cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.17.19 - Nicolas Coolman (1/17/2014)
~ Launched by Ahmed (1/19/2014 10:34:10 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2011
Windows Defender W7

---\\ System optimization software
CCleaner v4.07 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 45

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8010.4 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (66%) free of 195 GB

---\\ Connection to the system mode
~ Computer Name: MANUTD
~ User Name: Ahmed
~ All Users Names: UpdatusUser, Guest, Ahmed, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ahmed\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ahmed\AppData\Roaming\
~ %Desktop% : C:\Users\Ahmed\Desktop\
~ %Favorites% : C:\Users\Ahmed\Favorites\
~ %LocalAppData% : C:\Users\Ahmed\AppData\Local\
~ %StartMenu% : C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 225 Go of 293 Go)
E: Hard drive, Flash drive, Thumb drive (Free 385 Go of 443 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Free 0 Go of 15 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 40 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Windows Explorer.) (.7/14/2009 - 3:39:10 AM.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Internet Extensions for Win32.) (.7/14/2009 - 3:41:56 AM.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Windows Logon Application.) (.7/14/2009 - 3:39:52 AM.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Software Licensing Library.) (.7/14/2009 - 3:41:54 AM.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.7/14/2009 - 1:21:42 AM.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.7/14/2009 - 1:19:54 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.7/14/2009 - 1:23:44 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/14/2009 - 2:06:13 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 2:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.7/14/2009 - 1:24:00 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.7/14/2009 - 1:21:29 AM.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - NT File System Driver.) (.7/14/2009 - 3:48:27 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 2:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 2:10:12 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.7/14/2009 - 2:18:02 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 2:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.7/14/2009 - 1:21:15 AM.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.7/14/2009 - 3:45:55 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/38164
~ Mon Bureau (My Desktop) : 1/20
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 20mn AMs



---\\ Process running
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.3440]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4092]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4104]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4332]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.2540]
[MD5.95638442FC1AC7B0F204C1AF03635214] - (...) -- C:\Users\Ahmed\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904] [PID.5052]
[MD5.2F24D86C5DFDFB71FD601025F39B888F] - (...) -- C:\Users\Ahmed\AppData\Roaming\ACEStream\updater\ace_update.exe [26744] [PID.2272]
[MD5.2C32E3E596CFE660353753EABEFB0540] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [673048] [PID.5220]
[MD5.E8D48FD9AE7C45521EE57A0CB99CF320] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe [351904] [PID.5656]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.5012]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1452]
[MD5.DBD76BC1D498FE368F2C8CB76C3E00A4] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2196]
[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.2664]
[MD5.AA06C272A2D045E044681A37E0FABE7C] - (...) -- C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe [97056] [PID.2860]
[MD5.AA06C272A2D045E044681A37E0FABE7C] - (...) -- C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe [97056] [PID.2928]
[MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.3020]
[MD5.79BC44FF509C79D4E34DED3CD6EFD92B] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864] [PID.2396]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.4584]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.4816]
[MD5.86E4CC39C953D11EF57CF54C4DC78238] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.2876]
[MD5.FAA2048284D763409F7BB84F61601C80] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.4740]
[MD5.D80B1075B69B57A3AB78F750CE463ECE] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4324]
~ Processes Running: Scanned in 00mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [kpckgflgdapkpabemgkielbefdildaio] Magic Player v.1.1.32 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [okbdcdmpkkncigegdkhhhamjblgjbfja] SerialTrunc v.1.0.0 (Activé)
~ Google Browser: 12 Legitimates Filtered in 02mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects (O2)
O2 - BHO: SerialTrunc [64Bits] - {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} . (.SerialTrunc - SerialTrunc.) -- C:\Program Files (x86)\SerialTrunc\SerialTruncbho.dll
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key
~ BHO: 10 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Program [Public]: 4U M2TS Converter.lnk . (...) -- C:\Program Files (x86)\M2TS Converter\M2TSConverter.exe
O4 - GS\QuickLaunch [UpdatusUser]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Desktop [UpdatusUser]: 4U M2TS Converter.lnk . (...) -- C:\Program Files (x86)\M2TS Converter\M2TSConverter.exe
O4 - GS\QuickLaunch [Ahmed]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Ahmed]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Ahmed]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\TaskBar [Ahmed]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Ahmed]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Ahmed]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Ahmed]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ahmed]: 4U M2TS Converter.lnk . (...) -- C:\Program Files (x86)\M2TS Converter\M2TSConverter.exe
O4 - GS\Desktop [Ahmed]: Assassins Creed 3.lnk . (.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe
O4 - GS\Desktop [Ahmed]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Ahmed]: cheltuili 2014.lnk . (...) -- E:\cheltuili 2014.xlsx
O4 - GS\Desktop [Ahmed]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 62 Legitimates Filtered in 01mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Ahmed]: Monitor Ink Alerts - HP Deskjet 3510 series.lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2355810464-2500413287-983801039-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D865E7-8062-430D-8910-101EC112DBC6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{57D865E7-8062-430D-8910-101EC112DBC6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{57D865E7-8062-430D-8910-101EC112DBC6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 307.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Update SerialTrunc (Update SerialTrunc) . (...) - C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe
O23 - Service: Util SerialTrunc (Util SerialTrunc) . (...) - C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services: 14 Legitimates Filtered in 08mn AMs



