cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Launched by info (02/02/2014 21:35:46)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8.1 Enterprise, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel
~ Windows Partial Key : MKKG7
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2012 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 75 GB (58%) free of 129 GB

---\\ Connection to the system mode
~ Computer Name: PC-KHALIL
~ User Name: info
~ All Users Names: info, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\info\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\info\AppData\Roaming\
~ %Desktop% : C:\Users\info\Desktop\
~ %Favorites% : C:\Users\info\Favorites\
~ %LocalAppData% : C:\Users\info\AppData\Local\
~ %StartMenu% : C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 75 Go of 129 Go)
D: Hard drive, Flash drive, Thumb drive (Free 137 Go of 150 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.C1400519D76A364E974E47BBA62B95B0] - (.Microsoft Corporation - Explorateur Windows.) (.30/09/2013 - 05:23:34.) -- C:\Windows\Explorer.exe [2328328]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.30/09/2013 - 05:23:32.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/09/2013 - 05:23:28.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 05:02:52.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/3
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/137
~ Mon Bureau (My Desktop) : 2/231
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 01s



---\\ Process running
[MD5.4B2A51F4B27381EB76106F16E60D9B8C] - (.Connectify - Connectify Hotspot.) -- C:\Program Files (x86)\Connectify\Connectify.exe [3755296] [PID.768]
[MD5.B7E10A26469546B7065018884C25595D] - (.Connectify - Connectify Dispatch.) -- C:\Program Files (x86)\Connectify\DispatchUI.exe [1685280] [PID.4252]
[MD5.7AC622ED754E7628C97EE31BE4C72C91] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe [905296] [PID.2396] =>P2P.BitTorrent
[MD5.F645990AEEBD0A3C596F0D5FE460A810] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136] [PID.4896]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.4960]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4164]
[MD5.1FC71A719B45A6A90BAFE2387EA07984] - (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files (x86)\HSPA USB Modem\HSPALauncher.exe [233472] [PID.4484]
[MD5.EA0F5701A2A6B832AE8D3525B0F957BE] - (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe [15661872] [PID.4940]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5356]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3336]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.myhoome.com
~ Google Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Connectify Dispatch.lnk - Orphan key
O4 - GS\Desktop [Public]: Connectify Hotspot.lnk - Orphan key
O4 - GS\Desktop [Public]: HP USB Disk Storage Format Tool.lnk . (.Hewlett-Packard Company - HPUSBFW.) -- C:\DriveKey\HPUSBFW.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Nedjma Easynet.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{06ADE2A0-E46A-4A84-A211-64CF50520185}\HSPA_USB_Modem.exe_71C63DCD99CA46F398D474CE762A91C7.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe
O4 - GS\Desktop [Public]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe =>.VMware, Inc
O4 - GS\Desktop [Public]: Who Is On My Wifi.lnk . (...) -- C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [info]: Arcai.com's NetCut.lnk . (.Arcai.com - NetCut Arp Spoof Application.) -- C:\Program Files (x86)\netcut\netcut.exe
O4 - GS\QuickLaunch [info]: CodeBlocks.lnk . (...) -- C:\Program Files (x86)\CodeBlocks\codeblocks.exe
O4 - GS\QuickLaunch [info]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [info]: QQPlayer.lnk . (. Tencent Inc - QQ Player.) -- C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
O4 - GS\QuickLaunch [info]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe =>.VMware, Inc
O4 - GS\QuickLaunch [info]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [info]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [info]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [info]: Wireless Network Watcher.lnk . (.NirSoft - Wireless Network Watcher.) -- C:\Program Files (x86)\NirSoft\Wireless Network Watcher\WNetWatcher.exe
O4 - GS\TaskBar [info]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [info]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [info]: CodeBlocks.lnk . (...) -- C:\Program Files (x86)\CodeBlocks\codeblocks.exe
O4 - GS\Desktop [info]: netcut.lnk . (.Arcai.com - NetCut Arp Spoof Application.) -- C:\Program Files (x86)\netcut\netcut.exe
O4 - GS\Desktop [info]: SoftPerfect Network Protocol Analyzer.lnk . (...) -- C:\Program Files (x86)\SoftPerfect Network Protocol Analyzer\snpa.exe (.not file.)
O4 - GS\Desktop [info]: Subtitle Edit.lnk . (.Nikse - Subtitle Edit.) -- C:\Program Files (x86)\Subtitle Edit\SubtitleEdit.exe
O4 - GS\Desktop [info]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 54 Legitimates Filtered in 00mn 03s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
O4 - GS\Startup [Public]: Who Is On My Wifi.lnk . (...) -- C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
O4 - HKLM\..\Run: [Connectify Hotspot] . (.Connectify - Connectify Hotspot.) -- C:\Program Files (x86)\Connectify\Connectify.exe
O4 - HKLM\..\Run: [Connectify Dispatch] . (.Connectify - Connectify Dispatch.) -- C:\Program Files (x86)\Connectify\DispatchUI.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc
O4 - HKLM\..\Wow6432Node\Run: [HSPALauncher] . (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files (x86)\HSPA USB Modem\HSPALauncher.exe
O4 - HKUS\S-1-5-21-3371760459-1540948005-1224357590-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-3371760459-1540948005-1224357590-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-3371760459-1540948005-1224357590-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9A8504D-B4DE-4145-ACFD-61E1358FD7D6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30CA782-0B00-4E21-9ED1-6DA8E8302388}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9A8504D-B4DE-4145-ACFD-61E1358FD7D6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F30CA782-0B00-4E21-9ED1-6DA8E8302388}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Service KMSELDI (Service KMSELDI) . (.No owner - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
O23 - Service: VMware NAT Service (VMware NAT Service) . (.VMware, Inc. - VMware NAT Service.) - C:\Windows\SysWOW64\vmnat.exe
~ Services: 12 Legitimates Filtered in 00mn 06s



