cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2013.10.1.1 - Nicolas Coolman (30/09/2013)
~ Launched by Nolirion (02/10/2013 21:40:09)
~ Web site address : http://nicolascoolman.webs.com
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control :


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16540
GCIE: Google Chrome v29.0.1547.76 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
~ Windows Partial Key : PM9DP
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Internet Security v8.0.1497.0
AVG 2013 v13.0.3204
Windows Defender W7

---\\ System optimization software
CCleaner v4.02 =>Piriform Ltd

---\\ Sharing software PeerToPeer
Pando Media Booster v2.6.0.8

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (55% free)
System Restore: Active (Enable)
System drive C: has 12 GB (7%) free of 149 GB

---\\ Connection to the system mode
~ Computer Name: NOLIRION-PC
~ User Name: Nolirion
~ All Users Names: UpdatusUser, Nolirion, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\TEMP.Nolirion-PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\TEMP.Nolirion-PC\AppData\Roaming\
~ %Desktop% : C:\Users\TEMP.Nolirion-PC\Desktop\
~ %Favorites% : C:\Users\TEMP.Nolirion-PC\Favorites\
~ %LocalAppData% : C:\Users\TEMP.Nolirion-PC\AppData\Local\
~ %StartMenu% : C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 12 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 36 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de demarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�fouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliotheque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du systeme de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallele.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliche instantane du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/727
~ Mes musiques (My Musics) : 6/1304
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/28
~ Mes Documents (My Documents) : 3/4371
~ Mon Bureau (My Desktop) : 1/18707
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 08s



---\\ Process running
[MD5.6B08632F7634F344372B25A507DA7C47] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000] [PID.2144]
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656] [PID.2188]
[MD5.5DC2734641995889DF9D53C04A2786D0] - (.Glarysoft Ltd - Glary Utilities 3.) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe [470816] [PID.2500]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2508]
[MD5.E7148BB584830E51AFD414CE9AEAE74C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.2792]
[MD5.3C32D620BEA5CC151CE286690590AA88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8032768] [PID.4936]
[MD5.2222073BE0232E70A397B8302293AA9D] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413472] [PID.828]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1152]
[MD5.68E3356BC848124F56BDAC3C70C2E54B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [137960] [PID.1440]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2028]
[MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.2100]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2600]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [Public]: DISCIPLINE.LNK . (...) -- C:\Program Files\DISCIPLINE\DISCIPLINE.exe
O4 - GS\QuickLaunch [Nolirion]: ��Torrent.lnk . (.BitTorrent Inc. - ��Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Nolirion]: PlanetSide 2 Beta.lnk . (.Sony Online Entertainment, LLC - LaunchPad (GameLauncher).) -- C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\LaunchPad.exe
O4 - GS\Desktop [Nolirion]: StarCraft II - Raccourci.lnk . (...) -- C:\Program Files (x86)\StarCraft II\StarCraft II.exe (.not file.)
~ Global Startup: 60 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2572046954-651867858-687166017-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2572046954-651867858-687166017-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [{0E1E628B-3155-43EA-A060-DD4B1BA6618B}] (...) -- E:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{107AAF9F-4702-4031-947F-3556B68641A4}] (...) -- F:\ATLASV14ETrial.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1CF5EBD5-6FE4-4191-A23B-2A6C9F861B3A}] (...) -- C:\ILLUSION\RapeLay\RL Harem 2\RL Harem 2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1F14C4D2-EA11-4712-8B71-63A1F4E375B4}] (...) -- C:\Users\Nolirion\Downloads\NetFx20SP2_ia64.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{22D911C5-7C00-466F-9771-CB5E28EFA904}] (...) -- C:\ILLUSION\RapeLay\RL Harem 2\RL Harem 2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4AB271F2-41E7-4C47-9DCD-1F9FAEE7E0AF}] (...) -- C:\Users\Nolirion\Downloads\RL Harem 2 v1.01.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E98D88B-575A-4BAC-B6A2-B1B3037FAD35}] (...) -- C:\Users\Nolirion\Downloads\RL Harem BETA v1.02.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A8D0A3A2-8E38-4E35-ADF7-3B277BC86552}] (...) -- E:\BLEEDUST.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DAC5710D-3917-475B-A3FD-3CDD21A45C4D}] (...) -- C:\Program Files (x86)\Eushully\moo\Uninst200.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E66E49F0-E125-45C1-AD35-7AD7886B09B2}] (...) -- C:\Users\Nolirion\Downloads\MassEffect_BDtS_ES_a.exe (.not file.) [0]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 02s