---\\ Software installed (O42)
O42 - Logiciel: 4U M2TS Converter (version 2.0.9) - (.4U Computing, Inc..) [HKLM][64Bits] -- 4U M2TS Converter_is1
O42 - Logiciel: Ace Stream Media 2.1.10.1 - (.Ace Stream Media.) [HKCU][64Bits] -- AceStream
O42 - Logiciel: SerialTrunc - (.SerialTrunc.) [HKLM][64Bits] -- SerialTrunc
~ Logic: 23 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\SerialTrunc]
[HKLM\Software\Wow6432Node\SerialTrunc]
~ Key Software: 204 Legitimates Filtered in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 11/26/2013 - 8:48:47 PM - [11.360] ----D C:\Program Files (x86)\M2TS Converter
O43 - CFD: 1/19/2014 - 12:12:06 AM - [2.376] ----D C:\Program Files (x86)\SerialTrunc
O43 - CFD: 1/19/2014 - 7:57:17 PM - [2.065] ----D C:\Users\Ahmed\AppData\Roaming\.ACEStream
O43 - CFD: 11/23/2013 - 5:50:15 PM - [187.144] ----D C:\Users\Ahmed\AppData\Roaming\ACEStream
O43 - CFD: 11/23/2013 - 5:48:58 PM - [0.004] ----D C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
~ Program Folder: 137 Legitimates Filtered in 18mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.6A8F18B55D3482271D4D65C62E862DC6] - 1/11/2014 - 8:47:35 PM ---A- . (...) -- C:\Windows\System32\CNC176CD.TBL [88064]
O44 - LFC:[MD5.F8CF1DACD540F41C2BA9C8A620AF26C6] - 1/18/2014 - 1:26:45 PM ---A- . (...) -- C:\Windows\DirectX.log [17475]
~ Files: 72 Legitimates Filtered in 17mn AMs



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{d7255e18-51dc-11e3-9b82-b888e3ba6bad}\AutoRun\command. (...) -- G:\autorun.exe
~ Keys: Scanned in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 11/20/2013 - 2:15:41 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 1/7/2014 - 11:36:17 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.FB9BEF3401EE5ECC2603311B9C64F44A] - 11/20/2013 - 2:21:34 PM ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 7/14/2009 - 3:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 6/10/2009 - 10:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 7/14/2009 - 3:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 01mn AMs



