Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Lancé par Administrateur (13/11/2014 14:34:25)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v37.0.2062.124 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.3.1025
---\\ Logiciels d'optimisation du système
CCleaner v4.16
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI
Java 7 Update 71
---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 60 GB (80%) free of 75 GB
---\\ Mode de connexion au système
~ Computer Name: SWEET-8456F973E
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, Patricia, HelpAssistant, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 60 Go of 75 Go)
D: CD-ROM drive (Free 0 Go of 3 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.BFBBBFE0913E6C9706F97598A6588B8F] - (.Microsoft Corporation - Explorateur Windows.) (.27/09/2008 - 11:24:52.) -- C:\WINDOWS\Explorer.exe [1573888]
[MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 18:58:52.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.4BB6301D634C857A5089E8B24C5555E4] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.27/09/2008 - 11:27:21.) -- C:\WINDOWS\system32\Winlogon.exe [593408]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.A0857C97770034FD2AF17DC4014B5ABD] - (.Microsoft Corporation - NT File System Driver.) (.22/04/2008 - 14:45:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.27/09/2008 - 11:31:20.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.27/09/2008 - 00:58:26.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/10
~ Mon Bureau (My Desktop) : 0/6
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files\RocketDock\RocketDock.exe [495616] [PID.384]
[MD5.DBDB1A25291B2D18C614F5CA963156A8] - (.Oracle Corporation -
Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.576]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.600]
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.984]
[MD5.5AB8DB8F9CADBFBB3C132E8316FE337E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [852808] [PID.1096]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.1340]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\te8sv7gr.default\prefs.js
M3 - MFPP: Plugins - [Administrateur] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\te8sv7gr.default\searchplugins\bing-avast.xml
M0 - MFSP: prefs.js [Administrateur - te8sv7gr.default] about:blank
M2 - MFEP: prefs.js [Administrateur - te8sv7gr.default\abs@avira.com] [] Avira Browser Safety v1.4.0 (..)
M2 - MFEP: prefs.js [Administrateur - te8sv7gr.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.34 (..) =>PUP.CacaoWeb
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
O4 - HKUS\.DEFAULT\..\RunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
O4 - HKUS\S-1-5-18\..\RunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
O4 - HKUS\S-1-5-20\..\RunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
O4 - HKUS\S-1-5-21-776561741-789336058-842925246-500\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4729C85F-FADB-4A55-92DC-D0D2B91ABF7F}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6ED823-6E8C-4E89-8343-B94465EF0681}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4729C85F-FADB-4A55-92DC-D0D2B91ABF7F}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{9B6ED823-6E8C-4E89-8343-B94465EF0681}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{4729C85F-FADB-4A55-92DC-D0D2B91ABF7F}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{9B6ED823-6E8C-4E89-8343-B94465EF0681}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{4729C85F-FADB-4A55-92DC-D0D2B91ABF7F}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{9B6ED823-6E8C-4E89-8343-B94465EF0681}: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.197.111.140 109.88.203.3
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job [240]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [234]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: GoldenCoupon - (.GoldenCoupon.) [HKLM] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1
~ Logic: 17 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Genesis] =>PUP.Genesis
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\Reg]
[HKCU\Software\Tune]
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Reg]
[HKLM\Software\Tune]
~ Key Software: 145 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/09/2014 - 16:00:04 - [0] ----D C:\Program Files\saveitkeep =>PUP.SaveItKeep
O43 - CFD: 27/09/2014 - 16:00:04 - [] ----D C:\Documents and Settings\All Users\Application Data\ae43ed3793d8bae0
O43 - CFD: 27/09/2014 - 08:03:48 - [] ----D C:\Documents and Settings\All Users\Application Data\GoldenCoupon
O43 - CFD: 27/09/2014 - 17:09:48 - [0] ----D C:\Documents and Settings\All Users\Application Data\Performance Optimizer =>PUP.PerformanceOptimizer
O43 - CFD: 27/09/2014 - 17:39:40 - [0] ----D C:\Documents and Settings\All Users\Application Data\saveitkeep =>PUP.SaveItKeep
O43 - CFD: 13/11/2014 - 12:23:19 - [] -SH-D C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 19/08/2014 - 11:20:10 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\FoxTab
~ Program Folder: 90 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A9168C9092869AB72E47F1AE69395E84] - 01/11/2014 - 15:30:12 R--A- . (...) -- C:\WINDOWS\system32\RaCoInst.dat [13931]
O44 - LFC:[MD5.5ED2E87F417944EB9D0BA2D1B56F92DD] - 04/11/2014 - 17:47:09 ---A- . (...) -- C:\WINDOWS\system32\LavasoftTcpService.ini [4104]
O44 - LFC:[MD5.4C15EC5CE64D1E41AC25E1195D62AE03] - 04/11/2014 - 17:47:09 ---A- . (...) -- C:\WINDOWS\system32\LavasoftTcpServiceOff.ini [2128]
O44 - LFC:[MD5.90BF7D8D9EB4D866F3769360FA67DE41] - 12/11/2014 - 14:52:26 ---A- . (...) -- C:\JkDefragGUI.ini [1341]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 13/11/2014 - 11:24:33 ---A- . (...) -- C:\WINDOWS\diagerr.xml [1908]
O44 - LFC:[MD5.0645E755DE3F67126673204C6C123F40] - 13/11/2014 - 11:24:33 ---A- . (...) -- C:\WINDOWS\diagwrn.xml [2562]
~ Files: 33 Legitimates Filtered in 00mn 00s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(...) -- C:\Program Files\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Keys Export: 5 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "CDRAutoRun"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HideRunAsVerb"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoNetConnectDisconnect"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
~ MWPE Keys: 62 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 36 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {85A60A59-D3D8-468F-B598-FB4393789EF4} - (Google) - http://www.google.be
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
~ Keys: Scanned in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 01/10/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/10/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 15/10/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
~ Services: Scanned in 00mn 09s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 13/11/2014 14:34:58
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8656BAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 26 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 13/11/2014 14:35:00
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb^
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}] =>Adware.Bandoo^
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\te8sv7gr.default\extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb^
C:\Program Files\saveitkeep =>PUP.SaveItKeep^
C:\Documents and Settings\All Users\Application Data\Performance Optimizer =>PUP.PerformanceOptimizer^
C:\Documents and Settings\All Users\Application Data\saveitkeep =>PUP.SaveItKeep^
C:\Program Files\Optimizer Pro =>PUP.OptimizerPro
[HKCU\Software\Genesis] =>PUP.Genesis^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
~ Additionnel Scan: 123024 Items scanned in 00mn 24s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://nicolascoolman.fr/pup-genesis =>PUP.Genesis
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
~ MSI: 6 link(s) detected in 00mn 00s
~ 771 Legitimates filtered by white list
End of the scan (465 lines in 01mn 00s)(0)