\
~ %Favorites% : C:\Users\DJEBOUDIENNE\Favorites\
~ %LocalAppData% : C:\Users\DJEBOUDIENNE\AppData\Local\
~ %StartMenu% : C:\Users\DJEBOUDIENNE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 601 Go of 684 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/05/2015 - 18:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/750
~ Mes musiques (My Musics) : 1/17
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/417
~ Mon Bureau (My Desktop) : 1/59
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.4656]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.4196]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1536]
[MD5.650D03E40F93FAE323CB841F80368E5C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744] [PID.1588]
[MD5.FB51E8E39E3FDB6757874653B743BE72] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576] [PID.1692]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1836]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1884]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1916]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2036]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.1276]
[MD5.9DB596995A20B8C636ED8763AD942361] - (.RaMMicHaeL - Unchecky Service.) -- C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600] [PID.1568]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\djeboudienne\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\DJEBOUDIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\m5jf4yyu.default\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 20 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (39)
~ Hosts File: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\keyscrambler.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E7AAC68-F205-415E-871B-3C95672EAE1E}: DhcpNameServer = 192.168.55.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E7AAC68-F205-415E-871B-3C95672EAE1E}: DhcpNameServer = 192.168.55.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E7AAC68-F205-415E-871B-3C95672EAE1E}: DhcpNameServer = 192.168.55.55
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.55.55
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [LU0MeXBoySmrnNh] (...) -- C:\Users\djeboudienne\AppData\Roaming\cwkWjYs\ugLCumK.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ok3BfsdBYKabubw] (...) -- C:\Users\djeboudienne\AppData\Roaming\fgOpJxj\ApurtBQ.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [P4vSybTQdrifD4l] (...) -- C:\Users\djeboudienne\AppData\Roaming\dOfeHoO\1s9qcyl.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [WIN-fdfEfEfAfC] (...) -- C:\Users\djeboudienne\AppData\Roaming\~xepxjqb.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [WIN-GGfIfEGCfEGbGffIfCfEGC] (...) -- C:\Users\djeboudienne\AppData\Roaming\~nmxpscg.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 16s



