cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/14)
~ Launched by dell (03/02/14 08:14:31 م)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16750 (Defaut)
GCIE: Google Chrome v32.0.1700.102

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2011
Windows Defender W7

---\\ System optimization software
CCleaner v4.08 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Java 7 Update 17

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990.2 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 385 GB (86%) free of 446 GB

---\\ Connection to the system mode
~ Computer Name: DELL-PC
~ User Name: dell
~ All Users Names: HomeGroupUser$, Guest, dell, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\dell\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\dell\AppData\Roaming\
~ %Desktop% : C:\Users\dell\Desktop\
~ %Favorites% : C:\Users\dell\Favorites\
~ %LocalAppData% : C:\Users\dell\AppData\Local\
~ %StartMenu% : C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 385 Go of 446 Go)
D: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in :0mn صs



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - مستكشف Windows.) (.07/12/11 - 01:33:31 م.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) (.14/07/09 - 04:39:52 ص.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - ملحقات الإنترنت لـ Win32.) (.18/12/13 - 07:09:31 ص.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) (.21/11/10 - 06:24:29 ص.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - مكتبة تراخيص البرامج.) (.21/11/10 - 06:24:16 ص.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/13 - 04:09:10 ص.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/09 - 04:52:21 ص.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/09 - 02:19:47 ص.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/10 - 06:23:47 ص.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/10 - 06:24:32 ص.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/10 - 06:23:47 ص.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - برنامج تشغيل منفذ i8042.) (.14/07/09 - 02:19:57 ص.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/09 - 03:10:03 ص.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/11 - 01:33:33 م.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/10 - 06:23:51 ص.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/13 - 05:45:08 م.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - برنامج تشغيل المنفذ المتوازي.) (.14/07/09 - 03:00:41 ص.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/10 - 06:24:33 ص.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/09 - 03:09:09 ص.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/10 - 06:24:32 ص.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - برنامج تشغيل خدمة ملفات الظل الاحتياطية لوحدة التخزين.) (.21/11/10 - 06:23:47 ص.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/273
~ Mes musiques (My Musics) : 1/10
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/40
~ Mes Documents (My Documents) : 1/62
~ Mon Bureau (My Desktop) : 1/5985
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in :0mn صs



---\\ Process running
[MD5.E70DCE3B68FDF6D8CF85DF853A63D223] - (.SoftThinks - Dell - Dell DataSafe Local Backup.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.exe [4109312] [PID.3132]
[MD5.0243BBD8B67F716EE467E86B917DDD09] - (.No owner - ST Service Scheduling.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.exe [2751808] [PID.3468]
[MD5.CC15BC65084C07E41CBE446C4D0B9D35] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [846160] [PID.5008]
[MD5.72860972F8196EBB3C896F53D2B95470] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528] [PID.5068]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.5096]
[MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696] [PID.3808]
[MD5.7D04F8CF659D852BC8D7275BD92DC000] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507624] [PID.1220]
[MD5.9ED469260687108F5F8FD544D56ABC54] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770736] [PID.1864]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4700]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1268]
[MD5.0F46D2845BD7DDACA52340ECC2B65DA3] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [936272] [PID.1496]
[MD5.29DDEA72C5BDF61D62F4D438DC0E497C] - (.SoftThinks SAS - SoftThinks Agent Service.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe [1692480] [PID.2728]
[MD5.8EA86BC14E5AE25E4DA5C742587FB1A4] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.2872]
[MD5.5D5C3EC9BE1107DEDF0FEB55B7F3BD77] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1001808] [PID.2656]
[MD5.3341DE556EC28252D603277609EEF8BF] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1354064] [PID.3280]
[MD5.1B25FE6480DD129E2B94A069BC803912] - (.Dell Products, LP. - Dell Digital Delivery Windows Service.) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [196616] [PID.4512]
[MD5.7F32D4C47A50E7223491E8FB9359907D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.888]
[MD5.2C16648A12999AE69A9EBF41974B0BA2] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.2588]
~ Processes Running: Scanned in :0mn صs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 5 Legitimates Filtered in :0mn صs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 18 Legitimates Filtered in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in :0mn صs
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in :0mn صs



