cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Verslag van ZHPDiag v2014.12.27.179 - Nicolas Coolman (27-12-2014)
~ Gelanceerd door Erik-Jan (20-3-2015 10:23:14)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Nieuwe versie beschikbaar
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17358 (Defaut)

---\\ Windows productinformatie
~ Langage: Néerlandais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Software om het systeem te beveiligen
AVG 2015 v15.0.5856
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3037 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 171 GB (73%) free of 233 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: ERIK-JAN-PC
~ User Name: Erik-Jan
~ All Users Names: HomeGroupUser$, Gast, Erik-Jan, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Erik-Jan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Erik-Jan\AppData\Roaming\
~ %Desktop% : C:\Users\Erik-Jan\Desktop\
~ %Favorites% : C:\Users\Erik-Jan\Favorites\
~ %LocalAppData% : C:\Users\Erik-Jan\AppData\Local\
~ %StartMenu% : C:\Users\Erik-Jan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 171 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 166 Go of 218 Go)
E: CD-ROM drive (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.19-9-2014 - 1:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/8
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 00s



---\\ Gestarte processen
[MD5.FAEC403B44A31ADDD0DA3C5A32AD0614] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728] [PID.3268]
[MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3054136] [PID.2956]
[MD5.74EF10CD035DE51171C98E60E53AE221] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936] [PID.3124]
[MD5.F9F310F9FB7F294F00ABDD03453D8CEE] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [812736] [PID.4940]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.2152]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1388]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.No owner - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1416]
[MD5.7CD493F058F371C549402C82C08100AB] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016] [PID.1640]
[MD5.E86DFA7BCE03AE70DF0EABA937EFCB4D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232] [PID.1676]
[MD5.8C89F06DBC239492E0AAAA0B0D8645EA] - (.ASUSTeK Computer Inc. - ASUS FastBoot.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232] [PID.1824]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1924]
[MD5.A434FB7C05F244E8E46C23F8075082ED] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [178744] [PID.1084]
[MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] - (.No owner - Atouch64.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe [301624] [PID.2408]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.3012]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.3032]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3040]
~ Processes Running: Scanned in 00mn 01s



