Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2014.11.26.167 - Nicolas Coolman (26.11.2014)
~ Launched by lolafab (29.11.2014 15:51:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.17148
GCIE: Google Chrome v39.0.2171.71 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
AVG 2015 v15.0.5577
Malwarebytes Anti-Malware version 2.0.3.1025
Norton Internet Security v20.4.0.40
Windows Defender W8 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 12220.0 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 848 GB (93%) free of 909 GB
---\\ Connection to the system mode
~ Computer Name: LOLA
~ User Name: lolafab
~ All Users Names: UpdatusUser, lolafab, Gast, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\lolafab\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lolafab\AppData\Roaming\
~ %Desktop% : C:\Users\lolafab\Desktop\
~ %Favorites% : C:\Users\lolafab\Favorites\
~ %LocalAppData% : C:\Users\lolafab\AppData\Local\
~ %StartMenu% : C:\Users\lolafab\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 848 Go of 909 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 21 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows-Explorer.) (.09.11.2013 - 23:43:08.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Windows-Startanwendung.) (.26.07.2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.4E0BA41211B870111B8DE9B03B49C18E] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.26.10.2014 - 02:56:17.) -- C:\Windows\System32\wininet.dll [2237952]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.12.04.2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Softwarelizenzierungsbibliothek.) (.26.07.2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Treiber für zusätzliche WinSock-Funktionen.) (.29.05.2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26.07.2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26.07.2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26.07.2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26.07.2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.28.09.2013 - 06:51:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - i8042-Anschlusstreiber.) (.26.07.2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26.07.2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.14EE56050E1637926F5CFA65B1F4209B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12.07.2014 - 05:34:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404480]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26.07.2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.28.09.2013 - 07:26:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Treiber für parallelen Anschluss.) (.26.07.2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26.07.2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Geräte-Redirector für Microsoft RDP.) (.26.07.2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26.07.2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Volumeschattenkopie-Treiber.) (.09.11.2013 - 23:43:08.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368] [PID.3800]
[MD5.EFC5D323E170D859F26E4666C885484E] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3695912] [PID.2224]
[MD5.FC9095973170EB63BAB2A8554E5D25A5] - (.No owner - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073768] [PID.5360]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.5240]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.5252]
[MD5.0E84A5A8C621F733621B270C717B4379] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [249320] [PID.5800]
[MD5.BD9B0E544F4D70E20781A00A27FF98E5] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904] [PID.984]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5524]
[MD5.30D312FB9F4CD0DB48884AC58841D420] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.5956]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.5544]
[MD5.4312B4DD07050FC58146756634058CE8] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136] [PID.6104]
[MD5.966FE904599B9A0F80EA498851180829] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344] [PID.4932]
[MD5.2188063885A90823624D8090986713BF] - (.AVG Technologies CZ, s.r.o. - AVG Configuration Management Application.) -- C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe [332304] [PID.8764]
[MD5.0E144293FBAECD79A045B336FA6C0F0D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770704] [PID.7724]
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.5064]
[MD5.17D0F31B84A09B648A662AD5C06B5600] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8132608] [PID.5576]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\lolafab\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: eBay.ch.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe =>Toolbar.eBay
~ Global Startup: 2 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Kurznotizen.) -- C:\WINDOWS\system32\StikyNot.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\lolafab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Windows-Befehlsprozessor.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.No owner - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: (vToolbarUpdater18.1.10) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 20 Legitimates Filtered in 00mn 12s
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1118]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1122]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForlolafab [350]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14.11.2014 - 15:31:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
O43 - CFD: 26.07.2012 - 08:52:57 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 14.11.2014 - 15:28:44 - [] -SH-D C:\Users\lolafab\AppData\Local\Verlauf
~ Program Folder: 144 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.74ACA27B3285B34B35A11A539B18405F] - 14.11.2014 - 17:25:30 ---A- . (...) -- C:\Windows\System32\spe__l.smt [357]
O44 - LFC:[MD5.9A214019AE20DF7711C0DB8FF26783F7] - 14.11.2014 - 17:25:30 ---A- . (.No owner - UPD Co-Installer.) -- C:\Windows\System32\spe__ci.exe [158040]
O44 - LFC:[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - 14.11.2014 - 17:25:30 ---A- . (.SS - SSCoInst.) -- C:\Windows\System32\spe__ci.dll [89600]
O44 - LFC:[MD5.0BF28DEE7BFB7F2D787756A2009AD5F8] - 14.11.2014 - 17:25:31 ---A- . (.No owner - Language Monitor for Status Monitor.) -- C:\Windows\System32\spe__l.dll [34304]
O44 - LFC:[MD5.1C27CEECA7EAECC2A74C3D9D9DF68CA6] - 14.11.2014 - 17:27:07 ----- . (...) -- C:\Windows\uninstall.ico [26694]
O44 - LFC:[MD5.FC6E1C59AF69E285BE6EA3AB55C405E2] - 14.11.2014 - 17:27:07 ----- . (.No owner - Printer Software Uninstaller.) -- C:\Windows\TotalUninstaller.exe [1571160]
O44 - LFC:[MD5.C12CBBCFA32EB159E08B6F5751C231F0] - 14.11.2014 - 17:27:23 ---A- . (...) -- C:\Autoconfig.ini [72]
