Aller au contenu

nicol-54

Membres
  • Compteur de contenus

    5
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    fr ch rng

nicol-54's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. merci !! voici le rapport Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014 Fichier d'export Registre : C:\Users\rthomas\AppData\Roaming\ZHP\ZHPExportRegistry-22-03-2014-19-37-56.txt Run by rthomas at 22/03/2014 19:35:41 High Elevated Privileges : OK Windows 8 Business Edition, 64-bit (Build 9200) Corbeille vidée (00mn 01s) ========== Clés du Registre ========== SUPPRIMÉ: Service: sysTPLMonitor.exe SUPPRIMÉ: Service: sysTPLService.exe SUPPRIMÉ CLSID MPSK: {e5182b9b-1fa3-11e3-be70-b00594f34c70} ========== Valeurs du Registre ========== SUPPRIMÉ RunValue: sysTPL ProxyFix : Configuration proxy supprimée avec succès SUPPRIMÉ ProxyServer Value SUPPRIMÉ ProxyEnable Value SUPPRIMÉ EnableHttp1_1 Value SUPPRIMÉ ProxyHttp1.1 Value SUPPRIMÉ ProxyOverride Value Aucune Valeur Standard Profile: FirewallRaz : Aucune Valeur Domain Profile: FirewallRaz : ========== Eléments de donnée du Registre ========== SUPPRIMÉ: R1 Search Page = ========== Dossiers ========== Aucun dossiers CLSID Local utilisateur vide ========== Fichiers ========== SUPPRIMÉ Redémarrage: c:\program files (x86)\systpl\systplmonitor.exe SUPPRIMÉ: c:\users\public\desktop\worknc v22.05 (64bits).lnk SUPPRIMÉ: c:\worknc22\procdos\runwncexe.bat SUPPRIMÉ: c:\users\rthomas\appdata\roaming\microsoft\internet explorer\quick launch\worknc v22.05 (32bits).lnk SUPPRIMÉ: c:\users\rthomas\desktop\continue zip extractor installation.lnk SUPPRIMÉ: c:\users\rthomas\appdata\local\temp\icreinstall_zipextractorsetup.exe SUPPRIMÉS Temporaires Windows (197) (15 654 682 octets) ========== Restauration Système ========== Point de restauration du système créé avec succès ========== Autre ========== NON TRAITÉ O4 - HKUS\S-1-5-21\..\Run: [resource] Clé orpheline NON TRAITÉ O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Clé orpheline ========== Récapitulatif ========== 3 : Clés du Registre 9 : Valeurs du Registre 1 : Eléments de donnée du Registre 1 : Dossiers 7 : Fichiers 1 : Restauration Système 2 : Autre End of clean in 00mn 02s ========== Chemin de fichier rapport ========== C:\Users\rthomas\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/03/2014 16:02:39 [1892] C:\Users\rthomas\AppData\Roaming\ZHP\ZHPFix[R2].txt - 22/03/2014 19:35:42 [2111] et encore merci
  2. ~ Rapport de ZHPDiag v2014.3.22.24 - Nicolas Coolman (22/03/2014) ~ Lancé par rthomas (22/03/2014 17:41:31) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16843 MFIE: Mozilla Firefox 27.0.1 (Defaut) GCIE: Google Chrome v33.0.1750.154 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8 Pro, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows® Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : GJCMP Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.06 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8076 MB (68% free) System Restore: Activé (Enable) System drive C: has 53 GB (49%) free of 108 GB ---\\ Mode de connexion au système ~ Computer Name: RTHOMAS-P8-1 ~ User Name: rthomas ~ All Users Names: UpdatusUser, rthomas, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\rthomas\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\rthomas\AppData\Roaming\ ~ %Desktop% : C:\Users\rthomas\Desktop\ ~ %Favorites% : C:\Users\rthomas\Favorites\ ~ %LocalAppData% : C:\Users\rthomas\AppData\Local\ ~ %StartMenu% : C:\Users\rthomas\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 108 Go) D: Hard drive, Flash drive, Thumb drive (Free 465 Go of 466 Go) E: CD-ROM drive (Not Inserted) Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/02/2014 - 09:13:41.) -- C:\Windows\System32\wininet.dll [2241536] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.07/09/2013 - 17:42:56.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.07/09/2013 - 17:44:13.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.07/09/2013 - 17:44:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 1/89 ~ Mon Bureau (My Desktop) : 1/227 ~ Menu demarrer (Programs) : 1/22 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.224F6B374852153C8C24BED141AE3A20] - (...) -- ysWOW64\RunDll32.exe [0] [PID.5604] [MD5.139C3E683C64935D397A3A656D443E29] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928] [PID.5612] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5884] [MD5.F419E9A607B79DAB0AC93119016E8342] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136] [PID.6372] [MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240] [PID.6728] [MD5.D2512647A82BFCCE0135809C2DD2ED14] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe [493656] [PID.5168] [MD5.253EB69F697FCCFEFCE49335301EF3A1] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4124760] [PID.2440] [MD5.87BCA29FD741011AD2994137CD6DCCC7] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.exe [18919080] [PID.2784] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.388] [MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.7808] [MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.416] [MD5.1E69A61B1451FC8941097750F56579C8] - (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.exe [25700512] [PID.8312] [MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.3308] [MD5.E4758FC252A5014DA6A6CB7AE57DAD7C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8252416] [PID.6656] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\rthomas\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [user Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ~ Google Browser: 10 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Dell Backup and Recovery.lnk . (.SoftThinks - Dell - Dell Backup And Recovery.) -- C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: WorkNC V22.05 (64bits).lnk . (...) -- C:\WorkNC22\procdos\runwncexe.bat C:\WorkNC22\wnc-cad64\worknc.exe (.not file.) O4 - GS\Desktop [Public]: WorkXPlore x64.lnk . (.Sescoi - WorkXPlore3D.) -- C:\Program Files\Vero Software\WorkXPlore 4 x64\WorkXPlore.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [rthomas]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [rthomas]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [rthomas]: WorkNC V22.05 (32bits).lnk . (...) -- C:\WorkNC22\procdos\runwncexe.bat C:\WorkNC22\wnc-cad\worknc.exe (.not file.) O4 - GS\QuickLaunch [rthomas]: WorkNC V22.05 (64bits).lnk . (...) -- C:\WorkNC22\procdos\runwncexe.bat C:\WorkNC22\wnc-cad64\worknc.exe (.not file.) O4 - GS\TaskBar [rthomas]: Excel 2013.lnk . (...) -- C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.exe (.not file.) O4 - GS\TaskBar [rthomas]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [rthomas]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [rthomas]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [rthomas]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [rthomas]: Continue Zip Extractor Installation.lnk . (...) -- C:\Users\rthomas\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe O4 - GS\QuickLaunch [Administrateur]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Global Startup: 57 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: Bluetooth.lnk . (...) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.) O4 - GS\Startup [updatusUser]: Smart Settings.lnk . (...) -- C:\Program Files (x86)\Dell\Feature Enhancement Pack\SmartSettings.exe (.not file.) O4 - GS\Startup [rthomas]: Smart Settings.lnk . (...) -- C:\Program Files (x86)\Dell\Feature Enhancement Pack\SmartSettings.exe (.not file.) O4 - GS\Startup [Administrateur]: Smart Settings.lnk . (...) -- C:\Program Files (x86)\Dell\Feature Enhancement Pack\SmartSettings.exe (.not file.) O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe O4 - HKLM\..\Run: [TdmNotify] . (.Wave Systems Corp. - Trusted Drive Manager User Notifier.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe O4 - HKLM\..\Run: [DFEPApplication] . (.Dell Inc. - Dell Feature Enhancement Pack.) -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [intelPROSet] . (.Intel® Corporation - Intel® PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [sysTPL] C:\Program Files (x86)\sysTPL\sysTPL.exe (.not file.) =>PUP.sysTPL O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKUS\S-1-5-21\..\Run: [resource] Clé orpheline O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Clé orpheline ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.) O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5F065A30-C660-4745-94A4-540BF92B8B15}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{A3AB6926-A892-4D4F-AD7E-B0ED47DE4465}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F466FF89-0EA3-4D10-A2C5-7D7860F97651}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5F065A30-C660-4745-94A4-540BF92B8B15}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{A3AB6926-A892-4D4F-AD7E-B0ED47DE4465}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{F466FF89-0EA3-4D10-A2C5-7D7860F97651}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: spba . (...) -- C:\Program Files\Common Files\SPBA\homefus2.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: EmbassyService (EmbassyService) . (.Pas de propriétaire - EmbassyServer Application.) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe ~ Services: 30 Legitimates Filtered in 00mn 02s ---\\ Logiciels installés (O42) O42 - Logiciel: L2 Dealer - (.Market Data Ltd.) [HKLM][64Bits] -- {B1F8DC8D-8A3F-474B-9E44-B19E31A37017} O42 - Logiciel: WorkNC-LicenseServer 22 - (.Sescoi.) [HKLM][64Bits] -- {9AA66DCE-92D4-4EF7-ADAE-BAD5E7F144EE}_is1 O42 - Logiciel: WorkXPlore 4.0 x64 - (.Vero Software.) [HKLM][64Bits] -- {5DEA70EC-5379-4E87-AAA0-37118A2CA050}_is1 ~ Logic: 24 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKLM\Software\Wow6432Node\Market Data Ltd] [HKLM\Software\Wow6432Node\Sescoi] ~ Key Software: 225 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 05/10/2013 - 17:01:59 - [52,305] ----D C:\Program Files (x86)\Market Data Ltd O43 - CFD: 03/02/2014 - 14:15:57 - [0,001] ----D C:\ProgramData\WorkXPlore3D O43 - CFD: 21/01/2014 - 18:45:51 - [0] ----D C:\Users\rthomas\AppData\Roaming\WorkXPlore3D ~ Program Folder: 129 Legitimates Filtered in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{e5182b9b-1fa3-11e3-be70-b00594f34c70}\AutoRun\command. (...) -- F:\SFRLauncher.