cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Bezpieczeństwa narzędzie diagnostyczne ZHPDiag v2015.4.6.36 - Nicolas Coolman (2015-03-29)
~ Wszystkie prawa zastrzeżone Joanna (2015-04-09 15:12:28)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adres witryny sieci Forum : http://forum.nicolascoolman.fr
~ Przetłumaczone przez użytkownika
~ Stan wersja : Zaktualizowaną wersję.
~ Sprawozdanie z : Włączone przez program
~ Podniesienie uprawnień : OK
~ Kontrola konta użytkownika : Deactivate by program


---\\ Przeglądarek internetowych
MSIE: Internet Explorer v11.0.9600.17691
MFIE: Mozilla Firefox 37.0.1 (Defaut)
GCIE: Google Chrome v41.0.2272.118

---\\ Informacje o produkcie Windows
~ Langage: Polonais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ System ochrony oprogramowania
Avast Free Antivirus v10.0.2208
Malwarebytes Anti-Malware version 2.1.4.1018
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ System optymalizacji oprogramowania

---\\ Udostępniania oprogramowania PeerToPeer

---\\ Oprogramowania nadzoru
Adobe Flash Player 16 NPAPI
Adobe Reader 9.5.2 - Polish

---\\ Informacje o systemie
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6005 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 21 GB (8%) free of 233 GB

---\\ Połączenie systemu tryb
~ Computer Name: JOANNA-TOSH
~ User Name: Joanna
~ All Users Names: Joanna, HomeGroupUser$, Gość, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Zmienne środowiskowe
~ System Unit : C:\
~ %AppZHP% : C:\Users\Joanna\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Joanna\AppData\Roaming\
~ %Desktop% : C:\Users\Joanna\Desktop\
~ %Favorites% : C:\Users\Joanna\Favorites\
~ %LocalAppData% : C:\Users\Joanna\AppData\Local\
~ %StartMenu% : C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Wyliczenie jednostek dysku
C: Hard drive, Flash drive, Thumb drive (Free 21 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 202 Go of 232 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Państwa z centrum zabezpieczeń systemu Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Szukaj pliku rodzajowego
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Eksplorator Windows.) (.2011-02-25 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplikacja uruchamiania systemu Windows.) (.2009-07-14 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Rozszerzenia internetowe Win32.) (.2015-02-20 - 02:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Aplikacja logowania systemu Windows.) (.2014-07-17 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteka licencjonowania oprogramowania.) (.2010-11-20 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-05-30 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-14 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-14 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Sterownik portu i8042.) (.2009-07-14 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-14 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-27 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Sterownik systemu plików NT.) (.2014-01-24 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Sterownik portu równoległego.) (.2009-07-14 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-14 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.2014-11-11 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Sterownik kopiowania woluminów w tle.) (.2010-11-20 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stan ten ukryty akta (ukryty/całkowita)
~ Mes images (My Pictures) : 2/12130
~ Mes musiques (My Musics) : 1/1975
~ Mes Videos (My Videos) : 1/729
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 1/18895
~ Mon Bureau (My Desktop) : 23/6544
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 29s



