~ Report of ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/3/2014) ~ Launched by Win7_64 (16/3/2014 22:58:42) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v8.0.7601.17514 MFIE: Mozilla Firefox 27.0.1 ---\\ Windows product information ~ Langage: Anglais Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software Avira Free Antivirus v14.0.3.350 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ System optimization software CCleaner v4.08 =>Piriform Ltd ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 12 Plugin Java 7 Update 45 ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot) Total RAM: 3981.6 MB (79% free) System Restore: Activé (Enable) System drive C: has 55 GB (45%) free of 121 GB ---\\ Connection to the system mode ~ Computer Name: GFHISYJQMFN45DX ~ User Name: Win7_64 ~ All Users Names: Win7_64, UpdatusUser, HomeGroupUser$, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Win7_64\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Win7_64\AppData\Roaming\ ~ %Desktop% : C:\Users\Win7_64\Desktop\ ~ %Favorites% : C:\Users\Win7_64\Favorites\ ~ %LocalAppData% : C:\Users\Win7_64\AppData\Local\ ~ %StartMenu% : C:\Users\Win7_64\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 55 Go of 121 Go) D: Hard drive, Flash drive, Thumb drive (Free 238 Go of 291 Go) E: CD-ROM drive (Not Inserted) F: Hard drive, Flash drive, Thumb drive (Free 287 Go of 287 Go) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 48 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 10:24:11.) -- C:\Windows\Explorer.exe [2872320] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/7/2009 - 8:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.920A1C789B1DBFB2FE3EBCB19AEDC935] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/11/2013 - 9:07:35.) -- C:\Windows\System32\wininet.dll [1188864] [MD5.87A00ED70FEC36D0DD968E5058C29AA1] - (.Microsoft Corporation - Windows Logon Application.) (.14/8/2010 - 16:37:49.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 10:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/11/2013 - 21:32:45.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/7/2009 - 8:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/7/2009 - 6:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 10:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/7/2009 - 6:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/7/2009 - 7:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/11/2013 - 21:25:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 10:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.15/11/2013 - 22:30:39.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/7/2009 - 7:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 10:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 10:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/7/2009 - 7:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 10:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 4/2295 ~ Mes musiques (My Musics) : 1/138 ~ Mes Videos (My Videos) : 2/6 ~ Mes Favoris (My Favorites) : 1/20 ~ Mes Documents (My Documents) : 18/2416 ~ Mon Bureau (My Desktop) : 5/1410 ~ Menu demarrer (Programs) : 1/41 ~ Hidden Files: Scanned in 00mn 07s ---\\ Process running [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1676] [MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1312] [MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.1336] [MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Administrator\Desktop\ZHPDiag\ZHPDiag.exe [8353792] [PID.1636] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://www.bing.com G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ~ Google Browser: 16 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles\nkailokn.default\prefs.js M2 - MFEP: prefs.js [Win7_64 - nkailokn.default\{8B7392AD-5489-9CED-73C1-FB2B374867EC}] [] Ask New Tabs v5.0.0.11471 (..) ~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: SearchHook Class [64Bits] - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.APN LLC. - Search Hook.) (21.5.0.2560) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll =>Toolbar.Ask ~ IE Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{CF0F43AB-9C23-4D7B-8040-201B82844854} Orphan key O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google O3 - Toolbar: Avery Toolbar - [HKLM]{41565233-5637-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR3V7\Passport_x64.dll =>Toolbar.Ask O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41565233-5637-006A-76A7-7A786E7484D7} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: AIMP3.lnk . (.AIMP DevTeam - AIMP3.) -- C:\Program Files (x86)\AIMP3\AIMP3.exe O4 - GS\Desktop [Public]: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms O4 - GS\Desktop [Public]: Avira.lnk . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe O4 - GS\Desktop [Public]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent O4 - GS\Desktop [Public]: dtac aircard.lnk . (...) -- C:\Program Files (x86)\dtac aircard\Modem.exe O4 - GS\Desktop [Public]: LINE.lnk . (.LINE Corporation - LINE.) -- C:\Program Files (x86)\Naver\LINE\Line.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe O4 - GS\Desktop [Public]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe O4 - GS\Program [Public]: EnglishTranslator.LNK . (...) -- C:\Program Files (x86)\EnglilshToThai\EnglishToThai.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: ThaiTranslator.LNK . (...) -- C:\Program Files (x86)\ThaiToEnglish\ThaiToEnglish.exe O4 - GS\QuickLaunch [Win7_64]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent O4 - GS\QuickLaunch [Win7_64]: Camfrog Video Chat 6.0.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe O4 - GS\QuickLaunch [Win7_64]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Win7_64]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe O4 - GS\QuickLaunch [Win7_64]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Win7_64\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Win7_64]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Win7_64]: Point Blank.lnk . (.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe O4 - GS\Program [Win7_64]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Win7_64]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Win7_64]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Win7_64]: Camfrog Video Chat 6.0.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe O4 - GS\Desktop [Win7_64]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe O4 - GS\Desktop [Win7_64]: Computer - Shortcut.lnk - Orphan key O4 - GS\Desktop [Win7_64]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Win7_64]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Win7_64]: KMPlayer.lnk . (.Pandora.TV - The KMPlayer.) -- C:\Program Files (x86)\KMPlayer\kmplayer.exe O4 - GS\Desktop [Win7_64]: New folder - Shortcut.lnk - Orphan key O4 - GS\Desktop [Win7_64]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe O4 - GS\Desktop [Win7_64]: Playpark Launcher.lnk . (...) -- C:\Program Files\Playpark\Playpark Launcher\PPLauncher.exe O4 - GS\Desktop [Win7_64]: WebcamMax.lnk . (.CoolwareMax - WebcamMax.) -- C:\Program Files (x86)\WebcamMax\WebcamMax.exe O4 - GS\Desktop [Win7_64]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Win7_64\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Desktop [Win7_64]: ตัดเพลงมือถือ.lnk . (.Nero AG - Wave Editor.) -- C:\Program Files (x86)\Nero\Nero WaveEditor\waveedit.exe O4 - GS\TaskBar [UpdatusUser]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [UpdatusUser]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [UpdatusUser]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [UpdatusUser]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe ~ Global Startup: 125 Legitimates Filtered in 00mn 04s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Win7_64\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Win7_64\AppData\Local\Google\Update\GoogleUpdate.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: ส่&งไปยัง OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58 O17 - HKLM\System\CCS\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name O17 - HKLM\System\CS1\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58 O17 - HKLM\System\CS1\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name O17 - HKLM\System\CS2\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58 O17 - HKLM\System\CS2\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name O17 - HKLM\System\CS2\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpDomain = domain.name O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Ask Update Service (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: Power Control [2011/07/12 02:47:10] ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp. - No Comment.