cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.3.29.33 - Nicolas Coolman (29/03/2015)
~ Launched by Administrator (17/11/2017 06:10:53 م)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox 47.0.2 (Defaut)
GCIE: Google Chrome v47.0.2526.106
OPIE: Opera Stable v36.0.2130.80

---\\ Windows product information
~ Langage: Anglais
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ System protection software
Avast Free Antivirus v11.1.2253

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 27 NPAPI

---\\ Information on the system
~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013.4 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (4%) free of 20 GB

---\\ Connection to the system mode
~ Computer Name: 35252DA856D44CE
~ User Name: Administrator
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Guest, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrator\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrator\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrator\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrator\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Administrator\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrator\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 20 Go)
D: Hard drive, Flash drive, Thumb drive (Free 10 Go of 68 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 68 Go)
F: Hard drive, Flash drive, Thumb drive (Free 12 Go of 68 Go)
G: Hard drive, Flash drive, Thumb drive (Free 2 Go of 73 Go)
I: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in :0mn صs



---\\ Search Generic System Files
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) (.09/05/2012 - 03:00:31 م.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.D73F1BE00684E675571015B3A5880F5B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 08:33:58 م.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) (.09/05/2012 - 03:01:58 م.) -- C:\WINDOWS\system32\Winlogon.exe [509440]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/05/2012 - 03:00:21 م.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 06:10:32 ص.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.09/05/2012 - 03:00:25 م.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/05/2012 - 03:00:52 م.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) (.18/11/2008 - 05:02:08 م.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.09/05/2012 - 03:07:50 م.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.05/09/2009 - 01:43:46 ص.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 11:10:28 م.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.14/04/2008 - 02:00:00 م.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/3
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/1517
~ Mon Bureau (My Desktop) : 0/6
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in :0mn صs



---\\ Process running
[MD5.501E11AE85EE28D305D228F5931AC76C] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096] [PID.1632]
[MD5.82B7AE85A3C197514055DA16D658D8C1] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256] [PID.204]
[MD5.60B65F97C12BA30CD36450D376227C02] - (.No owner - Network Time Synchronizer.) -- C:\Program Files\NetTime\NetTime.exe [772096] [PID.220]
[MD5.94C08DF0F07C509D99FEA7CFC486C335] - (.No owner - Network Time Synchronizer - NT Service.) -- C:\Program Files\NetTime\NetTimeService.exe [473088] [PID.564]
[MD5.E7E4DD7B23239706A44798D947415406] - (.Baidu Inc. - spark.) -- C:\Program Files\baidu\Spark33.8.9999.10081\sparkservice.exe [96784] [PID.812]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1140]
[MD5.B289C20C10B241F6016FECD92B267098] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [275512] [PID.2272]
[MD5.06CC578BC150D9AAAE20672130A36CB9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8190976] [PID.3264]
[MD5.509F5C3B534CD8F5F78F7CDEBAED38CF] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [3060224] [PID.2508]
~ Processes Running: Scanned in :0mn صs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in :0mn صs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1rxr4ue.default\prefs.js
M3 - MFPP: Plugins - [Administrator] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1rxr4ue.default\searchplugins\search-for-firefox-search-engine.xml
M3 - MFPP: Plugins - [Administrator] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1rxr4ue.default\searchplugins\search-powered-by-yahoo-engine.xml
M2 - MFEP: prefs.js [Administrator - d1rxr4ue.default\mozilla_cc2@internetdownloadmanager.com] [] IDM integration v6.27.3 (..)
~ Firefox Browser: 8 Legitimates Filtered in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in :0mn صs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Orphan key
~ Toolbar: Scanned in :0mn صs



---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: Facebook.lnk . (...) -- C:\Program Files\baidu\Spark33.8.9999.10081\Spark.exe
O4 - GS\Desktop [AllUsers]: Google.lnk . (...) -- C:\Program Files\baidu\Spark33.8.9999.10081\Spark.exe
~ Global Startup: 2 Legitimates Filtered in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [NetTime] . (.No owner - Network Time Synchronizer.) -- C:\Program Files\NetTime\NetTime.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1343024091-1993962763-1935655697-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1343024091-1993962763-1935655697-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in :0mn صs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons: Scanned in :0mn صs



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in :0mn صs



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in :0mn صs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: MxService (MxService) . (...) - C:\Program Files\Maxthon\Bin\MxService.exe (.not file.)
O23 - Service: NetTime (NetTimeSvc) . (.No owner - Network Time Synchronizer - NT Service.) - C:\Program Files\NetTime\NetTimeService.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Spark33.8.9999.10081\sparkservice.exe
~ Services: 3 Legitimates Filtered in :0mn صs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
~ Desktop Component: 4 Legitimates Filtered in :0mn صs



