cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.2.17.15 - Nicolas Coolman (2/17/2014)
~ Launched by abderhman (2/18/2014 8:54:08 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control :


---\\ Internet browsers
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 27.0.1 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware النسخة 1.75.0.1300

---\\ System optimization software
CCleaner v3.11 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014.0 MB (61% free)
System Restore:
System drive C: has 48 GB (82%) free of 59 GB

---\\ Connection to the system mode
~ Computer Name: A6-9A70F9904C94
~ User Name: abderhman
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur, abderhman,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\abderhman\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\abderhman\Application Data\
~ %Desktop% : C:\Documents and Settings\abderhman\Bureau\
~ %Favorites% : C:\Documents and Settings\abderhman\Favoris\
~ %LocalAppData% : C:\Documents and Settings\abderhman\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\abderhman\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 48 Go of 59 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 90 Go)



---\\ State of the Windows Security Center
~ Security Center: 37 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.951A8D2E2A7082C8F32005CEAE1A14C3] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/7/2013 - 9:30:38 PM.) -- C:\WINDOWS\system32\wininet.dll [841216]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.8/17/2011 - 1:49:54 PM.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.4/13/2008 - 9:40:32 AM.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.4/13/2008 - 5:00:54 PM.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.7/15/2011 - 1:29:31 PM.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.4/13/2008 - 9:32:52 AM.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.4/13/2008 - 6:57:36 PM.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.4/14/2008 - 12:00:00 PM.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/43
~ Mes musiques (My Musics) : 1/17
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 1/314
~ Mon Bureau (My Desktop) : 0/67
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 03mn AMs



---\\ Process running
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768] [PID.648]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1080]
[MD5.E9DE65D713D4BA84D96878BE99401228] - (...) -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [230240] [PID.1152]
[MD5.D179DD8F0C475B0FC609EE01FB3F5F50] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192] [PID.1312]
[MD5.4D05656FE1165804D4B095A3EEF60416] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe [1926944] [PID.2324]
[MD5.836DC47E6CAD975304D1D3EB2F516A1C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [144784] [PID.2552]
[MD5.9F6B6D0BE4F77F8693E9FD15D81C8A01] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [141848] [PID.2588]
[MD5.4C53C44E7C20E65445037954DC3A6BA4] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.2596]
[MD5.D8F3B455D3FA4B40C9BF544F55647C19] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.2668]
[MD5.F56197D5CBDCC6A87C242DC8B8EEEE34] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.2708]
[MD5.A14FAB60B6D501E2896458394245BE21] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20064872] [PID.2828]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4241512] [PID.2844]
[MD5.91C9F6FB02169142EB4F514E87756EC1] - (.No owner - ADIMON MFC Application.) -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [1205840] [PID.2996]
[MD5.56457D6C54925A8698317D909ABBE0F1] - (.Microsoft - Windows.) -- C:\Documents and Settings\abderhman\Menu Démarrer\Programmes\Démarrage\alga.exe [193024] [PID.3036]
[MD5.8A811A510BD266D132E7B75D89C98EDA] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [643224] [PID.2924]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.1728]
~ Processes Running: Scanned in 02mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 30



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [abderhman]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 9 Legitimates Filtered in 00mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Program [AllUsers]: DSLMON.lnk . (...) -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] Orphan key
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] Orphan key
O4 - HKUS\S-1-5-21-448539723-1897051121-1547161642-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-448539723-1897051121-1547161642-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC01E09-1844-4CDF-82D0-A9C71ECF0D49}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{75AF9FF2-793B-4C60-A025-7249A7B0573B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EC01E09-1844-4CDF-82D0-A9C71ECF0D49}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{75AF9FF2-793B-4C60-A025-7249A7B0573B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4EC01E09-1844-4CDF-82D0-A9C71ECF0D49}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS2\Services\Tcpip\..\{75AF9FF2-793B-4C60-A025-7249A7B0573B}: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
~ Services: 6 Legitimates Filtered in 10mn AMs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\abderhman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\abderhman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Mixcraft6]
~ Key Software: 144 Legitimates Filtered in 01mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 6/29/2012 - 12:01:12 AM - [0.000] ----D C:\Program Files\Photo Frame Genius
O43 - CFD: 2/16/2014 - 5:34:06 PM - [0] ----D C:\Program Files\wEbsaVe
O43 - CFD: 2/16/2014 - 5:34:07 PM - [0.084] ----D C:\Documents and Settings\All Users\Application Data\19738e6d58128175
O43 - CFD: 2/16/2014 - 5:33:02 PM - [0] ----D C:\Documents and Settings\All Users\Application Data\GreatSoft
O43 - CFD: 2/16/2014 - 5:33:17 PM - [1.338] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 2/16/2014 - 11:44:22 PM - [0.003] ----D C:\Documents and Settings\All Users\Application Data\wEbsaVe
O43 - CFD: 1/16/2014 - 11:31:49 PM - [0] -SH-D C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
~ Program Folder: 130 Legitimates Filtered in 18mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.A0A5506D8A14429E455DC25BDDDACCBD] - 2/12/2014 - 9:15:16 PM ---A- . (.No owner - Outils.) -- C:\WINDOWS\system32\Outils.exe [6656]
O44 - LFC:[MD5.9450B18A8F86FAFFC765BD567B89F521] - 2/16/2014 - 3:03:02 PM ---A- . (...) -- C:\WINDOWS\system32\Outils.InstallState [2012]
O44 - LFC:[MD5.02470B8CB92C619455756E930E53AD86] - 2/16/2014 - 3:03:04 PM ---A- . (...) -- C:\WINDOWS\system32\service.InstallState [5012]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2/16/2014 - 7:08:18 PM ---A- . (...) -- C:\openports.txt [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2/18/2014 - 8:44:55 PM ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.DB7AEDEB618D1F64D314075645D1F774] - 2/18/2014 - 8:44:56 PM ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.40659527B698D1C11113A874232213FC] - 2/18/2014 - 8:44:57 PM ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 35 Legitimates Filtered in 07mn AMs