O44 - LFC:[MD5.B6F423906D3E10BE38C16726C0905033] - 29.11.2014 - 11:32:54 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [388729]
O44 - LFC:[MD5.7CA09731EB7FC99B910C7F239E57720F] - 29.11.2014 - 13:30:44 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Files: 235 Legitimates Filtered in 00mn 01s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:13.02.2013 - 10:28:26 ---A- . (.No owner - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [21048]
O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [21048]
O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46568]
O58 - SDL:26.07.2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:05.02.2013 - 12:59:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [544768]
O58 - SDL:29.11.2014 - 13:30:44 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Drivers: 74 Legitimates Filtered in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {65D2F53C-15FF-4BE4-A4E0-09A3162351A9} - (Amazon Suchvorschläge) - http://www.amazon.de
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22.03.2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 14.11.2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14.11.2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10.12.2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 10.07.1658 0 | (vToolbarUpdater18.1.10) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Demand 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 28.09.2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09.11.2014 1486664 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
SR - | Auto 09.11.2014 3488784 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 09.11.2014 298080 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 31.01.2013 1626872 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 10.01.2013 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 07.02.2013 1641768 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
SR - | Auto 27.09.2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 05.11.2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 01.03.2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 01.02.2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10.04.2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10.12.2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 22.02.2013 129848 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 13.02.2013 180200 | (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 22.02.2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 22.02.2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 21.05.2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
SR - | Auto 07.03.2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 07.03.2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 05.02.2013 332800 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 07.01.2013 401856 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
SR - | Demand 10.07.1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (26.11.2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.10] =>Toolbar.AVGSearch^
~ Additionnel Scan: 256421 Items scanned in 00mn 10s
---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Summary of the detections found on your workstation
~ MSI: 0 link(s) detected in 00mn 00s
~ 784 Legitimates filtered by white list
End of the scan (378 lines in 00mn 39s)(0)
~ Launched by lolafab (29.11.2014 15:51:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.17148
GCIE: Google Chrome v39.0.2171.71 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
AVG 2015 v15.0.5577
Malwarebytes Anti-Malware version 2.0.3.1025
Norton Internet Security v20.4.0.40
Windows Defender W8 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 12220.0 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 848 GB (93%) free of 909 GB
---\\ Connection to the system mode
~ Computer Name: LOLA
~ User Name: lolafab
~ All Users Names: UpdatusUser, lolafab, Gast, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\lolafab\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lolafab\AppData\Roaming\
~ %Desktop% : C:\Users\lolafab\Desktop\
~ %Favorites% : C:\Users\lolafab\Favorites\
~ %LocalAppData% : C:\Users\lolafab\AppData\Local\
~ %StartMenu% : C:\Users\lolafab\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 848 Go of 909 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 21 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows-Explorer.) (.09.11.2013 - 23:43:08.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Windows-Startanwendung.) (.26.07.2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.4E0BA41211B870111B8DE9B03B49C18E] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.26.10.2014 - 02:56:17.) -- C:\Windows\System32\wininet.dll [2237952]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.12.04.2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Softwarelizenzierungsbibliothek.) (.26.07.2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Treiber für zusätzliche WinSock-Funktionen.) (.29.05.2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26.07.2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26.07.2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26.07.2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26.07.2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.28.09.2013 - 06:51:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - i8042-Anschlusstreiber.) (.26.07.2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26.07.2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.14EE56050E1637926F5CFA65B1F4209B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12.07.2014 - 05:34:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404480]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26.07.2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.28.09.2013 - 07:26:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Treiber für parallelen Anschluss.) (.26.07.2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26.07.2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Geräte-Redirector für Microsoft RDP.) (.26.07.2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26.07.2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Volumeschattenkopie-Treiber.) (.09.11.2013 - 23:43:08.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368] [PID.3800]
[MD5.EFC5D323E170D859F26E4666C885484E] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3695912] [PID.2224]
[MD5.FC9095973170EB63BAB2A8554E5D25A5] - (.No owner - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073768] [PID.5360]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.5240]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.5252]