---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s



---\\ Toepassingen gestart door register & bestand (O4)
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4D70F04-1BC6-4AF8-B828-97B307DC5525}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4D70F04-1BC6-4AF8-B828-97B307DC5525}: DhcpDomain = sitecomwl340
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4D70F04-1BC6-4AF8-B828-97B307DC5525}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4D70F04-1BC6-4AF8-B828-97B307DC5525}: DhcpDomain = sitecomwl340
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4D70F04-1BC6-4AF8-B828-97B307DC5525}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4D70F04-1BC6-4AF8-B828-97B307DC5525}: DhcpDomain = sitecomwl340
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) . (.No owner - GFNEXSrv.) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
~ Services: 5 Legitimates Filtered in 00mn 11s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.00000000000000000000000000000000] [APT] [PCRegistryShield_Popup] (...) -- C:\Program Files (x86)\PC Registry Shield\Splash.exe (.not file.) [0] =>Rogue.PCRegistryShield
[MD5.00000000000000000000000000000000] [APT] [PCRegistryShield_Start] (...) -- C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe (.not file.) [0] =>Rogue.PCRegistryShield
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\OB]
[HKCU\Software\PCRegistryShieldConfig] =>Rogue.PCRegistryShield
[HKCU\Software\PCRegistryShieldLanguage] =>Rogue.PCRegistryShield
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
~ Key Software: 146 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 20-3-2015 - 10:11:53 - [] ----D C:\Program Files (x86)\PC Registry Shield =>Rogue.PCRegistryShield
O43 - CFD: 19-3-2015 - 8:17:18 - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 19-3-2015 - 8:17:18 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 14-7-2009 - 8:44:38 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
~ Program Folder: 118 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.D4D83D61769CC7AB5542FDD446060A4D] - 17-3-2015 - 12:56:06 ---A- . (...) -- C:\Windows\wininit.ini [74]
O44 - LFC:[MD5.401857F6171193320ACF67EEFB35E705] - 19-3-2015 - 10:17:33 ---A- . (...) -- C:\Windows\ntbtlog.txt [228524]
O44 - LFC:[MD5.06889B9C59D190443715C0D9EFB584B6] - 19-3-2015 - 7:20:02 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [155298]
O44 - LFC:[MD5.EB1A4F981F0F1B0FA98103F51FDAC4DA] - 19-3-2015 - 7:20:02 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [725324]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 19-3-2015 - 7:34:00 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 19-3-2015 - 7:34:00 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 19-3-2015 - 7:34:00 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 19-3-2015 - 7:34:00 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 19-3-2015 - 7:34:00 ---A- . (...) -- C:\Windows\zip.exe [68096]
~ Files: 138 Legitimates Filtered in 01mn 39s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe (.not file.) =>Toolbar.AVGSearch
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:12-6-2009 - 4:41:55 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [112128]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:20-7-2009 - 10:29:39 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:18-6-2009 - 20:18:10 ---A- . (.Windows (R) Win 7 DDK provider - ASUS CopyProtect driver.) -- C:\Windows\System32\Drivers\lullaby.sys [15928]
O58 - SDL:5-6-2009 - 11:15:55 ---A- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [42176]
O58 - SDL:5-6-2009 - 11:15:55 ---A- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1806400]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 61 Legitimates Filtered in 00mn 04s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 18-6-2009 - C:\Windows\System32\DRIVERS\lullaby.sys (lullaby) .(.Windows (R) Win 7 DDK provider - ASUS CopyProtect driver.) - LEGACY_LULLABY
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 128 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {4F91F87F-2A24-4B96-AAB1-A362C303D8DF} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {CB6E7A52-E411-438C-A534-24AC0C393A23} - ((www.google.com) Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.B8C1EE24068531BC977CA744E0ADF727] [SPRF][3-12-2014] (.Object Browser - Sense exe.) -- C:\Users\Erik-Jan\AppData\Roaming\UQ.exe [1363424] =>PUP.ObjectBrowser
[MD5.10ECCA7CDE5A20393887EAB8EF3D4179] [SPRF][3-12-2014] (.Object Browser - Sense exe.) -- C:\Users\Erik-Jan\AppData\Roaming\WEFLS.exe [2002912] =>PUP.ObjectBrowser
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\PcRegistryShield_RASAPI32 =>Rogue.PCRegistryShield
HKLM\SOFTWARE\Microsoft\Tracing\PcRegistryShield_RASMANCS =>Rogue.PCRegistryShield
~ BTK: 23 Legitimates Filtered in 00mn 00s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 17-3-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 16-6-2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 8-8-2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 6-3-2015 3416016 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 6-3-2015 309232 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 24-7-2009 306232 | (FastBootAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s



---\\ Extra scan (O88)
Database Version : 13026 - (27-12-2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\vProt] =>Toolbar.AVGSearch^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
C:\Program Files (x86)\PC Registry Shield =>Rogue.PCRegistryShield^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
[HKCU\Software\PCRegistryShieldConfig] =>Rogue.PCRegistryShield^
[HKCU\Software\PCRegistryShieldLanguage] =>Rogue.PCRegistryShield^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
C:\Users\Erik-Jan\AppData\Roaming\UQ.exe =>PUP.ObjectBrowser^
C:\Users\Erik-Jan\AppData\Roaming\WEFLS.exe =>PUP.ObjectBrowser^
~ Additionnel Scan: 289611 Items scanned in 00mn 40s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/rogue-pcregistryshield =>Rogue.PCRegistryShield
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/pup-objectbrowser =>PUP.ObjectBrowser
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
~ MSI: 5 link(s) detected in 00mn 00s



~ 771 Legitimates filtered by white list
End of the scan (372 lines in 03mn 31s)(0)

Publicité


Signaler le contenu de ce document

Publicité