---\\ Rozpoczęła proces
[MD5.BBFED9378719CF8E0C3DEDC979B5D649] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe [6203296] [PID.3048]
[MD5.8B741FBF573B7A2B9A7F0F9898C7FF5D] - (.Bureau Van Dijk – Dictionnaires Le Robert - Hyperappel du Grand Robert de la langue fra.) -- C:\Program Files (x86)\Le Robert\Le Grand Robert\grwinHyper.exe [1118208] [PID.1148]
[MD5.A07E8935CC8DCE6DB787DC99129CA17C] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408] [PID.2036]
[MD5.260F9CF7B898C6D52E60380AFD1E0273] - (.TOSHIBA CORPORATION. - Bluetooth Manager.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2717024] [PID.2580]
[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.2136]
[MD5.2E0C629B19EAC98897D4099A461B76A6] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [344064] [PID.2624]
[MD5.852F12CA7C4FC7E3D77B606492435556] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1100]
[MD5.D88E81DECD3014C45603B4B327B4EE1A] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496] [PID.3332]
[MD5.C5B2679B0AE204FDD0415199B7AFEF20] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088] [PID.4448]
[MD5.1494918EB9C24C0DA844A755B68C862F] - (.TOSHIBA CORPORATION. - No Comment.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840] [PID.4780]
[MD5.D7330569674CA0F889887075FB470011] - (.TOSHIBA Corporation. - SoundChanger.exe.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe [705880] [PID.4812]
[MD5.A7184AE433F4E1D9F4CE6AD1903202A3] - (...) -- C:\Program Files (x86)\Winamp\winampa.exe [12288] [PID.4836]
[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.5036]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.5100]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.1844]
[MD5.177B2C051EB47694C81CF3F970C1C7C6] - (.TOSHIBA CORPORATION. - TosA2DP.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [660808] [PID.3876]
[MD5.A1091A01468D5CF18BBE39A9A1749EDB] - (.TOSHIBA CORPORATION. - TosBtHid.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [83272] [PID.2432]
[MD5.3EDF49DB54F3C85D0A89F58F3206C044] - (.TOSHIBA CORPORATION. - TosBtHSP.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe [308552] [PID.4772]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.1216]
[MD5.9C08A831626DDDDDBE02993127B4595F] - (.No owner - ULHotkey.) -- C:\Program Files (x86)\Ultralingua\Ultralingua 7\ULHotkey.exe [1483264] [PID.5744]
[MD5.B63E5C7807334A3A8F731062F15462CC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008] [PID.5780]
[MD5.695BE0A3D240FFF4B876D9289110634A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5227648] [PID.5812]
[MD5.34D296AFC913E302953C70463EF09A48] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [96056] [PID.5820]
[MD5.BB69268B5F4277A1CFC36A237E27FD87] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.8920]
[MD5.831F8FAE0BFFCF8BA05082E5C5DB8CB3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.9276]
[MD5.4E8288547D53DB9555067DE7FDCCB127] - (.Adobe Systems, Inc. - Adobe Flash Player 16.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe [1880752] [PID.9312]
[MD5.E96DD1ABAC2BE889CF521EA2192BFD1D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8196608] [PID.1460]
[MD5.FE4EF0DC671D515397DE7A17AD6D5438] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.9.) -- C:\Windows\system32\nvvsvc.exe [219752] [PID.920]
[MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1300]
[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1676]
[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.1708]
[MD5.E5CE7259EDB9699E7954B2B2B49FEEB2] - (...) -- C:\ProgramData\MobileBrServ\mbbservice.exe [240720] [PID.1808]
[MD5.A1C148801B4AF64847AEB9F3AD9594EF] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144] [PID.1864]
[MD5.51508F0C2476177E50C31B0BBFBF1BDB] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912] [PID.1816]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [322120] [PID.2172]
[MD5.A2EB6CA4F27C21E6612822B1AAA35A46] - (.pdfforge GbR - PDF Architect Helper Service.) -- C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312] [PID.2264]
[MD5.A7B011DB400D66F7574E821223C8BB36] - (.pdfforge GbR - PDF Architect Conversion Service.) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864] [PID.2320]
[MD5.7493EA4DE41348F7D3EDBF9DB298F56A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3636]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.3044]
[MD5.41118D920B2B268C0ADC36421248CDCF] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240] [PID.6024]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, start, Szukaj, rozszerzenia (G0, G1, G2)
C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome rozszerzenie Folder
~ Google Lines Browser: 2 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, pluginy, start, wyszukaj, rozszerzenia (P2, M0, M1, M2, M3)
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, zarządzanie serwerem Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analiza wierszy F0, F1, F2, F3 - IniFiles, ładowanie programów
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Przekierowanie pliku Hosts (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Obiekty pomocnicze przeglądarki z przeglądarki (O2)
O2 - BHO: QUICKfind BHO Object [64Bits] - {C08DF07A-3E49-4E25-9AB0-D3882835F153} . (...) -- C:\Program Files (x86)\TEXTware\QUICKfind\PlugIns\IEHelp.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer paski (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Sierocych klucz
~ Toolbar: Scanned in 00mn 00s



