cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.4.25.42 - Nicolas Coolman (25/04/15)
~ Launched by Mr.Fayez (29/04/15 07:07:45 م)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17728 (Defaut)
MFIE: Mozilla Firefox 37.0.2
GCIE: Google Chrome v42.0.2311.90

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ System protection software
Malwarebytes Anti-Malware version 2.1.6.1022
Windows Defender W7 (Activate)

---\\ System optimization software
CCleaner v5.03

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 17 NPAPI

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6030.3 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 52 GB (53%) free of 98 GB

---\\ Connection to the system mode
~ Computer Name: MRFAYEZ-PC
~ User Name: Mr.Fayez
~ All Users Names: Mr.Fayez, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Mr.Fayez\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Mr.Fayez\AppData\Roaming\
~ %Desktop% : C:\Users\Mr.Fayez\Desktop\
~ %Favorites% : C:\Users\Mr.Fayez\Favorites\
~ %LocalAppData% : C:\Users\Mr.Fayez\AppData\Local\
~ %StartMenu% : C:\Users\Mr.Fayez\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 105 Go of 200 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in :0mn صs



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/11 - 09:19:30 ص.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/09 - 04:39:52 ص.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/03/15 - 05:45:57 ص.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Windows Logon Application.) (.17/07/14 - 05:07:24 ص.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/10 - 06:24:16 ص.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/14 - 09:45:52 ص.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/09 - 04:52:21 ص.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/09 - 02:19:47 ص.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/10 - 06:23:47 ص.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/10 - 06:24:32 ص.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/10 - 06:23:47 ص.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/09 - 02:19:57 ص.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/09 - 03:10:03 ص.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/11 - 05:40:40 ص.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/10 - 06:23:51 ص.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.24/01/14 - 05:37:55 ص.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/09 - 03:00:41 ص.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/10 - 06:24:33 ص.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/09 - 03:09:09 ص.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/14 - 04:46:26 ص.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/10 - 06:23:47 ص.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 1/105
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in :0mn صs



---\\ Process running
[MD5.BA48CCEC781FD10B6C869F7C45CAA23E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208] [PID.2124]
[MD5.6B3BA5BB455D7A4FD16B697B8F73858F] - (.ASUSTek Computer Inc. - ASUS FaceLogon Application.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [473728] [PID.2132]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.2176]
[MD5.77B61BA0EB74B23E21D24BC8F226439F] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.2484]
[MD5.638644168D9B5B5093AD84C9C162B550] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296] [PID.2548]
[MD5.5041D28614C0278A089BEF977C501439] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752] [PID.2752]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.2760]
[MD5.A005676B30AEB3C7703C317D992B193A] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648] [PID.2768]
[MD5.BAC15D03EFC8249216D1D610F3B1E67F] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528] [PID.2776]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.2948]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.3056]
[MD5.7E212E742BF06BF678AE35E9C1B74B8F] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6212920] [PID.3444]
[MD5.40E3C49CCB0103001590A4966238C758] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8200704] [PID.4700]
[MD5.A3626C6D3F2DC95497F3F61842D7FD89] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512] [PID.1532]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1560]
[MD5.2504725939338177E1F627DA0EDA2FEF] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [178848] [PID.1780]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2328]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.1184]
[MD5.F758A5752CA282925CE3324FDBBADBED] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672] [PID.3084]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.4712]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.4412]
~ Processes Running: Scanned in :0mn صs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Mr.Fayez\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 10 Legitimates Filtered in :0mn صs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Mr.Fayez\AppData\Roaming\Mozilla\Firefox\Profiles\62kr0cya.default\prefs.js
M2 - MFEP: prefs.js [Mr.Fayez - 62kr0cya.default\abs@avira.com] [] Seguranأ§a do navegador Avira v1.4.7 (..)
M2 - MFEP: Extension [Mr.Fayez - 62kr0cya.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 26 Legitimates Filtered in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (0)
~ Hosts File: Scanned in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [ASUSQuickGesture(x86)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
O4 - HKLM\..\Run: [ASUSTPLoader(x64)] . (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
O4 - HKLM\..\Run: [ASUSQuickGesture(x64)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKUS\S-1-5-21-735954147-3131765624-1850125851-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-735954147-3131765624-1850125851-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in :0mn صs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Skype for Business Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in :0mn صs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0BD297-DCC6-46A3-BAC6-4FA9C57DFE94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EA4C84-0A27-42E3-AE77-F0CBCEFE5ABD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9D0BD297-DCC6-46A3-BAC6-4FA9C57DFE94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2EA4C84-0A27-42E3-AE77-F0CBCEFE5ABD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9D0BD297-DCC6-46A3-BAC6-4FA9C57DFE94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2EA4C84-0A27-42E3-AE77-F0CBCEFE5ABD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (...) -- igfxdev.dll
~ Winlogon: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 350.) - C:\Windows\System32\nvinitx.dll
~ AppInit DLL: Scanned in :0mn صs



