cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.11.18 - Nicolas Coolman (11/04/2014)
~ Launched by Acer (11/04/2014 22:21:26)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16844 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 17

---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (11% free)
System Restore: Activé (Enable)
System drive C: has 155 GB (66%) free of 233 GB

---\\ Connection to the system mode
~ Computer Name: ACER-PC
~ User Name: Acer
~ All Users Names: HomeGroupUser$, Administrateur, Acer,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Acer\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Acer\AppData\Roaming\
~ %Desktop% : C:\Users\Acer\Desktop\
~ %Favorites% : C:\Users\Acer\Favorites\
~ %LocalAppData% : C:\Users\Acer\AppData\Local\
~ %StartMenu% : C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 155 Go of 233 Go)



---\\ State of the Windows Security Center
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.9284BA6C27D360D71A5C0ECC8456E78E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/02/2014 - 07:54:46.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 06s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/1221
~ Mes Videos (My Videos) : 1/194
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 10/138
~ Mon Bureau (My Desktop) : 3/6322
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 26s



---\\ Process running
[MD5.75102FC486595CF486DFD7239BE30DD5] - (.No owner - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208] [PID.2840]
[MD5.38218E47372B77DDB3C9DDD4390CB960] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [975952] [PID.2864]
[MD5.D0D2289B1F2B4697A33179E5E1DFF5B4] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2876]
[MD5.BE2A9AB3C18AF1A712AAF8E86A5F959D] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2888]
[MD5.62660ADA5E4C8418E71E7AB1992B3AE4] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2900]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2912]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.2972]
[MD5.24F82C8466B6F733360CDB27CB3CB02F] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3020]
[MD5.4B96654025B28EEB1E5D8F001E5D1B8A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160] [PID.3104] =>Toolbar.Ask
[MD5.1DB860CA1C72B0B953B9555BB390E554] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files\Launch Manager\LMworker.exe [305744] [PID.3280]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3496]
[MD5.70F963D1EC8FD27D8F21363C90A8EE38] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8210432] [PID.3052]
~ Processes Running: Scanned in 00mn 03s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.com
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 11



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Berlitz English - Débutant.lnk . (.Edusoft - EDMillenium(FD).) -- C:\Program Files\Common Files\Avanquest\Berlitz English\EDMillenium(FD).exe
O4 - GS\Desktop [Public]: Nedjma Easynet.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{06ADE2A0-E46A-4A84-A211-64CF50520185}\HSPA_USB_Modem.exe_AB26A67632F0422B9C9996628159AE5C.exe
O4 - GS\QuickLaunch [Acer]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Acer]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Acer]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Acer]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Acer]: Windows Update.lnk . (.Microsoft Corporation - Windows Update Application Launcher.) -- C:\Windows\system32\wuapp.exe
~ Global Startup: 57 Legitimates Filtered in 00mn 22s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [PLFSetI] . (.No owner - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2297358298-4100391867-825766025-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DDCD82-4679-4293-A97B-B4CC4A75D55A}: NameServer = 180.131.144.14,180.131.145.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DDCD82-4679-4293-A97B-B4CC4A75D55A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{64DDCD82-4679-4293-A97B-B4CC4A75D55A}: NameServer = 180.131.144.14,180.131.145.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{64DDCD82-4679-4293-A97B-B4CC4A75D55A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{64DDCD82-4679-4293-A97B-B4CC4A75D55A}: NameServer = 180.131.144.14,180.131.145.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{64DDCD82-4679-4293-A97B-B4CC4A75D55A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
~ Services: 8 Legitimates Filtered in 00mn 33s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\BearShare] =>PUP.BearShare
[HKLM\Software\AskPartnerNetwork]
~ Key Software: 158 Legitimates Filtered in 00mn 03s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 05/04/2014 - 06:28:21 - [11,924] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 05/04/2014 - 06:25:27 - [0] ----D C:\ProgramData\APN
O43 - CFD: 05/04/2014 - 06:28:21 - [3,617] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 24/03/2012 - 14:03:34 - [0,022] ----D C:\Users\Acer\AppData\Roaming\ocoll2e
O43 - CFD: 05/04/2014 - 06:29:23 - [0,355] ----D C:\Users\Acer\AppData\Local\AskPartnerNetwork
O43 - CFD: 04/07/2011 - 01:38:26 - [38,025] ----D C:\Users\Acer\AppData\Local\BearShare =>PUP.BearShare
O43 - CFD: 24/03/2012 - 14:02:23 - [0] ----D C:\Users\Acer\AppData\Local\ocoll2e
~ Program Folder: 136 Legitimates Filtered in 01mn 52s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.F91E5A3916A37724891B502AA5536178] - 01/04/2014 - 19:25:06 ---A- . (...) -- C:\{B0FAE263-D680-4153-AE5E-DBA76A3B73BB} [3752]
O44 - LFC:[MD5.CEC5AE90B21E9F9F8D18CF75ADD689A8] - 01/04/2014 - 23:55:55 ---A- . (...) -- C:\{808B4BBF-BC49-4D53-9C81-8BBB08C71D31} [3752]
O44 - LFC:[MD5.6BC8030B381C24840BB01E138E2F8112] - 02/04/2014 - 01:53:48 ---A- . (...) -- C:\{F94B31A7-E5D9-4956-B789-A3DD78AB6E3E} [3200]
O44 - LFC:[MD5.D04DE444A36732615647ECFCA217E760] - 02/04/2014 - 01:56:53 ---A- . (...) -- C:\{ECC86CAA-730E-4079-B5D6-27438AF80DB3} [3360]
O44 - LFC:[MD5.ECD7B14533B0001FA51F12ECC8CD3F37] - 02/04/2014 - 02:20:08 ---A- . (...) -- C:\{71146B12-7310-4F09-BEC2-9D7D54E067BF} [3200]
O44 - LFC:[MD5.19D0A68364BC9BF0643F0C5C23E31E7F] - 02/04/2014 - 02:42:48 ---A- . (...) -- C:\{7B22BD41-9B67-4FB6-8CD9-E5D87E9D9825} [3360]
O44 - LFC:[MD5.EC7AAAEE20BA5B9DAC41D023E9E5F564] - 02/04/2014 - 03:23:53 ---A- . (...) -- C:\{F45376E1-476F-499A-87BE-4596F7042224} [3200]
O44 - LFC:[MD5.CB2E0374BCDF9D5DDC9A2FDC163314DE] - 02/04/2014 - 04:40:20 ---A- . (...) -- C:\{2862FE60-71A9-4D09-9B77-8035191BCC7A} [3176]
O44 - LFC:[MD5.907B1943570BF2EA88E483F46500B53A] - 02/04/2014 - 04:42:29 ---A- . (...) -- C:\{E4ED73CB-F1C9-448A-BB96-52F85D2459BF} [3344]
O44 - LFC:[MD5.9452BBA83089AB8FE4EA83AC080F01F6] - 03/04/2014 - 05:32:47 ---A- . (...) -- C:\{63DB001E-79EA-4029-8AE6-E3A5409DB564} [3648]
O44 - LFC:[MD5.BD72227302308F115E428F241C4B397D] - 03/04/2014 - 17:10:20 ---A- . (...) -- C:\{F7051570-A3F9-4567-9AF8-7683E560AB90} [3192]
O44 - LFC:[MD5.31BADCDB4B4EA3C542E7BF99734800DD] - 03/04/2014 - 17:25:16 ---A- . (...) -- C:\{4C71817A-A58E-4AB1-A81B-C782BBBE9D3F} [3192]
O44 - LFC:[MD5.B77E586412E601E9F5F72E9BE45716FA] - 03/04/2014 - 19:04:56 ---A- . (...) -- C:\{43E01F65-75DA-48C6-A3CA-4199F93FA48D} [3176]
O44 - LFC:[MD5.5AA61DBDB7746EE8895507032C5F3C54] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfc0404.dat [115298]
O44 - LFC:[MD5.103E1ECB089F30A0856DA9D8E0351570] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.13E41268E23C6A12B9B4F518BCEC0B61] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfc0804.dat [119800]
O44 - LFC:[MD5.B8B3C9B31745014530EDD39FC8E5D5EB] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [153114]
O44 - LFC:[MD5.CF7B61599210DD3A4FA98D79AB3CE4B4] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfh0404.dat [390486]
O44 - LFC:[MD5.77EB2CED5BEA0050A41079B71DC85568] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.610EF4E15D51BE36588EAD16C7813801] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfh0804.dat [373314]
O44 - LFC:[MD5.59C55E876435F6FD0604B491DD717130] - 04/04/2014 - 23:16:11 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [721162]
O44 - LFC:[MD5.B28CDF4E764F47488EEBB8A869E3D52F] - 09/04/2014 - 19:01:05 ---A- . (...) -- C:\Windows\IE11_main.log [31955]
O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 28/03/2014 - 02:52:38 ---A- . (...) -- C:\Windows\System32\prfd0804.dat [31548]