---\\ Aplikacje rozpoczęte przez wpisywać do rejestru i plików (O4)
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe (.not file.)
O4 - HKLM\..\Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe (.not file.)
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Menedżer Realtek HD Audio.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (.not file.)
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (.not file.)
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [Le Petit Robert V3 Hyperappel] . (.Dictionnaire Le Robert - Le Petit Robert Hyperappel.) -- C:\Program Files\Le Robert\Le Petit Robert 2009\RobertHA.exe
O4 - HKCU\..\Run: [grwinHyper] . (.Bureau Van Dijk – Dictionnaires Le Robert - Hyperappel du Grand Robert de la langue fra.) -- C:\Program Files (x86)\Le Robert\Le Grand Robert\grwinHyper.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HWSetup] . (.TOSHIBA Electronics, Inc. - HWSetup.) -- C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Wow6432Node\Run: [TUSBSleepChargeSrv] . (.TOSHIBA - TOSHIBA USB Sleep and Charge Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [TWebCamera] . (.TOSHIBA CORPORATION. - No Comment.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (...) -- C:\Program Files (x86)\Winamp\Winampa.exe
O4 - HKLM\..\Wow6432Node\Run: [iPlusManager] . (...) -- C:\Program Files (x86)\iPlus\iPlusChecker.exe
O4 - HKLM\..\Wow6432Node\Run: [Ultralingua 7 Hotkey] . (.No owner - ULHotkey.) -- C:\Program Files (x86)\Ultralingua\Ultralingua 7\ULHotkey.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadżety pulpitu systemu Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadżety pulpitu systemu Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2309956584-436392394-835760416-1000\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-2309956584-436392394-835760416-1000\..\Run: [Le Petit Robert V3 Hyperappel] . (.Dictionnaire Le Robert - Le Petit Robert Hyperappel.) -- C:\Program Files\Le Robert\Le Petit Robert 2009\RobertHA.exe
O4 - HKUS\S-1-5-21-2309956584-436392394-835760416-1000\..\Run: [grwinHyper] . (.Bureau Van Dijk – Dictionnaires Le Robert - Hyperappel du Grand Robert de la langue fra.) -- C:\Program Files (x86)\Le Robert\Le Grand Robert\grwinHyper.exe
O4 - HKUS\S-1-5-21-2309956584-436392394-835760416-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Przyciski na pasku narzędzi "główne narzędzia" Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Zmiana adresu domeny DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F3281A7-8410-490B-A300-51343E2689B7}: DhcpNameServer = 212.2.96.51 212.2.96.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{360FA0D7-C03D-49E7-8388-A337D8DB27D0}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DDF84EE-6592-4F22-9AFD-A1FF46BADB73}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9859CA1-2581-499D-B09A-35AABE362F02}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D340CCD2-601A-42C6-ABBE-32AA174601DF}: DhcpNameServer = 194.2.0.20 194.2.0.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F3552B-1AB6-4151-9427-485EB47C8E8B}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DDF84EE-6592-4F22-9AFD-A1FF46BADB73}: DhcpDomain = hi.link
O17 - HKLM\System\CCS\Services\Tcpip\..\{D340CCD2-601A-42C6-ABBE-32AA174601DF}: DhcpDomain = nomadix.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F3281A7-8410-490B-A300-51343E2689B7}: DhcpNameServer = 212.2.96.51 212.2.96.52
O17 - HKLM\System\CS1\Services\Tcpip\..\{360FA0D7-C03D-49E7-8388-A337D8DB27D0}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DDF84EE-6592-4F22-9AFD-A1FF46BADB73}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9859CA1-2581-499D-B09A-35AABE362F02}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{D340CCD2-601A-42C6-ABBE-32AA174601DF}: DhcpNameServer = 194.2.0.20 194.2.0.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7F3552B-1AB6-4151-9427-485EB47C8E8B}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DDF84EE-6592-4F22-9AFD-A1FF46BADB73}: DhcpDomain = hi.link
O17 - HKLM\System\CS1\Services\Tcpip\..\{D340CCD2-601A-42C6-ABBE-32AA174601DF}: DhcpDomain = nomadix.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F3281A7-8410-490B-A300-51343E2689B7}: DhcpNameServer = 212.2.96.51 212.2.96.52
O17 - HKLM\System\CS2\Services\Tcpip\..\{360FA0D7-C03D-49E7-8388-A337D8DB27D0}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DDF84EE-6592-4F22-9AFD-A1FF46BADB73}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9859CA1-2581-499D-B09A-35AABE362F02}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{D340CCD2-601A-42C6-ABBE-32AA174601DF}: DhcpNameServer = 194.2.0.20 194.2.0.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7F3552B-1AB6-4151-9427-485EB47C8E8B}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DDF84EE-6592-4F22-9AFD-A1FF46BADB73}: DhcpDomain = hi.link
O17 - HKLM\System\CS2\Services\Tcpip\..\{D340CCD2-601A-42C6-ABBE-32AA174601DF}: DhcpDomain = nomadix.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
~ Domain: Scanned in 00mn 00s