---\\ Software installed (O42)
O42 - Logiciel: BitRaider Web Client - (.BitRaider, LLC.) [HKLM][64Bits] -- BitRaider Web Client
O42 - Logiciel: GameFly - (.GameFly, Inc..) [HKLM][64Bits] -- GameFly
O42 - Logiciel: ILLUSION SchoolMate - (.ILLUSION.) [HKLM][64Bits] -- {52ABC760-CAFC-4FCD-A0AA-5661366199D5}
O42 - Logiciel: ILLUSION �ł����郁�C�g - (.ILLUSION.) [HKLM][64Bits] -- {2F59EC4C-80B9-4B35-9D8B-BA97D77E8BFD}
O42 - Logiciel: ILLUSION �v���~�A���v���C - (.ILLUSION.) [HKLM][64Bits] -- {0578A699-51A3-453B-B3F7-433EFD189942}
O42 - Logiciel: ILLUSION ���P����I - (.ILLUSION.) [HKLM][64Bits] -- {FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}
O42 - Logiciel: MeCab 0.98 - (.Taku Kudo.) [HKLM][64Bits] -- MeCab_is1
O42 - Logiciel: Milftoon Beach V2.191 - (...) [HKLM][64Bits] -- Milftoon Beach V2.191
O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57-4638-A8D1-1D88671913B7}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ - (.Eushully.) [HKLM][64Bits] -- InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ - (.Eushully.) [HKLM][64Bits] -- {41810510-3CE0-425B-BE07-B9793731737F}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ Append01 - (.Eushully.) [HKLM][64Bits] -- InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ Append01 - (.Eushully.) [HKLM][64Bits] -- {EFE563B0-DDDB-45AF-B49A-C109C93E5F35}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ Append02 - (.Eushully.) [HKLM][64Bits] -- InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ Append02 - (.Eushully.) [HKLM][64Bits] -- {19B5CAAF-3E36-40F4-83F2-45E0D258000C}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ Ver2.00 Update - (.Eushully.) [HKLM][64Bits] -- InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}
O42 - Logiciel: �_�̂�A���P�~�[�}�C�X�^�[ Ver2.00 Update - (.Eushully.) [HKLM][64Bits] -- {C7B5C8A0-CE3F-4645-A0B6-B5515794076D}
~ Logic: 83 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACTIVEJP.INI]
[HKCU\Software\Altap]
[HKCU\Software\Eushully]
[HKCU\Software\GameFly]
[HKCU\Software\GuiltyPLUS]
[HKCU\Software\IGNITION]
[HKCU\Software\INTERHEART]
[HKCU\Software\IncrediMail]
[HKCU\Software\MS]
[HKCU\Software\MeCab]
[HKCU\Software\No Reply Games]
[HKCU\Software\Will]
[HKCU\Software\XMoonProd]
[HKCU\Software\akibain]
[HKCU\Software\illusion]
[HKCU\Software\sakuradite.org]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\MeCab]
[HKLM\Software\Wow6432Node\SCRiN]
[HKLM\Software\illusion]
~ Key Software: 191 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03/07/2013 - 23:20:54 - [0,708] ----D C:\Program Files (x86)\AMPLITUDE
O43 - CFD: 15/06/2013 - 19:20:20 - [735,192] ----D C:\Program Files (x86)\Eushully
O43 - CFD: 09/07/2013 - 11:55:38 - [55,317] ----D C:\Program Files (x86)\GameFly
O43 - CFD: 18/03/2013 - 19:26:31 - [0,460] ----D C:\Program Files (x86)\Illusion Registry Fixer
O43 - CFD: 09/07/2013 - 11:55:41 - [99,167] ----D C:\Program Files (x86)\MeCab
O43 - CFD: 28/09/2013 - 00:41:00 - [375,563] ----D C:\Program Files (x86)\Milftoon Beach V2.191
O43 - CFD: 03/06/2013 - 01:52:47 - [377,383] ----D C:\Program Files (x86)\mu soft
O43 - CFD: 15/09/2013 - 23:48:27 - [1,473] ----D C:\Program Files (x86)\ss helper =>Adware.SaveShare
O43 - CFD: 15/09/2013 - 23:48:42 - [0] ----D C:\ProgramData\0
O43 - CFD: 30/09/2013 - 21:32:39 - [7,285] ----D C:\ProgramData\BitRaider