---\\ Alternate Data Stream File (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\ig7icd32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igd10umd32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igdbcl32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igdde32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igdfcl32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igdrcl32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igdumd32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igfcg700m.bin:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igfxcmjit32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igfxcmrt32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igfxdv32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igfxexps32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\igkrng700.bin:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\iglhcp32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\iglhsip32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\IntelCpHeciSvc.exe:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\IntelOpenCL32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\OpenCL.dll:Zone.Identifier
~ ADS: Scanned in 00mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.04D97D753F8FE2737A9E04B3DFD874F7] [SPRF][1/18/2014] (.@ - setup file.) -- C:\Users\Ahmed\AppData\Local\Temp\DownloadManager.exe [1338136]
[MD5.C7AEC8F634039EF0F15CCD72BA5C6205] [SPRF][1/18/2014] (.Amônétízé Ltd - Installer.) -- C:\Users\Ahmed\AppData\Local\Temp\Launcher_i273617739.exe [336424]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][1/12/2014] (...) -- C:\Users\Ahmed\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.FBD27CE8BBBBF1D374DE1CE36B975BC6] [SPRF][1/18/2014] (...) -- C:\Users\Ahmed\AppData\Local\Temp\toolbar1504130.exe [233064]
[MD5.031E44A981406C4067C8A1326393FD08] [SPRF][1/18/2014] (...) -- C:\Users\Ahmed\AppData\Local\Temp\toolbar1587949.exe [953844]
[MD5.F67122EA0AFD28872869D401C4E93C78] [SPRF][1/18/2014] (.Acresso Software Inc. - Setup.exe.) -- C:\Users\Ahmed\AppData\Local\Temp\ubiAA63.tmp.exe [53004616]
[MD5.4589BEB2BB21ED7B2C775DCACDBE3B9B] [SPRF][1/18/2014] (.http://www.goforfiles.com/ - GoforFiles.) -- C:\Users\Ahmed\AppData\Local\Temp\uninstall1664281.exe [8142096] =>P2P.GoforFiles
~ Files: 9 Legitimates Filtered in 09mn AMs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{7B9253AF-084C-4A65-9DBA-D1845CB3A1B5}C:\users\ahmed\appdata\roaming\acestream\engine\ace_engine.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\ahmed\appdata\roaming\acestream\engine\ace_engine.exe
O87 - FAEL: "UDP Query User{51E2C14A-99E7-4667-B9E6-2463140BB31E}C:\users\ahmed\appdata\roaming\acestream\engine\ace_engine.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\ahmed\appdata\roaming\acestream\engine\ace_engine.exe
O87 - FAEL: "{F7DD9B09-5377-4CB3-8E43-BCE6E6397940}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{F681D6F3-0635-4F0B-BC7C-7F0AC6162219}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{E3EFE759-1194-45C1-8CD8-72F3485B346C}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{AFBB4238-1954-4D6A-9DCE-78E8CA8D04A5}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Firewall: 219 Legitimates Filtered in 01mn AMs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "C6AC1163ACF500943A92A6111832CCCF" . (.Bing Bar.) -- C:\Windows\Installer\{3611CA6C-5FCA-4900-A329-6A118123CCFC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 46 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
~ WIS: 48 Legitimates Filtered in 05mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 1/17/2014 257696 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 1/25/2012 192792 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
SS - | Demand 3/7/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/20/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/20/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SR - | Auto 2/20/2012 106144 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 1/7/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 1/25/2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
SR - | Auto 2/1/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2/2/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 2/8/2012 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2/8/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/12/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/11/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 7/10/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 2/8/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 1/16/2014 97056 | (Update SerialTrunc) . (...) - C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe
SR - | Auto 1/19/2014 97056 | (Util SerialTrunc) . (...) - C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe
SR - | Auto 7/14/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 7/14/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 11/9/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
SR - | Auto 2/19/2012 72864 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

~ Services: Scanned in 07mn AMs



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Ahmed at 1/19/2014 10:36:38 PM
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn AMs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ahmed at 1/19/2014 10:36:40 PM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 02mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13024 - (1/17/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\Conduit] =>Toolbar.Conduit^
C:\Users\Ahmed\AppData\Local\Temp\uninstall1664281.exe =>P2P.GoforFiles^
~ Additionnel Scan: 206275 Items scanned in 23mn AMs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 1 link(s) detected in 23mn AMs



~ 998 Legitimates filtered by white list
End of the scan (482 lines in 54mn AMs)(0)

Publicité


Signaler le contenu de ce document

Publicité