---\\ Protokół dodatkowy (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Wykaz usług innej firmy niż Microsoft NT i niepełnosprawnych (O23)
O23 - Service: Huawei E3272 (Huawei E3272) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
~ Services: 18 Legitimates Filtered in 00mn 07s



---\\ Zadania zaplanowane w trybie automatycznym (O39)
[MD5.00000000000000000000000000000000] [APT] [{6C788F41-54D3-4D7D-BF58-E906A9A44C05}] (...) -- E:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{81BD1DE4-7FA6-4301-AD56-9BCECF49F3D0}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D04DDDFD-8C19-4D08-9513-C0D3C4F23D1B}] (...) -- C:\Users\Joanna\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.) [0] =>PUP.StartSearch
[MD5.00000000000000000000000000000000] [APT] [{DD311706-5379-463B-BDD2-354A8A3FFF7B}] (...) -- E:\Install.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 03s



---\\ Pilota przy starcie systemu (O41)
O41 - Driver: (jzgrghui) . (. - .) - C:\Windows\system32\drivers\jzgrghui.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Zainstalowane oprogramowanie (O42)
O42 - Logiciel: Angielski w praktyce - ćwiczenia i testy 2 - (...) [HKLM][64Bits] -- ang_ct2
O42 - Logiciel: Angielski w praktyce - ćwiczenia i testy 3 - (...) [HKLM][64Bits] -- ang_ct3
O42 - Logiciel: Informator 1.2.0.426 - (...) [HKLM][64Bits] -- Paseczek_is1
O42 - Logiciel: PIT pro 2012 - (.Podatnik.info Sp z o.o..) [HKLM][64Bits] -- {C74DEC74-D0E0-4FC9-AFA2-46D774D88B5C}
O42 - Logiciel: PIT-OPP 2011 - (.Infonetax.) [HKLM][64Bits] -- {8C9DDCAA-91E1-4DAA-BC65-68BD80546B98}}_is1
O42 - Logiciel: Podatnik.info PIT pro 2013 wersja 2.0.18.19422 - (.Podatnik.info Sp. z o.o..) [HKLM][64Bits] -- {B239B43B-3E99-40B0-80BF-1B1BCA868D4E}_is1
O42 - Logiciel: Prawo Jazdy 2009 1.1 - (...) [HKLM][64Bits] -- {1C36647E-F5BD-43E9-BA64-5F274B7F7050}_is1
O42 - Logiciel: Prawo Jazdy ABCDT - egzamin wewnętrzny - (.Grupa IMAGE sp. z o.o..) [HKLM][64Bits] -- {F40963EC-223E-4E65-8CF0-A60E9A227245}_is1
O42 - Logiciel: Skrzyżowania 1.0.0.19 - (.Grupa IMAGE sp. z o.o..) [HKLM][64Bits] -- Skrzyżowania_is1
O42 - Logiciel: Testy B 2009 - (.Grupa IMAGE sp. z o.o..) [HKLM][64Bits] -- Testy B 2009_is1
O42 - Logiciel: Znaki Drogowe - (.Grupa IMAGE sp. z o.o..) [HKLM][64Bits] -- Znaki Drogowe_is1
O42 - Logiciel: iPlus manager 2.2 - (...) [HKLM][64Bits] -- iPlus manager_is1
~ Logic: 40 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Albion]
[HKCU\Software\Codeton]
[HKCU\Software\GrupaImage]
[HKCU\Software\IPSPI]
[HKCU\Software\Office Panel]
[HKCU\Software\PWN]
[HKCU\Software\Reg]
[HKCU\Software\disco savings]
[HKCU\Software\discosavings]
[HKCU\Software\iPlusManager]
[HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
[HKLM\Software\Wow6432Node\Albion]
[HKLM\Software\Wow6432Node\Codeton]
[HKLM\Software\Wow6432Node\IPSPI]
[HKLM\Software\Wow6432Node\Infonetax]
[HKLM\Software\Wow6432Node\Leksykonia]
[HKLM\Software\Wow6432Node\PWN]
[HKLM\Software\Wow6432Node\Podatnik.info]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\TEXTware A/S]
[HKLM\Software\Wow6432Node\iPlusManager]
~ Key Software: 372 Legitimates Filtered in 00mn 01s