[MD5.0E84A5A8C621F733621B270C717B4379] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [249320] [PID.5800]
[MD5.BD9B0E544F4D70E20781A00A27FF98E5] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904] [PID.984]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5524]
[MD5.30D312FB9F4CD0DB48884AC58841D420] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.5956]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.5544]
[MD5.4312B4DD07050FC58146756634058CE8] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136] [PID.6104]
[MD5.966FE904599B9A0F80EA498851180829] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344] [PID.4932]
[MD5.2188063885A90823624D8090986713BF] - (.AVG Technologies CZ, s.r.o. - AVG Configuration Management Application.) -- C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe [332304] [PID.8764]
[MD5.0E144293FBAECD79A045B336FA6C0F0D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770704] [PID.7724]
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.5064]
[MD5.17D0F31B84A09B648A662AD5C06B5600] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8132608] [PID.5576]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\lolafab\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: eBay.ch.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe =>Toolbar.eBay
~ Global Startup: 2 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Kurznotizen.) -- C:\WINDOWS\system32\StikyNot.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\lolafab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Windows-Befehlsprozessor.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.No owner - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: (vToolbarUpdater18.1.10) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 20 Legitimates Filtered in 00mn 12s
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1118]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1122]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForlolafab [350]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14.11.2014 - 15:31:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
O43 - CFD: 26.07.2012 - 08:52:57 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 14.11.2014 - 15:28:44 - [] -SH-D C:\Users\lolafab\AppData\Local\Verlauf
~ Program Folder: 144 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.74ACA27B3285B34B35A11A539B18405F] - 14.11.2014 - 17:25:30 ---A- . (...) -- C:\Windows\System32\spe__l.smt [357]
O44 - LFC:[MD5.9A214019AE20DF7711C0DB8FF26783F7] - 14.11.2014 - 17:25:30 ---A- . (.No owner - UPD Co-Installer.) -- C:\Windows\System32\spe__ci.exe [158040]
O44 - LFC:[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - 14.11.2014 - 17:25:30 ---A- . (.SS - SSCoInst.) -- C:\Windows\System32\spe__ci.dll [89600]
O44 - LFC:[MD5.0BF28DEE7BFB7F2D787756A2009AD5F8] - 14.11.2014 - 17:25:31 ---A- . (.No owner - Language Monitor for Status Monitor.) -- C:\Windows\System32\spe__l.dll [34304]
O44 - LFC:[MD5.1C27CEECA7EAECC2A74C3D9D9DF68CA6] - 14.11.2014 - 17:27:07 ----- . (...) -- C:\Windows\uninstall.ico [26694]
O44 - LFC:[MD5.FC6E1C59AF69E285BE6EA3AB55C405E2] - 14.11.2014 - 17:27:07 ----- . (.No owner - Printer Software Uninstaller.) -- C:\Windows\TotalUninstaller.exe [1571160]
O44 - LFC:[MD5.C12CBBCFA32EB159E08B6F5751C231F0] - 14.11.2014 - 17:27:23 ---A- . (...) -- C:\Autoconfig.ini [72]
O44 - LFC:[MD5.B6F423906D3E10BE38C16726C0905033] - 29.11.2014 - 11:32:54 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [388729]
O44 - LFC:[MD5.7CA09731EB7FC99B910C7F239E57720F] - 29.11.2014 - 13:30:44 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Files: 235 Legitimates Filtered in 00mn 01s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:13.02.2013 - 10:28:26 ---A- . (.No owner - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [21048]
O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [21048]
O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46568]
O58 - SDL:26.07.2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:05.02.2013 - 12:59:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [544768]
O58 - SDL:29.11.2014 - 13:30:44 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Drivers: 74 Legitimates Filtered in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {65D2F53C-15FF-4BE4-A4E0-09A3162351A9} - (Amazon Suchvorschläge) - http://www.amazon.de
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22.03.2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 14.11.2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14.11.2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10.12.2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 10.07.1658 0 | (vToolbarUpdater18.1.10) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Demand 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 28.09.2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09.11.2014 1486664 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
SR - | Auto 09.11.2014 3488784 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 09.11.2014 298080 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 31.01.2013 1626872 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 10.01.2013 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 07.02.2013 1641768 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
SR - | Auto 27.09.2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 05.11.2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 01.03.2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 01.02.2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10.04.2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10.12.2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 22.02.2013 129848 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 13.02.2013 180200 | (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 22.02.2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 22.02.2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 21.05.2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
SR - | Auto 07.03.2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 07.03.2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 05.02.2013 332800 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 07.01.2013 401856 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
SR - | Demand 10.07.1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (26.11.2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.10] =>Toolbar.AVGSearch^
~ Additionnel Scan: 256421 Items scanned in 00mn 10s
---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Summary of the detections found on your workstation
~ MSI: 0 link(s) detected in 00mn 00s
~ 784 Legitimates filtered by white list
End of the scan (378 lines in 00mn 39s)(0)