O43 - CFD: 15/09/2013 - 23:48:42 - [2,226] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 18/05/2013 - 18:28:18 - [3,290] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\GameFly
O43 - CFD: 06/04/2013 - 14:11:59 - [0,007] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\INTERHEART
O43 - CFD: 29/09/2013 - 21:28:57 - [3,723] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\org.sakuradite.reader
O43 - CFD: 21/09/2013 - 22:59:01 - [0,784] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\RenPy
O43 - CFD: 23/02/2013 - 22:31:16 - [18,225] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\Eushully
O43 - CFD: 29/04/2013 - 23:43:32 - [0,002] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\Kerberos_Productions
O43 - CFD: 28/09/2013 - 00:41:21 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\Milftoon
O43 - CFD: 22/09/2013 - 17:28:40 - [481,007] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\XMoonProd
O43 - CFD: 10/09/2013 - 17:11:42 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameFly
O43 - CFD: 28/09/2013 - 00:41:01 - [0,003] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Milftoon Beach V2.191
O43 - CFD: 03/06/2013 - 01:53:31 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mu soft
O43 - CFD: 22/09/2013 - 17:28:40 - [0,001] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMoonProd
O43 - CFD: 06/04/2013 - 01:40:09 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\�C���^�[�n�[�g
O43 - CFD: 03/07/2013 - 09:31:50 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\�s���d�Ԓj�Q
~ Program Folder: 183 Legitimates Filtered in 00mn 05s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.1054DEA0541F0BAF9B3B13F5EE6B321D] - 29/09/2013 - 23:13:33 ---A- . (...) -- C:\DiskDefrag.log [75]
~ Files: 8 Legitimates Filtered in 00mn 03s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{3ff03bf0-672a-11e2-950d-002215444ca0}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{ccd2b11e-21cd-11e2-8898-002215444ca0}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 29/03/2005 - 01:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 02/01/1601 - No owner (BootDefragDriver) .(...) - LEGACY_BOOTDEFRAGDRIVER
O64 - Services: CurCS - 14/09/2013 - C:\ProgramData\BitRaider\BRDriver64.sys (BRDriver64) .(.BitRaider - BitRaider WISDA 64-Bit Filter Driver.) - LEGACY_BRDRIVER64
O64 - Services: CurCS - 11/04/2013 - C:\Windows\System32\drivers\gfiark.sys (gfiark) .(.ThreatTrack Security - gfiark64.sys.) - LEGACY_GFIARK
~ Legacy: 89 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Internet Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.B75518F00DDF086FD6544733221A7A9D] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363875131.bdinstall.bin [704932]
[MD5.38C0E220F2FADDA94E505080CAB62595] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363878944.bdinstall.bin [439058]
[MD5.D11DD7A331F148684B5F62E8257B4424] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363880026.bdinstall.bin [232158]
[MD5.B6EC6B341827A687817AE3FCBC36B195] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363880591.bdinstall.bin [690377]
[MD5.DA10F82FEDA05DE17D0EA32C9D577997] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363881656.bdinstall.bin [229487]
[MD5.D53B2BA563DDD6CEEA83D357F8379298] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373354920.bdinstall.bin [318106]
[MD5.31A0739858B0E53DA6BF228D20446D40] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373362024.bdinstall.bin [566687]