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl ~ Services: 23 Legitimates Filtered in 00mn 03s ---\\ Software installed (O42) O42 - Logiciel: EnglishToThai - (...) [HKLM][64Bits] -- ST6UNST #1 O42 - Logiciel: Smileys We Love Toolbar for IE - (.SqueekyChocolate, LLC.) [HKLM][64Bits] -- {DD36B76E-AAC3-4BB7-9946-A5FBBE121C33} =>Adware.SmileyBar O42 - Logiciel: Special Force - (.Drangonfly Game.) [HKLM][64Bits] -- {8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E} O42 - Logiciel: Thai Translator Tool - (...) [HKLM][64Bits] -- ST6UNST #2 O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D} ~ Logic: 9 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKCU\Software\Baidu Security] =>Adware.BDSearch [HKLM\Software\AskPartnerNetwork] [HKLM\Software\HAL7600] =>Hijacker.Windows7 [HKLM\Software\Wow6432Node\AskPartnerNetwork] [HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch [HKLM\Software\Wow6432Node\Better Surf Plus] [HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf [HKLM\Software\Wow6432Node\Drangonfly Game] [HKLM\Software\Wow6432Node\Easy Sysprep] [HKLM\Software\Wow6432Node\Playpark] [HKLM\Software\Wow6432Node\dtac aircard] ~ Key Software: 318 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 24/2/2014 - 6:01:27 - [9.824] ----D C:\Program Files (x86)\AskPartnerNetwork O43 - CFD: 27/8/2013 - 9:04:33 - [13.323] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch O43 - CFD: 13/11/2013 - 16:51:09 - [37.576] ----D C:\Program Files (x86)\dtac aircard O43 - CFD: 12/7/2011 - 3:55:59 - [39.582] ----D C:\Program Files (x86)\EnglilshToThai O43 - CFD: 12/7/2011 - 3:56:16 - [34.082] ----D C:\Program Files (x86)\ThaiToEnglish O43 - CFD: 24/2/2014 - 6:01:27 - [1.554] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 17/8/2013 - 21:44:10 - [179.030] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch O43 - CFD: 11/11/2013 - 2:46:20 - [27.641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 27/8/2013 - 9:04:30 - [20.358] ----D C:\Users\Win7_64\AppData\Roaming\Baidu Security =>Adware.BDSearch O43 - CFD: 16/11/2013 - 14:01:26 - [1.886] ----D C:\Users\Win7_64\AppData\Roaming\DmC - Devil May Cry O43 - CFD: 17/8/2013 - 19:14:28 - [0] ----D C:\Users\Win7_64\AppData\Roaming\xim O43 - CFD: 27/2/2014 - 23:06:35 - [0.006] ----D C:\Users\Win7_64\AppData\Local\AskPartnerNetwork O43 - CFD: 9/11/2013 - 18:01:53 - [1.996] ----D C:\Users\Win7_64\AppData\Local\TempKOF O43 - CFD: 25/11/2013 - 20:30:34 - [0.003] ----D C:\Users\Win7_64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark ~ Program Folder: 222 Legitimates Filtered in 00mn 42s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.C4D107552C86AA279E5164D0A1AE05F9] - 16/3/2014 - 17:28:44 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [5872] O44 - LFC:[MD5.C4D107552C86AA279E5164D0A1AE05F9] - 16/3/2014 - 17:28:44 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [5872] O44 - LFC:[MD5.68E7CF27840FE3D4F2259AAA877004E7] - 16/3/2014 - 22:40:27 ---A- . (...) -- C:\Windows\ntbtlog.txt [1444562] ~ Files: 10 Legitimates Filtered in 00mn 05s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BitTorrent Sync [Key] . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent O53 - SMSR:HKLM\...\startupreg\ES3_Clean [Key] . (.No owner - ES3 Clean Tool.) -- C:\Windows\System32\ES3_Clean.exe ~ SMSR Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.CBF4C9263F35A9E80E4AD5CBBAE6049C] - 11/4/2012 - 15:49:00 ---A- . (.Windows (R) Win 7 DDK provider - ASUS Virtual Bus.) -- C:\Windows\System32\Drivers\AsusVBus.sys [35968] O58 - SDL:[MD5.C951F6F1D909E1AAD7160D9EE860A3F1] - 11/4/2012 - 15:48:58 ---A- . (.Windows (R) Win 7 DDK provider - ASUS HID mini driver for Virtual Touch Device.) -- C:\Windows\System32\Drivers\AsusVTouch.sys [16512] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/7/2009 - 8:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.88A0ABA307B3CA3804405155E92EFAF8] - 15/5/2012 - 0:44:20 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [200488] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 11/6/2009 - 3:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.2A63036283B36B3B68CDC6F85A7D53ED] - 23/4/2012 - 18:26:26 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [154272] O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/7/2009 - 16:29:40 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/7/2009 - 8:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 16 Legitimates Filtered in 00mn 03s ---\\ Last modified or created user files (O61) O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\stock N&R STEAK&BEER.docx [22102] O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการซื้อสินค้าจาก Makro.docx [33369] O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการสั่งสินค้าเลอมาแตง ok.docx [15945] O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการสินค้า.docx [16878] O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการเช็คสต็อกสเต๊ก.docx [17467] O61 - LFC: 14/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Spark\User Data\Default\History [151552] O61 - LFC: 14/3/2014 - 23:00:10 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\Opera Software\Opera Stable\History [94208] O61 - LFC: 14/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\Documents\cc_20140314_103659.reg [2834] O61 - LFC: 14/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\Documents\cc_20140314_103733.reg [926] O61 - LFC: 14/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\โปรโมชั่่น เบียร์.docx [13196] O61 - LFC: 14/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$รโมชั่่น เบียร์.docx [162] O61 - LFC: 15/3/2014 - 23:00:00 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\AskPartnerNetwork\Toolbar\AVR3V7\APNStorage.stg [6170] O61 - LFC: 15/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll [113992] O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Toolbar\broker_metrics.xml [13409] O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe [892120] O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Update\Install\{14B6527B-B2C7-4157-B581-9D96A32BCE57}\33.0.1750.154_33.0.1750.146_chrome_updater.exe [892120] O61 - LFC: 15/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$mplete เมนูอาหารร้าน N &R.docx [162] O61 - LFC: 15/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$ตรอาหารร้าน N.docx [162] O61 - LFC: 16/3/2014 - 23:00:03 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [274329] O61 - LFC: 16/3/2014 - 23:00:03 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 16/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Local State [114819] O61 - LFC: 16/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\CdmAdapterVersion [13] O61 - LFC: 16/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57] O61 - LFC: 16/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [6018] O61 - LFC: 16/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\ZHP\Log.txt [22466] =>.Nicolas Coolman O61 - LFC: 16/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\ZHP\TestsZHPDiag.txt [2923] =>.Nicolas Coolman O61 - LFC: 16/3/2014 - 23:00:13 ---A- . (...) -- C:\Users\Win7_64\Downloads\RogueKiller.exe [3901952] ~ 55 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 618 Legitimates Filtered in 00mn 13s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\nvraid.sys (nvraid) .(.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - LEGACY_NVRAID ~ Legacy: 88 Legitimates Filtered in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] 2017C6C903B34DF0B3AF86C65FD46636 - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] B6E0351FFD99426CB45B05F2ABE9A90C - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - http://th.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {F312733C-2748-471C-91FF-6BF8A61D18B9} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.9FFDB98DEE1E5E88593F8C0020E06448] [SPRF][12/6/2013] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][16/3/2014] (...) -- C:\Users\Win7_64\Desktop\adwcleaner.exe [1950720] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{D46DFB4B-97A3-4902-AEB2-00953D35624E}" | In - Domain - P17 - TRUE | .(.No owner - Windows host process (Rundll32).) -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe O87 - FAEL: "{86064267-95EA-4EEF-92E1-1C3462961D6B}" | In - Public - P6 - TRUE | .(.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe O87 - FAEL: "{C2281CEF-99C3-4361-B049-1BE961C8B99B}" | In - Public - P17 - TRUE | .(.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe O87 - FAEL: "{6690D428-EC30-473A-9FEF-D931D776C72B}" | In - Public - P6 - TRUE | .