Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/3/2014)
~ Launched by Win7_64 (16/3/2014 22:58:42)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 27.0.1
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ System optimization software
CCleaner v4.08 =>Piriform Ltd
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 Plugin
Java 7 Update 45
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 3981.6 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 55 GB (45%) free of 121 GB
---\\ Connection to the system mode
~ Computer Name: GFHISYJQMFN45DX
~ User Name: Win7_64
~ All Users Names: Win7_64, UpdatusUser, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Win7_64\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Win7_64\AppData\Roaming\
~ %Desktop% : C:\Users\Win7_64\Desktop\
~ %Favorites% : C:\Users\Win7_64\Favorites\
~ %LocalAppData% : C:\Users\Win7_64\AppData\Local\
~ %StartMenu% : C:\Users\Win7_64\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 55 Go of 121 Go)
D: Hard drive, Flash drive, Thumb drive (Free 238 Go of 291 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 287 Go of 287 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 10:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/7/2009 - 8:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.920A1C789B1DBFB2FE3EBCB19AEDC935] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/11/2013 - 9:07:35.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.87A00ED70FEC36D0DD968E5058C29AA1] - (.Microsoft Corporation - Windows Logon Application.) (.14/8/2010 - 16:37:49.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 10:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/11/2013 - 21:32:45.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/7/2009 - 8:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/7/2009 - 6:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 10:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/7/2009 - 6:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/7/2009 - 7:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/11/2013 - 21:25:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 10:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.15/11/2013 - 22:30:39.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/7/2009 - 7:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 10:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 10:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/7/2009 - 7:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 10:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 4/2295
~ Mes musiques (My Musics) : 1/138
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 18/2416
~ Mon Bureau (My Desktop) : 5/1410
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 07s
---\\ Process running
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1676]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1312]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.1336]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Administrator\Desktop\ZHPDiag\ZHPDiag.exe [8353792] [PID.1636]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles\nkailokn.default\prefs.js
M2 - MFEP: prefs.js [Win7_64 - nkailokn.default\{8B7392AD-5489-9CED-73C1-FB2B374867EC}] [] Ask New Tabs v5.0.0.11471 (..)
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: SearchHook Class [64Bits] - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.APN LLC. - Search Hook.) (21.5.0.2560) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll =>Toolbar.Ask
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CF0F43AB-9C23-4D7B-8040-201B82844854} Orphan key
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: Avery Toolbar - [HKLM]{41565233-5637-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR3V7\Passport_x64.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41565233-5637-006A-76A7-7A786E7484D7} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: AIMP3.lnk . (.AIMP DevTeam - AIMP3.) -- C:\Program Files (x86)\AIMP3\AIMP3.exe
O4 - GS\Desktop [Public]: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: Avira.lnk . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - GS\Desktop [Public]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\Desktop [Public]: dtac aircard.lnk . (...) -- C:\Program Files (x86)\dtac aircard\Modem.exe
O4 - GS\Desktop [Public]: LINE.lnk . (.LINE Corporation - LINE.) -- C:\Program Files (x86)\Naver\LINE\Line.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - GS\Program [Public]: EnglishTranslator.LNK . (...) -- C:\Program Files (x86)\EnglilshToThai\EnglishToThai.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: ThaiTranslator.LNK . (...) -- C:\Program Files (x86)\ThaiToEnglish\ThaiToEnglish.exe