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{7c3f6e26-8317-11e1-a3db-806d6172696f}\AutoRun\command. (...) -- E:\SETUP.exe (.not file.)
O51 - MPSK:{c52495a8-6bab-11e2-a4a1-4d6564696130}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{c6f73ce9-e3c7-11e2-a5ff-001060327e28}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn AMs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.9A3A8614859FB77767B63A82A017CCC6] - 2/7/2007 - 2:50:14 PM ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\Drivers\adildr.sys [56088]
O58 - SDL:[MD5.BCA6AABA425CE46D89412190A5A27B94] - 2/7/2007 - 2:50:58 PM ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\Drivers\adildrx64.sys [58264]
O58 - SDL:[MD5.B944AD9F92D31285DBA3D190DEB43883] - 2/7/2007 - 2:50:32 PM ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\adiusbaw.sys [118552]
O58 - SDL:[MD5.5EB7BA94AD23F24761DEFE05F4855933] - 2/7/2007 - 2:51:18 PM ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\adiusbawx64.sys [169496]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 4/14/2008 - 12:00:00 PM ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.D32E68DA595ACD9FADCC110BEE196ACE] - 1/4/2007 - 11:47:48 AM ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\Drivers\e4ldr.sys [69656]
O58 - SDL:[MD5.3D905CA492629743AF2906941471D01F] - 1/4/2007 - 11:47:10 AM ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\Drivers\e4ldrx64.sys [71832]
O58 - SDL:[MD5.F7958C94559D5030F5023F14D46B9F2F] - 1/4/2007 - 11:48:04 AM ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\e4usbaw.sys [104344]
O58 - SDL:[MD5.B637E55545DC6A43EB4878D1A82022BE] - 1/4/2007 - 11:46:30 AM ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\e4usbawx64.sys [146968]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 4/14/2008 - 12:00:00 PM ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.3B827F411D642C7EC8E396C58B436DE4] - 10/2/2013 - 9:17:52 AM ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [120800]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 4/14/2008 - 12:00:00 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 4/14/2008 - 12:00:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 4/14/2008 - 12:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 04mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 3/7/2012 - C:\WINDOWS\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI
O64 - Services: CurCS - 7/3/2013 - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe (Mobile Broadband HL Service) .(...) - LEGACY_MOBILE_BROADBAND_HL_SERVICE
~ Legacy: 137 Legitimates Filtered in 01mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {B73EE3D6-9FB4-44F9-A082-D0B4ECF438F5} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (Yahoo! Search) - http://us.yhs.search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (Yahoo! Search) - http://us.yhs.search.yahoo.com
~ Keys: Scanned in 00mn AMs



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\abderhman\Mes documents\Downloads\MyEgY.CoM.PhotoFiltre_Studio_X_10.2.1.By.vibration\MyEgY.CoM.PhotoFiltre Studio X 10.2.1.By.vibration\PhotoFiltreStudioX10KEYGEN\keygen.exe
C:\Program Files\PhotoFiltre Studio X\keygen.exe
C:\Documents and Settings\abderhman\Mes documents\Downloads\MyEgY.CoM.PhotoFiltre_Studio_X_10.2.1.By.vibration\MyEgY.CoM.PhotoFiltre Studio X 10.2.1.By.vibration\PhotoFiltreStudioX10KEYGEN\keygen.exe
C:\Program Files\PhotoFiltre Studio X\keygen.exe
~ Files: Scanned in 46mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.B471F4B2C116B002907A6D93A5FCAE97] [SPRF][2/16/2014] (...) -- C:\Documents and Settings\All Users\Application Data\patch.dll [142]
[MD5.1770F4A6E852E648F4954C531ADCA2FE] [SPRF][10/17/2013] (.Tonec Inc. - Internet Download Manager installer.) -- C:\Documents and Settings\abderhman\Bureau\internet-download-manager_6-1-8-build-2_fr_57994.exe [5809856]
~ Files: 2 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.AC0D283E857F8CA4469DE3657175AFBA] [WIS][12/20/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\50a1a9.msi [813568] =>Toolbar.Avira
~ WIS: 43 Legitimates Filtered in 04mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2/4/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 4/14/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 2/18/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 1/8/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 3/7/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 7/3/2013 230240 | (Mobile Broadband HL Service) . (...) - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
SR - | Auto 1/31/2013 1724192 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

~ Services: Scanned in 05mn AMs



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by abderhman at 2/18/2014 8:56:13 PM

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x86567AB8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 02mn AMs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by abderhman at 2/18/2014 8:56:15 PM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 04mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13031 - (2/17/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
[HKLM\Software\Google\Chrome\Extensions\odiaflgoglmdpognebeehehkabaclnpb] =>Toolbar.Conduit
C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma
C:\Windows\Installer\50a1a9.msi =>Toolbar.Avira^
~ Additionnel Scan: 147216 Items scanned in 45mn AMs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 2 link(s) detected in 45mn AMs



~ 761 Legitimates filtered by white list
End of the scan (451 lines in 54mn AMs)(4)

Publicité


Signaler le contenu de ce document

Publicité