---\\ Other User Links (O4)
O4 - GS\Program [Public]: Cozi Family Calendar.lnk . (...) -- c:\Windows\Installer\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}\CoziIcon.exe
O4 - GS\Program [Public]: Dell Help Documentation.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: المصحف الرقمي.lnk . (.xxx - No Comment.) -- C:\Program Files\Quranzu1\المصحف الرقمي.exe
O4 - GS\QuickLaunch [dell]: Easy Video Splitter.lnk . (...) -- C:\Program Files (x86)\Easy Video Splitter\splitter.exe
O4 - GS\QuickLaunch [dell]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [dell]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\QuickLaunch [dell]: YouTubeGet.lnk . (.YoutubeGet.com - download youtube videos from YouTube.com an.) -- C:\YouTubeGet\YouTubeGet.exe
O4 - GS\TaskBar [dell]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [dell]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Program [dell]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [dell]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 62 Legitimates Filtered in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - إدارة صوت Realtek HD.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelPAN] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [DellStage] . (.No owner - Dell Stage.) -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [AccuWeatherWidget] . (.No owner - AccuWeather.com desktop weather widget.) -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - ‎‎MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - ‎‎MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in :0mn صs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F792A0-E2AA-44A7-8407-F262DA04F4A9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0F792A0-E2AA-44A7-8407-F262DA04F4A9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B0F792A0-E2AA-44A7-8407-F262DA04F4A9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN64C~1.dll (.not file.)
~ AppInit DLL: Scanned in :0mn صs



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [{4AAAF084-1843-417D-BBF7-3355A006534E}] (...) -- C:\Users\dell\Desktop\ ©ëںê¤ ¢çلïم ںé­ي¢ïں¢.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8AB43E87-6EB5-43F2-92D0-2DA7E114D667}] (...) -- E:\êëî ç­\ê¤é§ ¤§ï§ ??\ ©ںê¤\VirtualDub-1.6.14 ç­ ںéهï§ïي\auxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FAB28876-D2B4-4790-936E-96F13282007F}] (...) -- C:\Users\dell\Desktop\ê¤é§ ¤§ï§ ??\êëî ç­\ ©ںê¤\QQPlayer_Setup_French.exe (.not file.) [0]
~ Scheduled Task: 22 Legitimates Filtered in :0mn صs



---\\ Software installed (O42)
O42 - Logiciel: DVD X Player 4.1 Professional - (...) [HKLM][64Bits] -- DVD X Player 4.1 Professional_is1
O42 - Logiciel: mpegable Player - (...) [HKLM][64Bits] -- mpegable Player
O42 - Logiciel: مدرب الطباعة - النسخة العربية - (...) [HKLM][64Bits] -- مدرب الطباعة - النسخة العربية
~ Logic: 25 Legitimates Filtered in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\82dd8fb13db843]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\82dd8fb13db843]
[HKLM\Software\Wow6432Node\Andreas Kapust]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
~ Key Software: 317 Legitimates Filtered in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 01/02/14 - 08:05:45 م - [41.003] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/01/14 - 11:24:59 م - [0] ----D C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 20/02/13 - 12:38:12 ص - [0] ----D C:\Program Files (x86)\FastestTube
O43 - CFD: 01/10/12 - 09:51:42 م - [2.280] ----D C:\Program Files (x86)\mpegable
O43 - CFD: 01/10/12 - 10:07:32 م - [22.237] ----D C:\Program Files (x86)\tringkeyboard
O43 - CFD: 01/02/14 - 08:09:59 م - [0.036] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 03/11/13 - 05:20:18 م - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 20/01/13 - 12:09:03 ص - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 31/01/13 - 06:33:00 م - [2.473] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 15/03/13 - 07:34:28 م - [23.563] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 01/02/14 - 08:05:45 م - [2.821] ----D C:\Users\dell\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 21/01/13 - 03:05:26 ص - [0.006] ----D C:\Users\dell\AppData\Roaming\NCdownloader
O43 - CFD: 01/02/14 - 08:05:20 م - [2.351] ----D C:\Users\dell\AppData\Roaming\OpenCandy =>Adware.OpenCandy
~ Program Folder: 216 Legitimates Filtered in :2mn صs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.5482975353644DCA9ED6D084F85D6E40] - 02/02/14 - 05:27:49 م ---A- . (...) -- C:\Windows\Internet Download Manager Original Uninstaller.exe [166300]
O44 - LFC:[MD5.AA42BAF1DD22AF2D1DEE5E1FB2908C68] - 03/02/14 - 12:34:14 ص ---A- . (...) -- C:\Windows\NeroDigital.ini [49]
~ Files: 21 Legitimates Filtered in :1mn صs