O4 - GS\QuickLaunch [Win7_64]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Win7_64]: Camfrog Video Chat 6.0.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\QuickLaunch [Win7_64]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Win7_64]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Win7_64]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Win7_64\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Win7_64]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Win7_64]: Point Blank.lnk . (.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe
O4 - GS\Program [Win7_64]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Win7_64]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Win7_64]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Win7_64]: Camfrog Video Chat 6.0.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\Desktop [Win7_64]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Win7_64]: Computer - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Win7_64]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Win7_64]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Win7_64]: KMPlayer.lnk . (.Pandora.TV - The KMPlayer.) -- C:\Program Files (x86)\KMPlayer\kmplayer.exe
O4 - GS\Desktop [Win7_64]: New folder - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Win7_64]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [Win7_64]: Playpark Launcher.lnk . (...) -- C:\Program Files\Playpark\Playpark Launcher\PPLauncher.exe
O4 - GS\Desktop [Win7_64]: WebcamMax.lnk . (.CoolwareMax - WebcamMax.) -- C:\Program Files (x86)\WebcamMax\WebcamMax.exe
O4 - GS\Desktop [Win7_64]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Win7_64\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Win7_64]: ตัดเพลงมือถือ.lnk . (.Nero AG - Wave Editor.) -- C:\Program Files (x86)\Nero\Nero WaveEditor\waveedit.exe
O4 - GS\TaskBar [UpdatusUser]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [UpdatusUser]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [UpdatusUser]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [UpdatusUser]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
~ Global Startup: 125 Legitimates Filtered in 00mn 04s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Win7_64\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Win7_64\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: ส่&งไปยัง OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Ask Update Service (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Power Control [2011/07/12 02:47:10] ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp. - No Comment.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
~ Services: 23 Legitimates Filtered in 00mn 03s
---\\ Software installed (O42)
O42 - Logiciel: EnglishToThai - (...) [HKLM][64Bits] -- ST6UNST #1
O42 - Logiciel: Smileys We Love Toolbar for IE - (.SqueekyChocolate, LLC.) [HKLM][64Bits] -- {DD36B76E-AAC3-4BB7-9946-A5FBBE121C33} =>Adware.SmileyBar
O42 - Logiciel: Special Force - (.Drangonfly Game.) [HKLM][64Bits] -- {8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}
O42 - Logiciel: Thai Translator Tool - (...) [HKLM][64Bits] -- ST6UNST #2
O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion
O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 9 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\HAL7600] =>Hijacker.Windows7
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Better Surf Plus]
[HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf
[HKLM\Software\Wow6432Node\Drangonfly Game]
[HKLM\Software\Wow6432Node\Easy Sysprep]
[HKLM\Software\Wow6432Node\Playpark]
[HKLM\Software\Wow6432Node\dtac aircard]
~ Key Software: 318 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/2/2014 - 6:01:27 - [9.824] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 27/8/2013 - 9:04:33 - [13.323] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 13/11/2013 - 16:51:09 - [37.576] ----D C:\Program Files (x86)\dtac aircard
O43 - CFD: 12/7/2011 - 3:55:59 - [39.582] ----D C:\Program Files (x86)\EnglilshToThai
O43 - CFD: 12/7/2011 - 3:56:16 - [34.082] ----D C:\Program Files (x86)\ThaiToEnglish
O43 - CFD: 24/2/2014 - 6:01:27 - [1.554] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 17/8/2013 - 21:44:10 - [179.030] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/11/2013 - 2:46:20 - [27.641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 27/8/2013 - 9:04:30 - [20.358] ----D C:\Users\Win7_64\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/11/2013 - 14:01:26 - [1.886] ----D C:\Users\Win7_64\AppData\Roaming\DmC - Devil May Cry
O43 - CFD: 17/8/2013 - 19:14:28 - [0] ----D C:\Users\Win7_64\AppData\Roaming\xim
O43 - CFD: 27/2/2014 - 23:06:35 - [0.006] ----D C:\Users\Win7_64\AppData\Local\AskPartnerNetwork
O43 - CFD: 9/11/2013 - 18:01:53 - [1.996] ----D C:\Users\Win7_64\AppData\Local\TempKOF
O43 - CFD: 25/11/2013 - 20:30:34 - [0.003] ----D C:\Users\Win7_64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark
~ Program Folder: 222 Legitimates Filtered in 00mn 42s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C4D107552C86AA279E5164D0A1AE05F9] - 16/3/2014 - 17:28:44 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [5872]