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800] O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568] O58 - SDL:[MD5.F03B03AA7A18DEB0538D242F1DA01481] - 13/07/2012 - 15:31:18 ---A- . (.ST Microelectronics - Disk Class Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdcfltn.sys [22168] O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:[MD5.B1EFA62F5C0E4D3C39E24358FA40CC44] - 05/02/2013 - 11:59:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [544768] O58 - SDL:[MD5.6F39936211BA814F36F2079635A64716] - 13/07/2012 - 11:31:06 ---A- . (.STMicroelectronics - STM Accelerometer Device Driver.) -- C:\Windows\System32\Drivers\ST_Accel.sys [73368] ~ Drivers: 18 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {DCF09481-9FA0-49B8-8801-D3DBE41CD2AD} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "85ACB64D7FA05544087143ECF3EE8E80" . (.ERAS Connector.) -- C:\Windows\Installer\{D46BCA58-0AF7-4455-8017-34CE3FEEE808}\ARPPRODUCTICON.exe O90 - PUC: "C4A64CE7956EE8146AA5DBF78CD2C484" . (.EMBASSY Client Core.) -- C:\Windows\Installer\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}\ARPPRODUCTICON.exe O90 - PUC: "CEB5B5FD44AB9664898CA296C1E54A82" . (.PBA Driver-x64.) -- C:\Windows\Installer\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}\ARPPRODUCTICON.exe O90 - PUC: "D58236BCD0997024EA13000052269671" . (.toolkit32for64bit.) -- C:\Windows\Installer\{CB63285D-990D-4207-AE31-000025626917}\ARPPRODUCTICON.exe O90 - PUC: "F2A9032ABEB48C54291E484D03CA51DA" . (.SI TSS.) -- C:\Windows\Installer\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}\SI.exe ~ Update Products: 74 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 30/09/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 19/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 10/12/2012 803872 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Demand 17/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 28/08/2013 273136 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe SS - | Demand 01/02/2013 2215272 | (SecureStorageService) . (.Wave Systems Corp..) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 11/09/2012 2252088 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe SR - | Auto 06/09/2012 957304 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto 12/11/2013 196616 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe SR - | Auto 15/08/2012 2280504 | (DFEPService) . (.Dell Inc..) - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe SR - | Auto 11/03/2013 231792 | (EmbassyService) . (...) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe SR - | Auto 28/08/2013 626416 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 02/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 10/12/2012 732160 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe SR - | Auto 24/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 25/01/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 27/10/2009 69632 | (OCS INVENTORY) . (.http://www.ocsinventory-ng.org.) - C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe SR - | Auto 21/01/2013 21504 | (PbaDrvSvc_x64) . (.Dell, Inc..) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe SR - | Auto 28/08/2013 149744 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 25/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe SR - | Auto 05/02/2013 332800 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Auto 24/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 25/01/2014 399640 | (sysTPLMonitor.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe =>PUP.sysTPL SR - | Auto 25/01/2014 400664 | (sysTPLService.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLService.exe =>PUP.sysTPL SR - | Auto 11/05/2012 1643520 | (tcsd_win32.exe) . (...) - C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe SR - | Auto 05/03/2013 5159760 | (TdmService) . (.Wave Systems Corp..) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe SR - | Auto 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe SR - | Auto 26/02/2013 1773056 | (Wave Authentication Manager Service) . (.Wave Systems Corp..) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 08/03/2013 254824 | (WvPCR) . (.Wave Systems Corp..) - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe SR - | Auto 28/08/2013 3378416 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ~ Services: Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : 13031 - (22/03/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:sysTPL =>PUP.sysTPL^ ~ Additionnel Scan: 233941 Items scanned in 00mn 09s ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ MSI: 2 link(s) detected in 00mn 09s ~ 877 Legitimates filtered by white list End of the scan (419 lines in 00mn 23s)(0)
  3. Bonjour à tous et merci davance au temps consacré pour m aider; j ai une bestiole coriace sur mon PC, anti malware ne trouve que dalle, MAIS ZHPDIAG trouve ceci : ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ MSI: 2 link(s) detected in 00mn 09s Que dois je faire? je connais rien à la définition des scrits de désinfection. en tous cas la bete est féroce
×
×
  • Créer...