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [Mistl] (...) -- C:\ProgramData\Mistl\Mistl.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Newsfeed] (...) -- C:\Users\Mr.Fayez\AppData\Roaming\Flasher\c32s.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [ScheduledScan] (...) -- C:\Users\Mr.Fayez\AppData\Roaming\Flasher\c32s.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [842]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [846]
~ Scheduled Task: 15 Legitimates Filtered in :0mn صs



---\\ Drivers launched at startup (O41)
O41 - Driver: (avipbb) . (. - .) - C:\Windows\System32\DRIVERS\avipbb.sys (.not file.)
O41 - Driver: (avkmgr) . (. - .) - C:\Windows\System32\DRIVERS\avkmgr.sys (.not file.)
~ Drivers: 71 Legitimates Filtered in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKLM\Software\AdsFix]
[HKLM\Software\Wow6432Node\AdsFix]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\SOSVirus]
[HKLM\Software\Wow6432Node\ZbshaLab]
~ Key Software: 201 Legitimates Filtered in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 25/04/15 - 12:13:27 م - [] ----D C:\ProgramData\Drv
O43 - CFD: 21/04/15 - 03:29:33 م - [0] ----D C:\ProgramData\Mistl
O43 - CFD: 12/04/11 - 11:28:03 ص - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 25/04/15 - 02:52:17 م - [] ----D C:\Users\Mr.Fayez\AppData\Roaming\Craft
O43 - CFD: 25/04/15 - 02:51:58 م - [0] ----D C:\Users\Mr.Fayez\AppData\Roaming\Fixs
O43 - CFD: 03/02/15 - 01:10:07 ص - [] -SH-D C:\Users\Mr.Fayez\AppData\Local\EmieBrowserModeList
~ Program Folder: 140 Legitimates Filtered in :0mn صs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 15/04/15 - 03:16:49 م ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 15/04/15 - 07:22:20 م ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - 22/04/15 - 04:34:40 م ---A- . (...) -- C:\Windows\tweaking.com-regbackup-MRFAYEZ-PC-Windows-7-Home-Premium-(64-bit).dat [207]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 22/04/15 - 04:40:41 م ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 22/04/15 - 04:40:41 م ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 22/04/15 - 04:40:41 م ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 22/04/15 - 04:40:41 م ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 22/04/15 - 04:40:41 م ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 22/04/15 - 04:51:14 م ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.EA1006FF938A32AE908B165DFEFDC949] - 25/04/15 - 02:56:08 م ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [1724]
O44 - LFC:[MD5.2153B2885DB8603BC92A3CCD16D7F504] - 27/04/15 - 03:12:19 ص ---A- . (...) -- C:\AdsFix_27_04_2015_03_12_19.txt [42539]
O44 - LFC:[MD5.568D2A3B63B8B2188221094FAE4A9ED5] - 27/04/15 - 05:04:25 م ---A- . (...) -- C:\AdsFix_27_04_2015_17_04_25.txt [25532]
O44 - LFC:[MD5.45971D4E3A47775BB5A7260BB5EA3C36] - 29/04/15 - 03:49:47 م ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [144]
~ Files: 161 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:14/07/09 - 04:47:48 ص ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/09 - 11:31:59 م ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/09 - 04:45:55 ص ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 71 Legitimates Filtered in :0mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\program files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in :0mn صs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Mr.Fayez - 62kr0cya.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com
~ Keys: Scanned in :0mn صs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.E7B901FFA496A6BF4B7579F51BB8C839] [SPRF][29/04/15] (...) -- C:\Users\Mr.Fayez\AppData\Roaming\sp_data.sys [401]
[MD5.DA99B3AC1A8E18C1E43DE1AB9725547F] [SPRF][26/04/15] (.SosVirus - AdsFix.) -- C:\Users\Mr.Fayez\Desktop\AdsFix.exe [2461320]
[MD5.D9CEEFFE1B467A94A0442A50B03D1328] [SPRF][19/04/15] (.AVM Software Inc. - Paltalk Messenger Setup.) -- C:\Users\Mr.Fayez\Desktop\pal_install_r109860_a3000.exe [1180312]
~ Files: 5 Legitimates Filtered in :0mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/15 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/10/14 281488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 25/04/15 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/04/15 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/04/15 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 02/01/15 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/07/58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/03/11 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 21/11/11 80512 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 21/11/11 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 28/03/15 1152144 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 01/10/14 319376 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 14/04/15 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 14/04/15 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 28/03/15 1878672 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 28/03/15 22995600 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 09/04/15 936264 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/07/09 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/09 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in :1mn صs



---\\ Scan Additionnel (O88)
Database Version : 13008 - (25/04/15)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 202736 Items scanned in :2mn صs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 2 Legitimates Filtered in :0mn صs



~ 866 Legitimates filtered by white list
End of the scan (391 lines in :5mn صs)(0.7)

Publicité


Signaler le contenu de ce document

Publicité