---\\ Drivers launched at startup (O41)
O41 - Driver: oem9.inf (cnnctfy3) . (.Connectify - NDISRD helper driver.) - C:\Windows\system32\DRIVERS\cnnctfy3.sys
O41 - Driver: (PSSDK42) . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) - C:\Windows\system32\Drivers\pssdk42.sys
O41 - Driver: (PSSDKLBF) . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) - C:\Windows\system32\Drivers\pssdklbf.sys
~ Drivers: 46 Legitimates Filtered in 00mn 01s



---\\ Software installed (O42)
O42 - Logiciel: KMSpico 4.1 - (...) [HKLM][64Bits] -- KMSpico v4.1_is1 =>PUP.KMSpico
O42 - Logiciel: Who Is On My Wifi version 2.1.2 - (.IO3O LLC.) [HKLM][64Bits] -- {010D45A1-093D-4534-8147-4E10E80F81CC}_is1
~ Logic: 23 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Akei]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Softwis]
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKLM\Software\Wow6432Node\Tencent] =>Adware.TencentAddressBar
~ Key Software: 180 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/01/2014 - 18:56:10 - [89,261] ----D C:\Program Files (x86)\Tencent =>Adware.TencentAddressBar
O43 - CFD: 15/01/2014 - 22:46:13 - [0] ----D C:\ProgramData\Tencent =>Adware.TencentAddressBar
O43 - CFD: 15/01/2014 - 22:46:13 - [0,874] ----D C:\Users\info\AppData\Roaming\Tencent =>Adware.TencentAddressBar
O43 - CFD: 22/01/2014 - 13:23:03 - [0] ----D C:\Users\info\AppData\Local\DM
O43 - CFD: 14/01/2014 - 18:56:12 - [0,004] ----D C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>Adware.TencentAddressBar
~ Program Folder: 109 Legitimates Filtered in 00mn 23s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.568328141A9AC197309991DF06CE377C] - 26/01/2014 - 16:42:49 ---A- . (...) -- C:\Windows\DPINST.LOG [28750]
O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 28/01/2014 - 19:32:31 ---A- . (...) -- C:\Windows\win.ini [167]
O44 - LFC:[MD5.CD33CB6FECF65520466F95AB89CC4AF5] - 30/01/2014 - 00:11:00 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdk42.sys [53312]
O44 - LFC:[MD5.07A3500CF1C3325568D1B85683CE4517] - 30/01/2014 - 00:11:01 ---A- . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdklbf.sys [65600]
O44 - LFC:[MD5.72F2D357120F95C1E725C22915FE95E1] - 31/01/2014 - 18:03:31 ---A- . (...) -- C:\Windows\wordpad.INI [193]
O44 - LFC:[MD5.DDD11D768F92694D43F15CB90E553C09] - 31/01/2014 - 18:06:27 ---A- . (...) -- C:\Windows\System32\unrar64.dll [257624]
O44 - LFC:[MD5.93EBBE14F201D67DBC8C889199998C28] - 31/01/2014 - 22:02:51 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [5936]
~ Files: 74 Legitimates Filtered in 00mn 12s