---\\ "Zawartość folderów programów, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 2014-03-17 - 23:34:19 - [] ----D C:\Program Files (x86)\Akademia umysłu
O43 - CFD: 2012-12-27 - 13:35:24 - [] ----D C:\Program Files (x86)\Grupa IMAGE
O43 - CFD: 2011-03-16 - 20:21:45 - [] ----D C:\Program Files (x86)\iPlus
O43 - CFD: 2010-06-22 - 20:44:12 - [] ----D C:\Program Files (x86)\Leksykonia
O43 - CFD: 2011-05-23 - 22:28:59 - [] ----D C:\Program Files (x86)\Longman
O43 - CFD: 2011-04-24 - 10:38:26 - [] ----D C:\Program Files (x86)\PITy
O43 - CFD: 2014-04-10 - 17:27:50 - [] ----D C:\Program Files (x86)\Podatnik.info
O43 - CFD: 2013-03-09 - 18:20:43 - [] ----D C:\Program Files (x86)\Podatnik.info Sp z o.o
O43 - CFD: 2012-08-13 - 14:59:55 - [] ----D C:\Program Files (x86)\Prawo Jazdy 2009
O43 - CFD: 2014-12-24 - 13:25:36 - [0] ----D C:\Program Files (x86)\pre_installer_pl
O43 - CFD: 2010-06-22 - 20:01:37 - [] ----D C:\Program Files (x86)\PWN
O43 - CFD: 2010-06-13 - 21:20:25 - [] ----D C:\Program Files (x86)\TEXTware
O43 - CFD: 2010-06-11 - 18:05:47 - [] -SH-D C:\ProgramData\Dane aplikacji
O43 - CFD: 2010-06-11 - 18:05:47 - [] -SH-D C:\ProgramData\Dokumenty
O43 - CFD: 2011-11-11 - 19:15:39 - [] ----D C:\ProgramData\Gadu-Gadu 10
O43 - CFD: 2010-06-11 - 18:05:47 - [] -SH-D C:\ProgramData\Pulpit
O43 - CFD: 2010-06-11 - 18:05:47 - [] -SH-D C:\ProgramData\Szablony
O43 - CFD: 2010-06-11 - 18:05:47 - [] -SH-D C:\ProgramData\Ulubione
O43 - CFD: 2015-02-25 - 19:46:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Albion
O43 - CFD: 2011-04-24 - 10:38:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formularze IPS
O43 - CFD: 2012-12-27 - 13:35:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grupa IMAGE
O43 - CFD: 2012-03-25 - 20:10:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infonetax
O43 - CFD: 2011-03-16 - 20:21:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPlus
O43 - CFD: 2011-05-23 - 22:29:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman
O43 - CFD: 2009-12-09 - 10:58:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Service
O43 - CFD: 2012-08-13 - 14:59:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prawo Jazdy 2009
O43 - CFD: 2010-06-22 - 20:44:32 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Słowniki języka polskiego
O43 - CFD: 2009-07-14 - 20:09:07 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2010-06-13 - 21:20:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEXTware
O43 - CFD: 2011-12-06 - 00:13:49 - [] ----D C:\Users\Joanna\AppData\Roaming\Codeton
O43 - CFD: 2011-11-11 - 22:46:11 - [] ----D C:\Users\Joanna\AppData\Roaming\Gadu-Gadu 10
O43 - CFD: 2014-04-07 - 18:37:36 - [] ----D C:\Users\Joanna\AppData\Roaming\iPlus
O43 - CFD: 2014-04-10 - 17:28:00 - [] ----D C:\Users\Joanna\AppData\Roaming\Podatnik.info