O44 - LFC:[MD5.3A6AE335F598733BA114414BACF8B163] - 28/03/2014 - 02:52:38 ---A- . (...) -- C:\Windows\System32\prfi0804.dat [111310]
O44 - LFC:[MD5.9175637633BA2D2E15DC0B035AFD1A6A] - 30/03/2014 - 10:58:11 ---A- . (...) -- C:\{8C5C0098-A4D0-46B9-9BC0-CAC4A420A5AA} [3192]
O44 - LFC:[MD5.74A1C79939108B787507E5D705E90716] - 30/03/2014 - 11:23:17 ---A- . (...) -- C:\{DEEC68B0-1EBB-46E3-9B96-3376C329FE46} [3192]
O44 - LFC:[MD5.ABA5B9443692C1C840F2A15266DE70D3] - 30/03/2014 - 11:42:35 ---A- . (...) -- C:\{0773B1F8-AE47-43D8-9785-F6C1A112D9A4} [3192]
O44 - LFC:[MD5.0CE4BA661287C0D53811ABCE974F7744] - 30/03/2014 - 12:15:29 ---A- . (...) -- C:\{EB1EA826-C46E-4595-B08E-EE5B529B4F8E} [3192]
O44 - LFC:[MD5.F58A70CB9B55928631FB06B4D28FA6A5] - 30/03/2014 - 12:17:40 ---A- . (...) -- C:\{A32557D6-0861-4EC6-AEA7-47F8BB44FF3A} [2896]
O44 - LFC:[MD5.57EEA496CF36B2188B66A72EBB2E0E0D] - 30/03/2014 - 12:36:46 ---A- . (...) -- C:\{6198DE7D-889D-4268-A980-CB5015264F18} [3192]
O44 - LFC:[MD5.CB6F6290CC6FF1435BC7929838D6B994] - 30/03/2014 - 12:44:34 ---A- . (...) -- C:\{660A2A31-81C6-4B61-9E67-5FFA28BBB09D} [3192]
~ Files: 97 Legitimates Filtered in 04mn 56s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{a5137313-2083-11e2-9f35-1c75080cf3e0}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
O51 - MPSK:{a5137317-2083-11e2-9f35-1c75080cf3e0}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.BDDE322DD3E6ABBC589C5DC8A948A661] - 29/08/2008 - 16:54:40 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmusbser.sys [103552]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.7C87DF14552A5E0270DBD906BAFF85FB] - 13/04/2010 - 11:15:44 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [109960]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.06F7DE7E27AB8DF26B245F1C371B415B] - 15/12/2009 - 03:26:12 ---A- . (.Windows (R) Win 7 DDK provider - AVStream Simulated Hardware Sample.) -- C:\Windows\System32\Drivers\S6000KNT.sys [160896]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 25/02/2014 - 14:16:35 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.08D15ADE5701ACADBBB2B59AB349F74F] - 02/11/2009 - 12:45:44 ---A- . (...) -- C:\Windows\System32\Drivers\TurboB.sys [14808]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.539CA34FBC74EC366A0D751028C32A08] - 15/07/2010 - 08:44:20 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [14216]
O58 - SDL:[MD5.1F2F4AB15CE03ECC257FEB2F6DC5A013] - 15/07/2010 - 08:44:20 ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [8456]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 12s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D9D82CF2-173C-4169-A516-3FF41594E31C} - (Yahoo!) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {DFE8352D-CEB3-4C59-A862-E5E96304B66D} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E285BE9E-F44E-4DA6-A15C-909EE5D68262}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{748D2E0E-E3E6-4371-90FB-635C36E17F12}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.BearShare
~ Firewall: 200 Legitimates Filtered in 00mn 07s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 96 Legitimates Filtered in 00mn 03s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.CAC59EB85CD9EF691F2AD462AAD17FFF] [WIS][24/02/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\1cc141.msi [813568] =>Toolbar.Avira
[MD5.03D80180F6CD245BE333A641304963DE] [WIS][05/06/2010] (.Passware - Passware Kit Enterprise 10.0 installation package.) -- C:\Windows\Installer\1d5a74.msi [45557248]
~ WIS: 97 Legitimates Filtered in 00mn 39s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BearShareMediaBar_RASAPI32 =>PUP.BearShare
HKLM\SOFTWARE\Microsoft\Tracing\BearShareMediaBar_RASMANCS =>PUP.BearShare
HKLM\SOFTWARE\Microsoft\Tracing\BearShare_RASAPI32 =>PUP.BearShare
HKLM\SOFTWARE\Microsoft\Tracing\BearShare_RASMANCS =>PUP.BearShare
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_stub_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_stub_signed_RASMANCS =>Toolbar.Google
~ BTK: 193 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira
~ BCK: 5186 Legitimates Filtered in 00mn 43s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 02/11/2009 99728 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2014 910416 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
SR - | Auto 25/02/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/02/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 25/02/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
SR - | Auto 13/02/2014 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 10/08/2010 321104 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files\Launch Manager\dsiwmis.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 01mn 01s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (11/04/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4

[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Users\Acer\AppData\Local\BearShare =>PUP.BearShare^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\Acer\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Users\Acer\AppData\LocalLow\mediabarbs =>PUP.BearShare
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
[HKCU\Software\BearShare] =>PUP.BearShare^
C:\Windows\Installer\1cc141.msi =>Toolbar.Avira^
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^
~ Additionnel Scan: 273025 Items scanned in 05mn 06s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
~ MSI: 2 link(s) detected in 00mn 00s



~ 1013 Legitimates filtered by white list
End of the scan (455 lines in 19mn 19s)(0)

Publicité


Signaler le contenu de ce document

Publicité