---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced-System Protector - (.systweak.com.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~34F3174E_is1 =>PUP.AdvancedSystemProtector
O42 - Logiciel: RemoveAds version 1.7 - (.Major Share (MajorShare.com).) [HKLM][64Bits] -- {4C2C4F53-32C7-4B0E-9FF9-06D1F9255303}_is1
O42 - Logiciel: Right Backup - (.Systweak Software.) [HKLM][64Bits] -- 980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1 =>PUP.Systweak
~ Logic: 25 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\BtOB]
[HKCU\Software\F8jSjYiwHOlFkAZRRnwVLyn]
[HKCU\Software\OB]
[HKCU\Software\Pro PC Cleaner] =>PUP.DoctorPC
[HKCU\Software\Reg]
[HKCU\Software\w0UKZ3Vhvq5yLS06jmmVdNm]
[HKCU\Software\yellow cabs]
[HKCU\Software\yellowcabs]
[HKLM\Software\AdsFix]
[HKLM\Software\MerciJacquieMichel]
[HKLM\Software\Wow6432Node\AdsFix]
[HKLM\Software\Wow6432Node\Pro PC Cleaner] =>PUP.DoctorPC
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SOSVirus]
[HKLM\Software\Wow6432Node\WinU]
[HKLM\Software\Wow6432Node\mamverifier]
[HKLM\Software\Wow6432Node\troll]
~ Key Software: 276 Legitimates Filtered in 00mn 04s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/05/2015 - 11:40:28 - [0] ----D C:\Program Files (x86)\6c787ad1-88a8-47ce-9719-4771a4fafe1f
O43 - CFD: 20/05/2015 - 11:40:28 - [0] ----D C:\Program Files (x86)\93dabc92-2c3c-49f6-b30b-6fb9e1094381
O43 - CFD: 20/05/2015 - 11:40:30 - [0] ----D C:\Program Files (x86)\dd6e59eb-82c3-42fe-b1d6-b98436d1112e
O43 - CFD: 20/05/2015 - 11:40:31 - [0] ----D C:\Program Files (x86)\f9481e41-3246-487b-ad8a-f8aa6e65596b
O43 - CFD: 28/05/2015 - 23:34:54 - [0] ----D C:\Program Files (x86)\GUM339E.tmp
O43 - CFD: 20/05/2015 - 13:25:54 - [] ----D C:\Program Files (x86)\RemoveAds
O43 - CFD: 26/11/2014 - 15:12:04 - [] ----D C:\ProgramData\atjs
O43 - CFD: 19/10/2014 - 17:48:49 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 18/05/2015 - 21:23:42 - [] ----D C:\ProgramData\Radio
O43 - CFD: 20/05/2015 - 13:25:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoveAds
O43 - CFD: 21/11/2010 - 09:16:41 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 18/05/2015 - 19:46:40 - [0] ----D C:\Users\DJEBOUDIENNE\AppData\Roaming\VAXR0vX
O43 - CFD: 10/05/2015 - 19:33:32 - [] -SH-D C:\Users\DJEBOUDIENNE\AppData\Local\EmieBrowserModeList
~ Program Folder: 221 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.08B90494CC1434253246CC784457AF8E] - 01/06/2015 - 17:29:26 ---A- . (...) -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [117712]
O44 - LFC:[MD5.153E12A8CE46F4A53D48868B411BB2AA] - 03/06/2015 - 13:26:28 ---A- . (...) -- C:\Windows\wininit.ini [124]
~ Files: 95 Legitimates Filtered in 00mn 41s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\3D BubbleSound [Key] . (...) -- C:\Program Files\BubbleSound\3D BubbleSound.exe (.not file.) =>PUP.BubbleSound
O53 - SMSR:HKLM\...\startupreg\DesktopSearch [Key] . (...) -- C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files (x86)\Optimizer Pro 3.89\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
O53 - SMSR:HKLM\...\startupreg\Super Optimizer [Key] . (...) -- C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe (.not file.) =>PUP.SuperOptimizer
O53 - SMSR:HKLM\...\startupreg\WinCheck [Key] . (...) -- C:\Users\djeboudienne\AppData\Local\83945243-1431283573-E111-B639-DC0EA129A2C0\bnsqB039.exe (.not file.) =>PUP.Wincheck
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:26/02/2014 - 21:15:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:26/02/2014 - 21:15:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:20/05/2015 - 10:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35064]
O58 - SDL:15/08/2014 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 71 Legitimates Filtered in 00mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <OperaStable>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] C5C4BFDAA08F4D509AC6C18E84B8241D - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {79416D7A-5DB4-4CE4-AC1E-557C8FAC40AF} - ((www.google.com) Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D34E24CA0EFC1DA681988A3057728C18] [SPRF][19/06/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.1036E3DDDC89A4E68D8A33F3823A180E] [SPRF][30/10/2014] (...) -- C:\Users\DJEBOUDIENNE\AppData\Roaming\appdataFr2.bin [4]
[MD5.2C76A991B212228538AB262ECF74C12C] [SPRF][17/05/2015] (...) -- C:\Users\DJEBOUDIENNE\AppData\Roaming\appdataFr3.bin [20]
[MD5.26D6CBBE3EBF3AD66E7FB55095F2293B] [SPRF][18/05/2015] (.SosVirus - AdsFix.) -- C:\Users\DJEBOUDIENNE\Desktop\AdsFix.exe [2548360]
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][11/01/2014] (...) -- C:\Users\DJEBOUDIENNE\Desktop\adwcleaner-1.606-en(1).exe [581957]
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][11/01/2014] (...) -- C:\Users\DJEBOUDIENNE\Desktop\adwcleaner-1.606-en.exe [581957]
[MD5.B86FCD73239FE50A2F1266807D8CCC23] [SPRF][20/05/2015] (.SosVirus - Pre_Scan.) -- C:\Users\DJEBOUDIENNE\Desktop\Pre_Scan.exe [3317896]
~ Files: 9 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.2174C365924225E83957CE5A28FEF66B] [WIS][01/03/2014] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\11b9369.msi [21504] =>Adware.SocialSkinz
[MD5.F3E0BCAC0A50EA3B7571407A7DA325C7] [WIS][17/05/2015] (.globalupdate - globalupdate.) -- C:\Windows\Installer\14e2a5.msi [32768] =>PUP.GlobalUpdate
[MD5.2614B138D91B9747145419837F5761C9] [WIS][14/07/2014] (.Pro PC Cleaner - Pro PC Cleaner.) -- C:\Windows\Installer\14e2aa.msi [1623040] =>PUP.DoctorPC
~ WIS: 3 Legitimates Filtered in 00mn 20s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32 =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASMANCS =>PUP.NetEngine
~ BTK: 31 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 26/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 06/07/2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 21/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/10/2014 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 06/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/05/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/10/2014 60744 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 28/01/2015 1349576 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 14/04/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 01/06/2015 164600 | (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 41s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~34F3174E_is1] =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1] =>PUP.Systweak^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\3D BubbleSound] =>PUP.BubbleSound^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] =>PUP.OptimizerPro^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Super Optimizer] =>PUP.SuperOptimizer^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\WinCheck] =>PUP.Wincheck^
C:\Program Files (x86)\Software =>Adware.Boxore
[HKCU\Software\Pro PC Cleaner] =>PUP.DoctorPC^
[HKLM\Software\Wow6432Node\Pro PC Cleaner] =>PUP.DoctorPC^
C:\Windows\Installer\11b9369.msi =>Adware.SocialSkinz^
C:\Windows\Installer\14e2a5.msi =>PUP.GlobalUpdate^
C:\Windows\Installer\14e2aa.msi =>PUP.DoctorPC^
~ Additionnel Scan: 296243 Items scanned in 02mn 06s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://www.nicolascoolman.fr/blog/ =>PUP.Systweak
http://www.nicolascoolman.fr/blog/ =>PUP.DoctorPC
http://www.nicolascoolman.fr/blog/ =>PUP.BubbleSound
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://www.nicolascoolman.fr/blog/ =>PUP.Wincheck
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.NetEngine
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
~ MSI: 12 link(s) detected in 00mn 00s



~ 972 Legitimates filtered by white list
End of the scan (440 lines in 06mn 53s)(0.11)

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.