(.No owner - Garena Installer.) -- C:\GarenaDownload\Games\hon\HoNInstaller_TH.exe O87 - FAEL: "{659FC87D-1CA5-470A-B34B-51E1BC59F0DF}" | In - Public - P17 - TRUE | .(.No owner - Garena Installer.) -- C:\GarenaDownload\Games\hon\HoNInstaller_TH.exe O87 - FAEL: "TCP Query User{8DC51F70-5FF9-4E15-901C-9A9DA4E0297C}C:\program files (x86)\garena plus\garenamessenger.exe" | In - Public - P6 - TRUE | .(.No owner - Garena Plus.) -- C:\program files (x86)\garena plus\garenamessenger.exe O87 - FAEL: "UDP Query User{A83F00F3-1265-4AF7-8D1E-BF474CEF38D9}C:\program files (x86)\garena plus\garenamessenger.exe" | In - Public - P17 - TRUE | .(.No owner - Garena Plus.) -- C:\program files (x86)\garena plus\garenamessenger.exe O87 - FAEL: "TCP Query User{35877080-2B1A-4425-9CBE-82426B03B94C}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" | In - Public - P6 - TRUE | .(.No owner - Garena Talk.) -- C:\program files (x86)\garena plus\bbtalk\bbtalk.exe O87 - FAEL: "UDP Query User{74598BC0-990D-479F-8B4F-363C9E547882}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" | In - Public - P17 - TRUE | .(.No owner - Garena Talk.) -- C:\program files (x86)\garena plus\bbtalk\bbtalk.exe O87 - FAEL: "{B505DD8A-7D9D-47A4-A5B1-EA6CA2857D0A}" | In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\Garena Plus\Room\garena_room.exe O87 - FAEL: "TCP Query User{22992118-D174-4121-9CA9-2391A74C3924}C:\program files (x86)\garena plus\updatemanager.exe" | In - Public - P6 - TRUE | .(.No owner - UpdateManager Module.) -- C:\program files (x86)\garena plus\updatemanager.exe O87 - FAEL: "UDP Query User{321A0CA8-8AD7-4C21-A458-DAEB89FBF537}C:\program files (x86)\garena plus\updatemanager.exe" | In - Public - P17 - TRUE | .(.No owner - UpdateManager Module.) -- C:\program files (x86)\garena plus\updatemanager.exe ~ Firewall: 246 Legitimates Filtered in 00mn 01s ---\\ Product Upgrade Codes (PUC) (O90) O90 - PUC: "6BE001F7F915FAC43A48E3117E7ABF49" . (.GOODGAMES ONLINE.) -- C:\Windows\Installer\{7F100EB6-519F-4CAF-A384-3E11E7A7FB94}\ARPPRODUCTICON.exe O90 - PUC: "E67B63DD3CAA7BB499645ABFEB21C133" . (.Smileys We Love Toolbar for IE.) -- C:\Windows\Installer\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}\_853F67D554F05449430E7E.exe =>Adware.SmileyBar ~ Update Products: 131 Legitimates Filtered in 00mn 00s ---\\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.C9E14FE4C420BEDEF8A319576C43CEA2] [WIS][16/1/2014] (.APN, LLC - Avery Toolbar.) -- C:\Windows\Installer\1a9c26.msi [363520] [MD5.3A0048E56C41EC328A4CD0FFCBAACDAD] [WIS][6/11/2013] (.True Digital Plus - GOODGAMES ONLINE.) -- C:\Windows\Installer\444176.msi [1469952] ~ WIS: 131 Legitimates Filtered in 00mn 12s ---\\ Search Master Boot Record Infection (MBR)(O80) Run by Win7_64 at 16/3/2014 23:00:55 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Win7_64 at 16/3/2014 23:00:57 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13031 - (12/3/2014) Clés trouvées (Keys found) : 8 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 4 [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}] =>Adware.SmileyBar^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent Sync] =>P2P.BitTorrent^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{D8278076-BC68-4484-9233-6E7F1628B56C} =>Toolbar.Ask^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^ C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^ C:\ProgramData\Baidu Security =>Adware.BDSearch^ C:\Users\Win7_64\AppData\Roaming\Baidu Security =>Adware.BDSearch^ C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Users\Win7_64\AppData\Local\AskPartnerNetwork =>Toolbar.Ask [HKCU\Software\Baidu Security] =>Adware.BDSearch^ [HKLM\Software\HAL7600] =>Hijacker.Windows7^ [HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^ [HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf^ ~ Additionnel Scan: 332540 Items scanned in 00mn 19s ---\\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/27530912-adware-smileybar =>Adware.SmileyBar ~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch ~ http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows ~ http://nicolascoolman.webs.com/apps/blog/show/36340918-pup-bettersurf =>PUP.BetterSurf ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ MSI: 6 link(s) detected in 00mn 19s ~ 1889 Legitimates filtered by white list End of the scan (563 lines in 02mn 35s)(0)