O43 - CFD: 2014-12-24 - 13:40:18 - [0] ----D C:\Users\Joanna\AppData\Roaming\WebTest
O43 - CFD: 2010-06-11 - 18:05:53 - [] -SH-D C:\Users\Joanna\AppData\Local\Dane aplikacji
O43 - CFD: 2014-12-24 - 13:28:38 - [] -SH-D C:\Users\Joanna\AppData\Local\EmieBrowserModeList
O43 - CFD: 2010-06-11 - 18:05:53 - [] -SH-D C:\Users\Joanna\AppData\Local\Historia
O43 - CFD: 2012-03-25 - 20:35:32 - [] ----D C:\Users\Joanna\AppData\Local\Infonetax
O43 - CFD: 2011-05-23 - 22:29:23 - [] ----D C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman
~ Program Folder: 265 Legitimates Filtered in 00mn 01s



---\\ Najnowsze pliki zmodyfikowane lub utworzone w systemie Windows i System32 (O44)
O44 - LFC:[MD5.9253A1B887B808884D4AEFA4EE31585D] - 2015-04-08 - 16:14:09 ---A- . (...) -- C:\MBAM.txt [372]
~ Files: 14 Legitimates Filtered in 00mn 02s



---\\ Klucz rejestru Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{0d323997-c6e2-11df-854a-705ab6799d8b}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{1784daaa-a491-11df-bfec-705ab6799d8b}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{1784dabb-a491-11df-bfec-705ab6799d8b}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{1ba433b0-1eb1-11e1-8aaa-001e101f8924}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{3872b8f4-71b5-11e0-a7f9-001e101f82a0}\AutoRun\command. (...) -- H:\Autorun.exe (.not file.)
O51 - MPSK:{3f5769ce-c768-11e4-baf6-705ab6799d8b}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{4b5484bf-4ff9-11e0-9805-806e6f6e6963}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{64847ce0-a499-11df-bccc-705ab6799d8b}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{980fe615-758f-11df-ae34-705ab6799d8b}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{f8b92c5d-2359-11e1-9bd9-705ab6799d8b}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
O51 - MPSK:{ff2f7a31-fa1e-11e2-98e4-001e101f7f74}\AutoRun\command. (...) -- H:\DualLock.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Wyliczenie ten wpisywać do rejestru klucze PoliciesSystem (obecnie wyceniane w mwps) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Wyliczenie klucza rejestru PoliciesExplorer (OEA) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista sterowników systemu (SDL) (O58)
O58 - SDL:2014-12-08 - 21:11:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:2014-12-08 - 21:11:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:2014-12-08 - 21:11:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:2011-12-10 - 19:10:33 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:2009-07-14 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:2009-06-10 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:1601-01-02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:2009-07-14 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 89 Legitimates Filtered in 00mn 01s