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(...) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(...) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe (.not file.)
~ Keys Export: 2 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.3BC90482A834F998C3B7A9C934A20342] - 15/09/11 - 06:48:24 م ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [299008]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 18/12/13 - 12:24:38 م ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 18/12/13 - 12:24:38 م ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.58D904A2FA970BC23B636C47CB60E649] - 01/10/12 - 09:52:26 م ---A- . (...) -- C:\Windows\SysWOW64\SystemInfo32.sys [14]
~ Drivers: 17 Legitimates Filtered in :0mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in :0mn صs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in :0mn صs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.BC790A6A741B8E8B9D06E6E4B1708FA9] [SPRF][01/02/14] (.Baidu, Inc. - PC Faster Setup.) -- C:\Users\dell\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe [10485488] =>Adware.BDSearch
[MD5.9BD9FAB01E0E1D4E2BFF503BFDCD0DE1] [SPRF][02/02/14] (...) -- C:\Users\dell\AppData\Local\Temp\NitroSysFonts01.dat [554599]
[MD5.9085DE089A6E26794C3E482E4E79F75E] [SPRF][03/02/14] (...) -- C:\Users\dell\Desktop\RogueKiller.exe [3796480]
~ Files: 9 Legitimates Filtered in :0mn صs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "B6A3B1C0764BD474794E8DAB3C8E93DC" . (.YTD Toolbar v7.0.) -- C:\Windows\Installer\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}\ARPPRODUCTICON.exe
~ Update Products: 116 Legitimates Filtered in :0mn صs



---\\ Random Export Key (REK) (O91)
[HKCU\Software\82dd8fb13db843]:version="2.6.1095.52"
[HKLM\Software\Wow6432Node\82dd8fb13db843]:version="2.6.1095.52"
~ Export Key Software: Scanned in :0mn صs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.ADED9B047BFD6E744C7F212183AF77EE] [WIS][15/10/10] (.Nextjump Inc - Dell Marketplace by Nextjump.) -- C:\Windows\Installer\1ce29.msi [15872]
[MD5.12F73DDA1EFB211A2C4A0F14846F7CCF] [WIS][08/05/11] (.Cozi Group, Inc. - Cozi.) -- C:\Windows\Installer\43e3c.msi [1625600]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/09] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\7ab541.msi [459264]
[MD5.2EB2AE9876675E4B7C34E513028BA43A] [WIS][29/04/11] (.Fingertapps - Dell MusicStage.) -- C:\Windows\Installer\cb52.msi [67428864]
[MD5.35C918348CBB0877BCD5A3CF24C13761] [WIS][25/11/12] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\d8222a.msi [573440] =>Toolbar.DeltaSearch
~ WIS: 117 Legitimates Filtered in :1mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/12/13 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/12/13 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18/12/13 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/02/13 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/09/11 340240 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 10/07/13 25584 | (PCDSRVC{D3412D80-CF3B4A27-06020200}_0) . (.PC-Doctor, Inc..) - c:\program files\my dell\pcdsrvc_x64.pkms
SS - | Demand 25/11/10 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 25/11/10 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SS - | Auto 13/07/12 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 09/11/10 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

SR - | Auto 18/11/09 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 15/09/11 1166848 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 18/12/13 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/10/11 936272 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 18/10/11 1354064 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 18/10/11 1001808 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 03/06/11 134928 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 12/11/13 196616 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SR - | Auto 16/09/11 1518352 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Demand 14/07/09 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/09 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/10 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/07/09 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/08/10 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 14/07/09 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/09/11 844560 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 22/09/11 1692480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 29/01/14 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 21/12/10 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/09 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 11/07/58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/09 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in :2mn صs



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by dell at 03/02/14 08:16:20 م
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in :0mn صs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by dell at 03/02/14 08:16:22 م

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in :0mn صs



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/14)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\BrowserProtect =>Hijacker.Eazel^
C:\Users\dell\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\dell\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\ProgramData\Browser Manager =>PUP.Babylon
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Users\dell\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe =>Adware.BDSearch^
C:\Windows\Installer\d8222a.msi =>Toolbar.DeltaSearch^
~ Additionnel Scan: 310294 Items scanned in :2mn صs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 7 link(s) detected in :2mn صs



~ 1180 Legitimates filtered by white list
End of the scan (483 lines in :1mn صs)(0)

Publicité


Signaler le contenu de ce document

Publicité