O44 - LFC:[MD5.C4D107552C86AA279E5164D0A1AE05F9] - 16/3/2014 - 17:28:44 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [5872]
O44 - LFC:[MD5.68E7CF27840FE3D4F2259AAA877004E7] - 16/3/2014 - 22:40:27 ---A- . (...) -- C:\Windows\ntbtlog.txt [1444562]
~ Files: 10 Legitimates Filtered in 00mn 05s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent Sync [Key] . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\ES3_Clean [Key] . (.No owner - ES3 Clean Tool.) -- C:\Windows\System32\ES3_Clean.exe
~ SMSR Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.CBF4C9263F35A9E80E4AD5CBBAE6049C] - 11/4/2012 - 15:49:00 ---A- . (.Windows (R) Win 7 DDK provider - ASUS Virtual Bus.) -- C:\Windows\System32\Drivers\AsusVBus.sys [35968]
O58 - SDL:[MD5.C951F6F1D909E1AAD7160D9EE860A3F1] - 11/4/2012 - 15:48:58 ---A- . (.Windows (R) Win 7 DDK provider - ASUS HID mini driver for Virtual Touch Device.) -- C:\Windows\System32\Drivers\AsusVTouch.sys [16512]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/7/2009 - 8:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.88A0ABA307B3CA3804405155E92EFAF8] - 15/5/2012 - 0:44:20 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [200488]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 11/6/2009 - 3:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.2A63036283B36B3B68CDC6F85A7D53ED] - 23/4/2012 - 18:26:26 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [154272]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/7/2009 - 16:29:40 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/7/2009 - 8:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 16 Legitimates Filtered in 00mn 03s
---\\ Last modified or created user files (O61)
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\stock N&R STEAK&BEER.docx [22102]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการซื้อสินค้าจาก Makro.docx [33369]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการสั่งสินค้าเลอมาแตง ok.docx [15945]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการสินค้า.docx [16878]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการเช็คสต็อกสเต๊ก.docx [17467]
O61 - LFC: 14/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Spark\User Data\Default\History [151552]
O61 - LFC: 14/3/2014 - 23:00:10 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\Opera Software\Opera Stable\History [94208]
O61 - LFC: 14/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\Documents\cc_20140314_103659.reg [2834]
O61 - LFC: 14/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\Documents\cc_20140314_103733.reg [926]
O61 - LFC: 14/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\โปรโมชั่่น เบียร์.docx [13196]
O61 - LFC: 14/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$รโมชั่่น เบียร์.docx [162]
O61 - LFC: 15/3/2014 - 23:00:00 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\AskPartnerNetwork\Toolbar\AVR3V7\APNStorage.stg [6170]
O61 - LFC: 15/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll [113992]
O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Toolbar\broker_metrics.xml [13409]
O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe [892120]
O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Update\Install\{14B6527B-B2C7-4157-B581-9D96A32BCE57}\33.0.1750.154_33.0.1750.146_chrome_updater.exe [892120]
O61 - LFC: 15/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$mplete เมนูอาหารร้าน N &R.docx [162]
O61 - LFC: 15/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$ตรอาหารร้าน N.docx [162]
O61 - LFC: 16/3/2014 - 23:00:03 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [274329]
O61 - LFC: 16/3/2014 - 23:00:03 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 16/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Local State [114819]
O61 - LFC: 16/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\CdmAdapterVersion [13]
O61 - LFC: 16/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57]
O61 - LFC: 16/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [6018]
O61 - LFC: 16/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\ZHP\Log.txt [22466] =>.Nicolas Coolman
O61 - LFC: 16/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\ZHP\TestsZHPDiag.txt [2923] =>.Nicolas Coolman
O61 - LFC: 16/3/2014 - 23:00:13 ---A- . (...) -- C:\Users\Win7_64\Downloads\RogueKiller.exe [3901952]
~ 55 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 618 Legitimates Filtered in 00mn 13s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\nvraid.sys (nvraid) .(.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - LEGACY_NVRAID
~ Legacy: 88 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 2017C6C903B34DF0B3AF86C65FD46636 - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] B6E0351FFD99426CB45B05F2ABE9A90C - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - http://th.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {F312733C-2748-471C-91FF-6BF8A61D18B9} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9FFDB98DEE1E5E88593F8C0020E06448] [SPRF][12/6/2013] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][16/3/2014] (...) -- C:\Users\Win7_64\Desktop\adwcleaner.exe [1950720]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{D46DFB4B-97A3-4902-AEB2-00953D35624E}" | In - Domain - P17 - TRUE | .(.No owner - Windows host process (Rundll32).) -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
O87 - FAEL: "{86064267-95EA-4EEF-92E1-1C3462961D6B}" | In - Public - P6 - TRUE | .(.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe
O87 - FAEL: "{C2281CEF-99C3-4361-B049-1BE961C8B99B}" | In - Public - P17 - TRUE | .(.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe
O87 - FAEL: "{6690D428-EC30-473A-9FEF-D931D776C72B}" | In - Public - P6 - TRUE | .(.No owner - Garena Installer.) -- C:\GarenaDownload\Games\hon\HoNInstaller_TH.exe
O87 - FAEL: "{659FC87D-1CA5-470A-B34B-51E1BC59F0DF}" | In - Public - P17 - TRUE | .(.No owner - Garena Installer.) -- C:\GarenaDownload\Games\hon\HoNInstaller_TH.exe
O87 - FAEL: "TCP Query User{8DC51F70-5FF9-4E15-901C-9A9DA4E0297C}C:\program files (x86)\garena plus\garenamessenger.exe" | In - Public - P6 - TRUE | .(.No owner - Garena Plus.) -- C:\program files (x86)\garena plus\garenamessenger.exe
O87 - FAEL: "UDP Query User{A83F00F3-1265-4AF7-8D1E-BF474CEF38D9}C:\program files (x86)\garena plus\garenamessenger.exe" | In - Public - P17 - TRUE | .(.No owner - Garena Plus.) -- C:\program files (x86)\garena plus\garenamessenger.exe
O87 - FAEL: "TCP Query User{35877080-2B1A-4425-9CBE-82426B03B94C}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" | In - Public - P6 - TRUE | .(.No owner - Garena Talk.) -- C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
O87 - FAEL: "UDP Query User{74598BC0-990D-479F-8B4F-363C9E547882}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" | In - Public - P17 - TRUE | .(.No owner - Garena Talk.) -- C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
O87 - FAEL: "{B505DD8A-7D9D-47A4-A5B1-EA6CA2857D0A}" | In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
O87 - FAEL: "TCP Query User{22992118-D174-4121-9CA9-2391A74C3924}C:\program files (x86)\garena plus\updatemanager.exe" | In - Public - P6 - TRUE | .(.No owner - UpdateManager Module.) -- C:\program files (x86)\garena plus\updatemanager.exe
O87 - FAEL: "UDP Query User{321A0CA8-8AD7-4C21-A458-DAEB89FBF537}C:\program files (x86)\garena plus\updatemanager.exe" | In - Public - P17 - TRUE | .(.No owner - UpdateManager Module.) -- C:\program files (x86)\garena plus\updatemanager.exe
~ Firewall: 246 Legitimates Filtered in 00mn 01s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "6BE001F7F915FAC43A48E3117E7ABF49" . (.GOODGAMES ONLINE.) -- C:\Windows\Installer\{7F100EB6-519F-4CAF-A384-3E11E7A7FB94}\ARPPRODUCTICON.exe
O90 - PUC: "E67B63DD3CAA7BB499645ABFEB21C133" . (.Smileys We Love Toolbar for IE.) -- C:\Windows\Installer\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}\_853F67D554F05449430E7E.exe =>Adware.SmileyBar
~ Update Products: 131 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.C9E14FE4C420BEDEF8A319576C43CEA2] [WIS][16/1/2014] (.APN, LLC - Avery Toolbar.) -- C:\Windows\Installer\1a9c26.msi [363520]
[MD5.3A0048E56C41EC328A4CD0FFCBAACDAD] [WIS][6/11/2013] (.True Digital Plus - GOODGAMES ONLINE.) -- C:\Windows\Installer\444176.msi [1469952]
~ WIS: 131 Legitimates Filtered in 00mn 12s
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Win7_64 at 16/3/2014 23:00:55
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Win7_64 at 16/3/2014 23:00:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/3/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 4
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent Sync] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{D8278076-BC68-4484-9233-6E7F1628B56C} =>Toolbar.Ask^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Win7_64\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\Win7_64\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\HAL7600] =>Hijacker.Windows7^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf^
~ Additionnel Scan: 332540 Items scanned in 00mn 19s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27530912-adware-smileybar =>Adware.SmileyBar
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows
~ http://nicolascoolman.webs.com/apps/blog/show/36340918-pup-bettersurf =>PUP.BetterSurf
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ MSI: 6 link(s) detected in 00mn 19s
~ 1889 Legitimates filtered by white list
End of the scan (563 lines in 02mn 35s)(0)
~ Launched by Win7_64 (16/3/2014 22:58:42)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 27.0.1
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ System optimization software
CCleaner v4.08 =>Piriform Ltd
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 Plugin