---\\ Listę narzędzi do dezynfekcji (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista usług rejestru dziedzictwo (LALS) (O64)
O64 - Services: CurCS - 2014-12-08 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 88 Legitimates Filtered in 00mn 00s



---\\ Tarło powłoki stowarzyszenia (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Szukaj "infekcji na przeglądarki internetowe (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {30E4F0D3-866F-4A34-992F-19D9C6347320} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {E7E9474A-433C-41FA-9418-B449FCF52AAC} - (Amazon) - http://www.amazon.co.uk
~ Keys: Scanned in 00mn 00s



---\\ Konkretnego wyszukiwania w katalogu głównym systemu (SPRF) (O84)
[MD5.E3458995FB0A66199E9423053FF6D9F8] [SPRF][2010-08-14] (...) -- C:\ProgramData\ezsidmv.dat [56]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Wylicza kody produktów oprogramowania (PUC) (O90)
O90 - PUC: "B12CFF1E56BC60C4F8AE614FA72422DF" . (.eBay.) -- c:\Windows\Installer\{E1FFC21B-CB65-4C06-8FEA-16F47A4222FD}\_6FEFF9B68218417F98F549.exe =>Toolbar.eBay
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Ogólny stan usług nie Microsoft (EGS) (SR = bieganie, SS = Zatrzymano)
SS - | Demand 2015-02-09 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 2014-10-29 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2014-10-29 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2005-04-04 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 2015-03-17 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 2014-04-09 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 2015-04-03 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2014-04-03 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 2009-10-15 116104 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 2009-10-06 51512 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 2014-12-08 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2009-10-27 252784 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 2009-03-10 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Demand 2009-07-14 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 2009-07-14 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 2013-12-03 240720 | (Huawei E3272) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 2009-10-02 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2009-09-30 262144 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2009-07-14 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 2009-11-13 219752 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 2012-11-13 1522312 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files (x86)\PDF Architect\HelperService.exe
SR - | Auto 2012-11-13 905864 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe
SR - | Auto 2009-07-14 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 2009-10-21 531520 | (Thpsrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\ThpSrv.exe
SR - | Auto 2009-07-28 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 2009-11-05 489312 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Demand 2009-10-21 193904 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 2009-09-28 251760 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 2009-11-05 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Demand 2009-10-30 824176 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 2009-09-30 2314240 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 2009-07-14 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2009-07-14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s



---\\ Lista emulatorów CD/DVD (MBR hak)
O58 - SDL:1601-01-02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 13s



---\\ Dodatkowe skanowanie (O88)
Database Version : 13008 - (2015-03-29)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent
~ Additionnel Scan: 275045 Items scanned in 00mn 45s



---\\ Informacje complémentaires sur moduły
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, zarządzanie serwerem Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Obiekty pomocnicze przeglądarki z przeglądarki (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer paski (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplikacje rozpoczęte przez wpisywać do rejestru i plików (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Klucz rejestru Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Podsumowanie wykrywania na stacji roboczej
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
~ MSI: 2 link(s) detected in 00mn 00s



~ 925 Legitimates filtered by white list
End of the scan (588 lines in 02mn 08s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité