cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.11.22.166 - Nicolas Coolman (22.11.2014)
~ Launched by lolafab (25.11.2014 20:04:24)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.17148
GCIE: Google Chrome v38.0.2125.122 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
AVG 2015 v15.0.5577
Norton Internet Security v20.0.0.136
Windows Defender W8 (Deactivate)

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 12220.0 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 856 GB (94%) free of 909 GB

---\\ Connection to the system mode
~ Computer Name: LOLA
~ User Name: lolafab
~ All Users Names: UpdatusUser, lolafab, Gast, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\lolafab\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lolafab\AppData\Roaming\
~ %Desktop% : C:\Users\lolafab\Desktop\
~ %Favorites% : C:\Users\lolafab\Favorites\
~ %LocalAppData% : C:\Users\lolafab\AppData\Local\
~ %StartMenu% : C:\Users\lolafab\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 856 Go of 909 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 21 Go)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows-Explorer.) (.09.11.2013 - 23:43:08.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Windows-Startanwendung.) (.26.07.2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.4E0BA41211B870111B8DE9B03B49C18E] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.26.10.2014 - 02:56:17.) -- C:\Windows\System32\wininet.dll [2237952]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.12.04.2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Softwarelizenzierungsbibliothek.) (.26.07.2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Treiber für zusätzliche WinSock-Funktionen.) (.29.05.2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26.07.2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26.07.2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26.07.2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26.07.2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.28.09.2013 - 06:51:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - i8042-Anschlusstreiber.) (.26.07.2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26.07.2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.28.09.2013 - 07:24:18.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26.07.2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.28.09.2013 - 07:26:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Treiber für parallelen Anschluss.) (.26.07.2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26.07.2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Geräte-Redirector für Microsoft RDP.) (.26.07.2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26.07.2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Volumeschattenkopie-Treiber.) (.09.11.2013 - 23:43:08.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/8
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.3380EB592F4A3D7D230A3F79F50B157C] - (.No owner - ASP.) -- C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [6714696] [PID.4520] =>PUP.AdvancedSystemProtector
[MD5.C5046BBDBC044EEBC339D800F75A62DB] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928] [PID.2612]
[MD5.FC9095973170EB63BAB2A8554E5D25A5] - (.No owner - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073768] [PID.2108]
[MD5.0E84A5A8C621F733621B270C717B4379] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [249320] [PID.5880]
[MD5.BD9B0E544F4D70E20781A00A27FF98E5] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904] [PID.5976]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.6044]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.6052]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.6060]
[MD5.30D312FB9F4CD0DB48884AC58841D420] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.6108]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.6132]
[MD5.4312B4DD07050FC58146756634058CE8] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136] [PID.1452]
[MD5.A8311EA17EFE5E5D5F6B4E7A22BB8817] - (.No owner - VProtect Application Official.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248] [PID.4044]
[MD5.EFC5D323E170D859F26E4666C885484E] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3695912] [PID.8048]
[MD5.7B3C757512BC57BE5B9701C23AB03881] - (.AVG Secure Search - avgcefrend Official.) -- C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe [1358360] [PID.6696] =>Toolbar.AVGSearch
[MD5.E8B53D6C656B4452E00DA20EAF04CF2B] - (.No owner - DownloadAD.) -- C:\Program Files (x86)\HP SimplePass\DownloadAD.exe [255784] [PID.4680]
[MD5.1F6EFF2536C8F773AEB53309FE52F5B8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8130560] [PID.10640]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\lolafab\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects (O2)
O2 - BHO: AVG Web TuneUp [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG - AVG Web TuneUp.dll.) -- C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
~ BHO: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Advanced-System Protector.lnk . (...) -- C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector
O4 - GS\Desktop [Public]: eBay.ch.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe =>Toolbar.eBay
~ Global Startup: 3 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\lolafab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Windows-Befehlsprozessor.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.No owner - VProtect Application Official.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
~ Application: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.No owner - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) . (...) - C:\Windows\system32\valWBFPolicyService.exe
O23 - Service: (vToolbarUpdater18.1.10) . (.AVG Secure Search - ToolbarU Application Official.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 22 Legitimates Filtered in 00mn 03s



---\\ Task Planned Automatically (039)
[MD5.3380EB592F4A3D7D230A3F79F50B157C] [APT] [Advanced-System Protector_startup] (...) -- C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [6714696] =>PUP.AdvancedSystemProtector
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1118]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1122]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForlolafab [350]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 01s