---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{4875c1a9-869f-11e3-8273-1078d254cb24}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{88837575-8694-11e3-8272-1078d254cb24}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{888375a1-8694-11e3-8272-1078d254cb24}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.779F499D7791F65F6A5BA97C5D2627C8] - 29/08/2008 - 17:54:30 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmusbser.sys [118144]
O58 - SDL:[MD5.511D4BF6AFC100E79E94418665BE1348] - 21/01/2014 - 21:48:45 ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [35352]
O58 - SDL:[MD5.929DF302F15BFE24AC66EF45D858C413] - 28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [175480]
O58 - SDL:[MD5.CD33CB6FECF65520466F95AB89CC4AF5] - 30/01/2014 - 00:11:00 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdk42.sys [53312]
O58 - SDL:[MD5.07A3500CF1C3325568D1B85683CE4517] - 30/01/2014 - 00:11:01 ---A- . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdklbf.sys [65600]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.3C32FF010F869BC184DF71290477384E] - 22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
~ Drivers: 17 Legitimates Filtered in 00mn 06s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.7DD4DC5C7A9E9096733F36B205AEA636] [SPRF][03/09/2009] (.Windows (R) Codename Longhorn DDK provider - Windows Setup API.) -- C:\Users\info\AppData\Local\Temp\DeviceSetup64.exe [10752]
[MD5.F58BF3C0E22EC9AD8D20D3194728B8D0] [SPRF][22/01/2014] (...) -- C:\Users\info\AppData\Local\Temp\ICReinstall_Word-2013-15-0-4517-1509_softpom.exe [709232]
[MD5.41948B9B4DAFB65506DD3955B4CE1B1D] [SPRF][26/11/2013] (.No owner - Microsoft Toolkit.) -- C:\Users\info\Desktop\Microsoft Toolkit.exe [36787712]
~ Files: 6 Legitimates Filtered in 00mn 03s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{2C7FDE94-1C1D-4926-8EB6-49CD54A56194}C:\windows.old\program files\internet download manager\idman.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows.old\program files\internet download manager\idman.exe (.not file.)
O87 - FAEL: "UDP Query User{8E4F1715-EF2F-4237-AA36-848C460E02D9}C:\windows.old\program files\internet download manager\idman.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows.old\program files\internet download manager\idman.exe (.not file.)
O87 - FAEL: "{123C50EE-AD77-4F4D-813C-38B9751B513B}" |In - Public - P17 - TRUE | .(...) -- C:\windows.old\program files\internet download manager\idman.exe (.not file.)
O87 - FAEL: "{3EB482C2-95CC-412D-B1D6-9EC264C77173}" |In - Public - P6 - TRUE | .(...) -- C:\windows.old\program files\internet download manager\idman.exe (.not file.)
O87 - FAEL: "TCP Query User{C9D73504-B90B-44D6-B278-BB327922A805}C:\program files (x86)\tencent\qqplayer\qqplayer.exe" | In - Public - P6 - TRUE | .(. Tencent Inc - QQ Player.) -- C:\program files (x86)\tencent\qqplayer\qqplayer.exe =>Adware.TencentAddressBar
O87 - FAEL: "UDP Query User{C36AB47F-4A21-43BC-9486-DB886B70AE64}C:\program files (x86)\tencent\qqplayer\qqplayer.exe" | In - Public - P17 - TRUE | .(. Tencent Inc - QQ Player.) -- C:\program files (x86)\tencent\qqplayer\qqplayer.exe =>Adware.TencentAddressBar
~ Firewall: 299 Legitimates Filtered in 00mn 02s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 06/07/2012 1863680 | (RaMediaServer) . (.Ralink.) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
SS - | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 18/10/2013 14405200 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc

SR - | Auto 28/07/2011 262144 | (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\AIPS.exe
SR - | Auto 23/12/2013 487936 | (Connectify) . (.Connectify.) - C:\Program Files (x86)\Connectify\ConnectifyService.exe
SR - | Auto 08/01/2014 2768720 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 26/06/2013 391472 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
SR - | Auto 26/06/2013 452912 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
SR - | Auto 02/03/2013 37888 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
SR - | Auto 18/10/2013 86096 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 10/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 09/10/2013 905272 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 10/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by info at 02/02/2014 21:38:14
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by info at 02/02/2014 21:38:16

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 3

[HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUP.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico v4.1_is1] =>PUP.KMSpico^
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\Tencent =>Adware.TencentAddressBar^
C:\ProgramData\Tencent =>Adware.TencentAddressBar^
C:\Users\info\AppData\Roaming\Tencent =>Adware.TencentAddressBar^
C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>Adware.TencentAddressBar^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico
C:\Users\info\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
[HKLM\Software\Wow6432Node\Tencent] =>Adware.TencentAddressBar^
~ Additionnel Scan: 237961 Items scanned in 00mn 35s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/27668065-adware-tencentaddressbar =>Adware.TencentAddressBar
~ http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico =>PUP.KMSpico
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 3 link(s) detected in 00mn 35s



~ 907 Legitimates filtered by white list
End of the scan (463 lines in 03mn 06s)(0)

Publicité


Signaler le contenu de ce document

Publicité