Java 7 Update 45
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 3981.6 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 55 GB (45%) free of 121 GB
---\\ Connection to the system mode
~ Computer Name: GFHISYJQMFN45DX
~ User Name: Win7_64
~ All Users Names: Win7_64, UpdatusUser, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Win7_64\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Win7_64\AppData\Roaming\
~ %Desktop% : C:\Users\Win7_64\Desktop\
~ %Favorites% : C:\Users\Win7_64\Favorites\
~ %LocalAppData% : C:\Users\Win7_64\AppData\Local\
~ %StartMenu% : C:\Users\Win7_64\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 55 Go of 121 Go)
D: Hard drive, Flash drive, Thumb drive (Free 238 Go of 291 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 287 Go of 287 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 10:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/7/2009 - 8:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.920A1C789B1DBFB2FE3EBCB19AEDC935] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/11/2013 - 9:07:35.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.87A00ED70FEC36D0DD968E5058C29AA1] - (.Microsoft Corporation - Windows Logon Application.) (.14/8/2010 - 16:37:49.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 10:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/11/2013 - 21:32:45.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/7/2009 - 8:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/7/2009 - 6:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 10:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/7/2009 - 6:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/7/2009 - 7:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/11/2013 - 21:25:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 10:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.15/11/2013 - 22:30:39.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/7/2009 - 7:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 10:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 10:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/7/2009 - 7:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 10:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 10:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 4/2295
~ Mes musiques (My Musics) : 1/138
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 18/2416
~ Mon Bureau (My Desktop) : 5/1410
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 07s
---\\ Process running
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1676]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1312]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.1336]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Administrator\Desktop\ZHPDiag\ZHPDiag.exe [8353792] [PID.1636]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles\nkailokn.default\prefs.js
M2 - MFEP: prefs.js [Win7_64 - nkailokn.default\{8B7392AD-5489-9CED-73C1-FB2B374867EC}] [] Ask New Tabs v5.0.0.11471 (..)
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: SearchHook Class [64Bits] - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.APN LLC. - Search Hook.) (21.5.0.2560) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll =>Toolbar.Ask
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CF0F43AB-9C23-4D7B-8040-201B82844854} Orphan key
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: Avery Toolbar - [HKLM]{41565233-5637-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR3V7\Passport_x64.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41565233-5637-006A-76A7-7A786E7484D7} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: AIMP3.lnk . (.AIMP DevTeam - AIMP3.) -- C:\Program Files (x86)\AIMP3\AIMP3.exe
O4 - GS\Desktop [Public]: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: Avira.lnk . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - GS\Desktop [Public]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\Desktop [Public]: dtac aircard.lnk . (...) -- C:\Program Files (x86)\dtac aircard\Modem.exe
O4 - GS\Desktop [Public]: LINE.lnk . (.LINE Corporation - LINE.) -- C:\Program Files (x86)\Naver\LINE\Line.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - GS\Program [Public]: EnglishTranslator.LNK . (...) -- C:\Program Files (x86)\EnglilshToThai\EnglishToThai.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: ThaiTranslator.LNK . (...) -- C:\Program Files (x86)\ThaiToEnglish\ThaiToEnglish.exe
O4 - GS\QuickLaunch [Win7_64]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Win7_64]: Camfrog Video Chat 6.0.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\QuickLaunch [Win7_64]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Win7_64]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Win7_64]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Win7_64\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Win7_64]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Win7_64]: Point Blank.lnk . (.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe
O4 - GS\Program [Win7_64]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Win7_64]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Win7_64]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Win7_64]: Camfrog Video Chat 6.0.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\Desktop [Win7_64]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Win7_64]: Computer - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Win7_64]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Win7_64]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Win7_64]: KMPlayer.lnk . (.Pandora.TV - The KMPlayer.) -- C:\Program Files (x86)\KMPlayer\kmplayer.exe
O4 - GS\Desktop [Win7_64]: New folder - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Win7_64]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [Win7_64]: Playpark Launcher.lnk . (...) -- C:\Program Files\Playpark\Playpark Launcher\PPLauncher.exe
O4 - GS\Desktop [Win7_64]: WebcamMax.lnk . (.CoolwareMax - WebcamMax.) -- C:\Program Files (x86)\WebcamMax\WebcamMax.exe
O4 - GS\Desktop [Win7_64]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Win7_64\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Win7_64]: ตัดเพลงมือถือ.lnk . (.Nero AG - Wave Editor.) -- C:\Program Files (x86)\Nero\Nero WaveEditor\waveedit.exe
O4 - GS\TaskBar [UpdatusUser]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [UpdatusUser]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [UpdatusUser]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [UpdatusUser]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
~ Global Startup: 125 Legitimates Filtered in 00mn 04s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Win7_64\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Win7_64\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: ส่&งไปยัง OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{D79CC7F4-42BA-414B-A06E-7630D0ED456A}: NameServer = 124.40.225.53 124.40.225.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5BC0465A-FA7B-47BC-B0E3-AA33DA736883}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{D0476CE4-59B7-4B5D-8002-AF53827F3068}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Ask Update Service (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Power Control [2011/07/12 02:47:10] ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp. - No Comment.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
~ Services: 23 Legitimates Filtered in 00mn 03s
---\\ Software installed (O42)
O42 - Logiciel: EnglishToThai - (...) [HKLM][64Bits] -- ST6UNST #1
O42 - Logiciel: Smileys We Love Toolbar for IE - (.SqueekyChocolate, LLC.) [HKLM][64Bits] -- {DD36B76E-AAC3-4BB7-9946-A5FBBE121C33} =>Adware.SmileyBar
O42 - Logiciel: Special Force - (.Drangonfly Game.) [HKLM][64Bits] -- {8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}
O42 - Logiciel: Thai Translator Tool - (...) [HKLM][64Bits] -- ST6UNST #2
O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion
O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 9 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\HAL7600] =>Hijacker.Windows7
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Better Surf Plus]
[HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf
[HKLM\Software\Wow6432Node\Drangonfly Game]
[HKLM\Software\Wow6432Node\Easy Sysprep]
[HKLM\Software\Wow6432Node\Playpark]
[HKLM\Software\Wow6432Node\dtac aircard]
~ Key Software: 318 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/2/2014 - 6:01:27 - [9.824] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 27/8/2013 - 9:04:33 - [13.323] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 13/11/2013 - 16:51:09 - [37.576] ----D C:\Program Files (x86)\dtac aircard
O43 - CFD: 12/7/2011 - 3:55:59 - [39.582] ----D C:\Program Files (x86)\EnglilshToThai
O43 - CFD: 12/7/2011 - 3:56:16 - [34.082] ----D C:\Program Files (x86)\ThaiToEnglish
O43 - CFD: 24/2/2014 - 6:01:27 - [1.554] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 17/8/2013 - 21:44:10 - [179.030] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/11/2013 - 2:46:20 - [27.641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 27/8/2013 - 9:04:30 - [20.358] ----D C:\Users\Win7_64\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/11/2013 - 14:01:26 - [1.886] ----D C:\Users\Win7_64\AppData\Roaming\DmC - Devil May Cry
O43 - CFD: 17/8/2013 - 19:14:28 - [0] ----D C:\Users\Win7_64\AppData\Roaming\xim
O43 - CFD: 27/2/2014 - 23:06:35 - [0.006] ----D C:\Users\Win7_64\AppData\Local\AskPartnerNetwork
O43 - CFD: 9/11/2013 - 18:01:53 - [1.996] ----D C:\Users\Win7_64\AppData\Local\TempKOF
O43 - CFD: 25/11/2013 - 20:30:34 - [0.003] ----D C:\Users\Win7_64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark
~ Program Folder: 222 Legitimates Filtered in 00mn 42s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C4D107552C86AA279E5164D0A1AE05F9] - 16/3/2014 - 17:28:44 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [5872]
O44 - LFC:[MD5.C4D107552C86AA279E5164D0A1AE05F9] - 16/3/2014 - 17:28:44 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [5872]
O44 - LFC:[MD5.68E7CF27840FE3D4F2259AAA877004E7] - 16/3/2014 - 22:40:27 ---A- . (...) -- C:\Windows\ntbtlog.txt [1444562]
~ Files: 10 Legitimates Filtered in 00mn 05s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent Sync [Key] . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\ES3_Clean [Key] . (.No owner - ES3 Clean Tool.) -- C:\Windows\System32\ES3_Clean.exe
~ SMSR Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.CBF4C9263F35A9E80E4AD5CBBAE6049C] - 11/4/2012 - 15:49:00 ---A- . (.Windows (R) Win 7 DDK provider - ASUS Virtual Bus.) -- C:\Windows\System32\Drivers\AsusVBus.sys [35968]
O58 - SDL:[MD5.C951F6F1D909E1AAD7160D9EE860A3F1] - 11/4/2012 - 15:48:58 ---A- . (.Windows (R) Win 7 DDK provider - ASUS HID mini driver for Virtual Touch Device.) -- C:\Windows\System32\Drivers\AsusVTouch.sys [16512]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/7/2009 - 8:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.88A0ABA307B3CA3804405155E92EFAF8] - 15/5/2012 - 0:44:20 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [200488]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 11/6/2009 - 3:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.2A63036283B36B3B68CDC6F85A7D53ED] - 23/4/2012 - 18:26:26 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [154272]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/7/2009 - 16:29:40 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/7/2009 - 8:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 16 Legitimates Filtered in 00mn 03s
---\\ Last modified or created user files (O61)
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\stock N&R STEAK&BEER.docx [22102]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการซื้อสินค้าจาก Makro.docx [33369]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการสั่งสินค้าเลอมาแตง ok.docx [15945]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการสินค้า.docx [16878]
O61 - LFC: 13/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\รายการเช็คสต็อกสเต๊ก.docx [17467]
O61 - LFC: 14/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Spark\User Data\Default\History [151552]
O61 - LFC: 14/3/2014 - 23:00:10 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\Opera Software\Opera Stable\History [94208]
O61 - LFC: 14/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\Documents\cc_20140314_103659.reg [2834]
O61 - LFC: 14/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\Documents\cc_20140314_103733.reg [926]
O61 - LFC: 14/3/2014 - 23:00:12 ---A- . (...) -- C:\Users\Win7_64\Documents\โปรโมชั่่น เบียร์.docx [13196]
O61 - LFC: 14/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$รโมชั่่น เบียร์.docx [162]
O61 - LFC: 15/3/2014 - 23:00:00 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\AskPartnerNetwork\Toolbar\AVR3V7\APNStorage.stg [6170]
O61 - LFC: 15/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll [113992]
O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Toolbar\broker_metrics.xml [13409]
O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe [892120]
O61 - LFC: 15/3/2014 - 23:00:07 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Update\Install\{14B6527B-B2C7-4157-B581-9D96A32BCE57}\33.0.1750.154_33.0.1750.146_chrome_updater.exe [892120]
O61 - LFC: 15/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$mplete เมนูอาหารร้าน N &R.docx [162]
O61 - LFC: 15/3/2014 - 23:00:12 --HA- . (...) -- C:\Users\Win7_64\Documents\~$ตรอาหารร้าน N.docx [162]
O61 - LFC: 16/3/2014 - 23:00:03 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [274329]
O61 - LFC: 16/3/2014 - 23:00:03 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 16/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Local State [114819]
O61 - LFC: 16/3/2014 - 23:00:06 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\CdmAdapterVersion [13]
O61 - LFC: 16/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57]
O61 - LFC: 16/3/2014 - 23:00:08 ---A- . (...) -- C:\Users\Win7_64\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [6018]
O61 - LFC: 16/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\ZHP\Log.txt [22466] =>.Nicolas Coolman
O61 - LFC: 16/3/2014 - 23:00:11 ---A- . (...) -- C:\Users\Win7_64\AppData\Roaming\ZHP\TestsZHPDiag.txt [2923] =>.Nicolas Coolman
O61 - LFC: 16/3/2014 - 23:00:13 ---A- . (...) -- C:\Users\Win7_64\Downloads\RogueKiller.exe [3901952]
~ 55 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 618 Legitimates Filtered in 00mn 13s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\nvraid.sys (nvraid) .(.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - LEGACY_NVRAID
~ Legacy: 88 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 2017C6C903B34DF0B3AF86C65FD46636 - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] B6E0351FFD99426CB45B05F2ABE9A90C - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - http://th.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {F312733C-2748-471C-91FF-6BF8A61D18B9} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9FFDB98DEE1E5E88593F8C0020E06448] [SPRF][12/6/2013] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][16/3/2014] (...) -- C:\Users\Win7_64\Desktop\adwcleaner.exe [1950720]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{D46DFB4B-97A3-4902-AEB2-00953D35624E}" | In - Domain - P17 - TRUE | .(.No owner - Windows host process (Rundll32).) -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
O87 - FAEL: "{86064267-95EA-4EEF-92E1-1C3462961D6B}" | In - Public - P6 - TRUE | .(.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe
O87 - FAEL: "{C2281CEF-99C3-4361-B049-1BE961C8B99B}" | In - Public - P17 - TRUE | .(.Zepetto - Point Blank.) -- C:\Program Files (x86)\GarenaPBTH\GameData\Apps\PBTH\PointBlank.exe
O87 - FAEL: "{6690D428-EC30-473A-9FEF-D931D776C72B}" | In - Public - P6 - TRUE | .(.No owner - Garena Installer.) -- C:\GarenaDownload\Games\hon\HoNInstaller_TH.exe
O87 - FAEL: "{659FC87D-1CA5-470A-B34B-51E1BC59F0DF}" | In - Public - P17 - TRUE | .(.No owner - Garena Installer.) -- C:\GarenaDownload\Games\hon\HoNInstaller_TH.exe
O87 - FAEL: "TCP Query User{8DC51F70-5FF9-4E15-901C-9A9DA4E0297C}C:\program files (x86)\garena plus\garenamessenger.exe" | In - Public - P6 - TRUE | .(.No owner - Garena Plus.) -- C:\program files (x86)\garena plus\garenamessenger.exe
O87 - FAEL: "UDP Query User{A83F00F3-1265-4AF7-8D1E-BF474CEF38D9}C:\program files (x86)\garena plus\garenamessenger.exe" | In - Public - P17 - TRUE | .(.No owner - Garena Plus.) -- C:\program files (x86)\garena plus\garenamessenger.exe
O87 - FAEL: "TCP Query User{35877080-2B1A-4425-9CBE-82426B03B94C}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" | In - Public - P6 - TRUE | .(.No owner - Garena Talk.) -- C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
O87 - FAEL: "UDP Query User{74598BC0-990D-479F-8B4F-363C9E547882}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" | In - Public - P17 - TRUE | .(.No owner - Garena Talk.) -- C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
O87 - FAEL: "{B505DD8A-7D9D-47A4-A5B1-EA6CA2857D0A}" | In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
O87 - FAEL: "TCP Query User{22992118-D174-4121-9CA9-2391A74C3924}C:\program files (x86)\garena plus\updatemanager.exe" | In - Public - P6 - TRUE | .(.No owner - UpdateManager Module.) -- C:\program files (x86)\garena plus\updatemanager.exe
O87 - FAEL: "UDP Query User{321A0CA8-8AD7-4C21-A458-DAEB89FBF537}C:\program files (x86)\garena plus\updatemanager.exe" | In - Public - P17 - TRUE | .(.No owner - UpdateManager Module.) -- C:\program files (x86)\garena plus\updatemanager.exe
~ Firewall: 246 Legitimates Filtered in 00mn 01s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "6BE001F7F915FAC43A48E3117E7ABF49" . (.GOODGAMES ONLINE.) -- C:\Windows\Installer\{7F100EB6-519F-4CAF-A384-3E11E7A7FB94}\ARPPRODUCTICON.exe
O90 - PUC: "E67B63DD3CAA7BB499645ABFEB21C133" . (.Smileys We Love Toolbar for IE.) -- C:\Windows\Installer\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}\_853F67D554F05449430E7E.exe =>Adware.SmileyBar
~ Update Products: 131 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.C9E14FE4C420BEDEF8A319576C43CEA2] [WIS][16/1/2014] (.APN, LLC - Avery Toolbar.) -- C:\Windows\Installer\1a9c26.msi [363520]
[MD5.3A0048E56C41EC328A4CD0FFCBAACDAD] [WIS][6/11/2013] (.True Digital Plus - GOODGAMES ONLINE.) -- C:\Windows\Installer\444176.msi [1469952]
~ WIS: 131 Legitimates Filtered in 00mn 12s
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Win7_64 at 16/3/2014 23:00:55
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Win7_64 at 16/3/2014 23:00:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/3/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 4
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent Sync] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{D8278076-BC68-4484-9233-6E7F1628B56C} =>Toolbar.Ask^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Win7_64\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\Win7_64\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\HAL7600] =>Hijacker.Windows7^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf^
~ Additionnel Scan: 332540 Items scanned in 00mn 19s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27530912-adware-smileybar =>Adware.SmileyBar
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows
~ http://nicolascoolman.webs.com/apps/blog/show/36340918-pup-bettersurf =>PUP.BetterSurf
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ MSI: 6 link(s) detected in 00mn 19s
~ 1889 Legitimates filtered by white list
End of the scan (563 lines in 02mn 35s)(0)