---\\ Software installed (O42)
O42 - Logiciel: Advanced-System Protector - (.systweak.com.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1 =>PUP.AdvancedSystemProtector
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Tune]
[HKLM\Software\Wow6432Node\Tune]
~ Key Software: 209 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14.11.2014 - 15:51:34 - [] ----D C:\Program Files (x86)\ASP
O43 - CFD: 14.11.2014 - 15:51:33 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 14.11.2014 - 15:31:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
O43 - CFD: 26.07.2012 - 08:52:57 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 14.11.2014 - 18:57:53 - [] ----D C:\Users\lolafab\AppData\Roaming\ASP
O43 - CFD: 14.11.2014 - 15:28:44 - [] -SH-D C:\Users\lolafab\AppData\Local\Verlauf
~ Program Folder: 149 Legitimates Filtered in 00mn 00s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14.11.2014 - 14:58:37 ---A- . (...) -- C:\Recovery.txt [0]
O44 - LFC:[MD5.3141F67CF26B9A4279FD938FE13860E3] - 14.11.2014 - 15:00:25 ---A- . (...) -- C:\Windows\DtcInstall.log [4552]
O44 - LFC:[MD5.597EC2000BA6B7BC4B4F8880BFE8D9C6] - 14.11.2014 - 15:00:26 ---A- . (...) -- C:\Windows\iis.log [10342]
O44 - LFC:[MD5.568B8B42E1A747FE212AA3E108F93182] - 14.11.2014 - 15:37:38 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2762]
O44 - LFC:[MD5.20F6120C7E7D1FA0E77D0848CB0ADD4E] - 14.11.2014 - 15:51:06 ---A- . (.No owner - Tuneup Pro.) -- C:\Windows\System32\roboot64.exe [19736]
O44 - LFC:[MD5.CB8572E790FCE09714143741C20E9934] - 14.11.2014 - 15:51:31 ---A- . (...) -- C:\Windows\System32\sasnative64.exe [16896]
O44 - LFC:[MD5.74ACA27B3285B34B35A11A539B18405F] - 14.11.2014 - 17:25:30 ---A- . (...) -- C:\Windows\System32\spe__l.smt [357]
O44 - LFC:[MD5.9A214019AE20DF7711C0DB8FF26783F7] - 14.11.2014 - 17:25:30 ---A- . (.No owner - UPD Co-Installer.) -- C:\Windows\System32\spe__ci.exe [158040]
O44 - LFC:[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - 14.11.2014 - 17:25:30 ---A- . (.SS - SSCoInst.) -- C:\Windows\System32\spe__ci.dll [89600]
O44 - LFC:[MD5.0BF28DEE7BFB7F2D787756A2009AD5F8] - 14.11.2014 - 17:25:31 ---A- . (.No owner - Language Monitor for Status Monitor.) -- C:\Windows\System32\spe__l.dll [34304]
O44 - LFC:[MD5.1C27CEECA7EAECC2A74C3D9D9DF68CA6] - 14.11.2014 - 17:27:07 ----- . (...) -- C:\Windows\uninstall.ico [26694]
O44 - LFC:[MD5.FC6E1C59AF69E285BE6EA3AB55C405E2] - 14.11.2014 - 17:27:07 ----- . (.No owner - Printer Software Uninstaller.) -- C:\Windows\TotalUninstaller.exe [1571160]
O44 - LFC:[MD5.C12CBBCFA32EB159E08B6F5751C231F0] - 14.11.2014 - 17:27:23 ---A- . (...) -- C:\Autoconfig.ini [72]
O44 - LFC:[MD5.117FC8A47CF9BD3A636EF5F9C94C251F] - 25.11.2014 - 19:23:58 ----- . (...) -- C:\bootsqm.dat [3472]
O44 - LFC:[MD5.7CA09731EB7FC99B910C7F239E57720F] - 25.11.2014 - 19:25:56 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Files: 170 Legitimates Filtered in 00mn 01s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:13.02.2013 - 10:28:26 ---A- . (.No owner - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [21048]
O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [21048]
O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46568]
O58 - SDL:26.07.2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:05.02.2013 - 12:59:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [544768]
O58 - SDL:25.11.2014 - 19:25:56 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Drivers: 70 Legitimates Filtered in 00mn 04s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {65D2F53C-15FF-4BE4-A4E0-09A3162351A9} - (Amazon Suchvorschläge) - http://www.amazon.de
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
~ BTK: 45 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22.03.2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 14.11.2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14.11.2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10.12.2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 09.11.2014 1486664 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
SR - | Auto 09.11.2014 3488784 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 09.11.2014 298080 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 31.01.2013 1626872 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 10.01.2013 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 07.02.2013 1641768 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
SR - | Auto 27.09.2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 05.11.2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 01.03.2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 01.02.2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10.04.2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10.12.2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 22.02.2013 129848 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 13.02.2013 180200 | (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 22.02.2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 22.02.2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14.06.2012 143928 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
SR - | Auto 07.03.2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 07.03.2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 05.02.2013 332800 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 07.01.2013 401856 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
SR - | Auto 19.03.2013 28160 | (valWBFPolicyService) . (...) - C:\Windows\system32\valWBFPolicyService.exe
SR - | Auto 14.11.2014 1849368 | (vToolbarUpdater18.1.10) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Demand 10.07.1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 28.09.2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (22.11.2014)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 2

[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.10] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1] =>PUP.AdvancedSystemProtector^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe =>Toolbar.AVGSearch^
~ Additionnel Scan: 256091 Items scanned in 00mn 44s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
~ MSI: 3 link(s) detected in 00mn 00s



~ 723 Legitimates filtered by white list
End of the scan (440 lines in 01mn 15s)(0)

Publicité


Signaler le contenu de ce document

Publicité