[MD5.0CB7C7BDE3E5A370CF626336A92ECE7A] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373362710.bdinstall.bin [242711]
[MD5.F4059296167B163F0F25CE94AE4BF177] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373364112.bdinstall.bin [515632]
[MD5.01FDA9AE99CEA944676ED152E0D18886] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373365143.bdinstall.bin [449872]
[MD5.0D402AD34F9FD1FC33F00B4B3300EE2F] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373367827.bdinstall.bin [240847]
[MD5.0AEA84EB22563F7E05144311AFE8233D] [SPRF][04/04/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\train2sv.bin [2923100]
[MD5.9182C3ECAB695D72C5937499705D68FB] [SPRF][01/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\Temp\Quarantine.exe [344601]
[MD5.F779D4401049C5592A34B2D4DA14A0EE] [SPRF][02/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\Temp\~gu3-ver.dat [107]
[MD5.08512BFFB233FFA2D77379B74C4EBB54] [SPRF][02/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\Temp\~upgrade.dat [936]
[MD5.5611140E8CC5927D371C27EA1F9E71A6] [SPRF][02/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\Desktop\AdwCleaner.exe [1045226]
[MD5.F949E47CBC3E395AE9388084DEC9F84B] [SPRF][12/09/2013] (...) -- C:\Users\TEMP.Nolirion-PC\Desktop\Reset_Reregister_Windows_Update_Components.bat [1709]
[MD5.666BD24BE5A29F1FF17D91CC280BD2EE] [SPRF][02/10/2013] (.No owner - Nettoyage des fichiers temporaires.) -- C:\Users\TEMP.Nolirion-PC\Desktop\SFTGC.exe [1064060]
~ Files: 19 Legitimates Filtered in 00mn 01s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "996A87503A15B3543B7F34E3DF819924" . (.ILLUSION �v���~�A���v���C.) -- C:\Windows\Installer\{0578A699-51A3-453B-B3F7-433EFD189942}\ARPPRODUCTICON.exe
~ Update Products: 43 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.A985AA23C4FA8774D7A6A420990D70C0] [WIS][05/01/2013] (.ILLUSION - �v���~�A���v���C.) -- C:\Windows\Installer\1bf1d5b.msi [623104]
~ WIS: 20 Legitimates Filtered in 00mn 02s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Demand 26/09/2013 484592 | (BRSptSvc) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptSvc.exe
SS - | Auto 28/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SR - | Auto 27/08/2013 14997280 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 21/06/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 21/06/2013 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Nolirion at 02/10/2013 21:41:22
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Nolirion at 02/10/2013 21:41:24

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12932 - (30/09/2013)
Cles trouvees (Keys found) : 5
Valeurs trouvees (Values found) : 0
Dossiers trouves (Folders found) : 2
Fichiers trouves (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole] =>Toolbar.AdAware
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Program Files (x86)\ss helper =>Adware.SaveShare^
C:\ProgramData\InstallMate =>PUP.Tarma^
~ Additionnel Scan: 163035 Items scanned in 00mn 24s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/31929570-adware-saveshare =>Adware.SaveShare
~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss =>Rootkit.TDSS
~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 4 link(s) detected in 00mn 24s



~ 821 Legitimates filtered by white list
End of the scan (485 lines in 01mn 40s)(0)

Publicité


Signaler le contenu de ce document

Publicité