---\\ Task Planned Automatically (039)
[MD5.92E3704809D7A2A7BE942E189064E395] [APT] [Opera scheduled Autoupdate 1503277688] (.Opera Software.) -- C:\Program Files\Opera\launcher.exe [695816]
[MD5.28A23D298BCA95D96F23C6573DDED708] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files\baidu\Spark33.8.9999.10081\SparkUpdate.exe [1372176]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job [238]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job [232]
O39 - APT: Opera scheduled Autoupdate 1503277688 - (.Opera Software.) -- C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1503277688.job [430]
O39 - APT: SparkUpdater - (.Baidu.com, Inc..) -- C:\WINDOWS\Tasks\SparkUpdater.job [422]
~ Scheduled Task: 13 Legitimates Filtered in :0mn صs



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Installed Component - S-1-5-21-1343024091-1993962763-1935655697-500 - >{X9B49E34-C7CC-11D0-8953-00A0C90347FF} -- Not Hexadécimal CLSID
~ Active Setup: 18 Legitimates Filtered in :0mn صs



---\\ Software installed (O42)
O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM] -- Spark
O42 - Logiciel: NetTime - (.Mark Griffiths.) [HKLM] -- NetTime_is1
~ Logic: 20 Legitimates Filtered in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\IM]
[HKCU\Software\InstallMonster]
[HKCU\Software\PIP]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\baidu]
[HKCU\Software\csastats]
[HKCU\Software\profession]
[HKLM\Software\Baidu]
[HKLM\Software\CloudOPTInfo]
[HKLM\Software\EVP]
[HKLM\Software\PIP]
~ Key Software: 208 Legitimates Filtered in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/02/2017 - 01:33:37 ص - [] ----D C:\Program Files\baidu
O43 - CFD: 06/09/2016 - 06:49:27 ص - [] ----D C:\Program Files\Hiru
O43 - CFD: 01/01/2009 - 09:07:35 ص - [] ----D C:\Program Files\NetTime
O43 - CFD: 23/02/2017 - 07:02:01 م - [] ----D C:\Documents and Settings\All Users\Application Data\Baidu
O43 - CFD: 11/03/2017 - 06:19:12 م - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu Browser
O43 - CFD: 01/01/2009 - 09:07:33 ص - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\NetTime
O43 - CFD: 23/02/2017 - 06:02:00 م - [] ----D C:\Documents and Settings\Administrator\Application Data\Baidu
O43 - CFD: 21/08/2017 - 02:45:00 ص - [] ----D C:\Documents and Settings\Administrator\Application Data\Tungsten
~ Program Folder: 106 Legitimates Filtered in :0mn صs



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Winamp\winamp.exe" [Enabled] .(...) -- C:\Program Files\Winamp\winamp.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\baidu\Spark\Spark.exe" [Enabled] .(.Baidu Inc..) -- C:\Program Files\baidu\Spark\Spark.exe
O47 - AAKE:Key Export SP - "C:\Program Files\baidu\Spark\baidu_dumper.exe" [Enabled] .(.Baidu Inc..) -- C:\Program Files\baidu\Spark\baidu_dumper.exe
O47 - AAKE:Key Export SP - "C:\Program Files\baidu\Spark33.8.9999.10081\Spark.exe" [Enabled] .(..) -- C:\Program Files\baidu\Spark33.8.9999.10081\Spark.exe
O47 - AAKE:Key Export SP - "C:\Program Files\baidu\Spark33.8.9999.10081\bdtray.exe" [Enabled] .(...) -- C:\Program Files\baidu\Spark33.8.9999.10081\bdtray.exe (.not file.)
~ Keys Export: 14 Legitimates Filtered in :0mn صs



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in :0mn صs



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{0f2e857b-4ea5-11e6-9c4c-806d6172696f}\AutoRun\command. (...) -- J:\setup.exe (.not file.)
~ Keys: Scanned in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:09/05/2012 - 03:07:03 م ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:21/09/2016 - 06:43:48 م ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [140936]
O58 - SDL:12/01/2014 - 11:05:46 ص ---A- . (.Windows (R) Win 7 DDK provider - Serial Port Enumerator.) -- C:\WINDOWS\system32\Drivers\nuvserenum.sys [17920]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:09/05/2012 - 03:07:03 م ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 02:00:00 م ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 53 Legitimates Filtered in :0mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 12/05/2012 - C:\Program Files\NetTime\NetTimeService.exe (NetTimeSvc) .(.No owner - Network Time Synchronizer - NT Service.) - LEGACY_NETTIMESVC
O64 - Services: CurCS - 25/08/2017 - C:\Program Files\baidu\Spark33.8.9999.10081\sparkservice.exe (SparkSvc) .(.Baidu Inc. - spark.) - LEGACY_SPARKSVC
~ Legacy: 118 Legitimates Filtered in :0mn صs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.No owner - spark.) -- C:\Program Files\baidu\Spark33.8.9999.10081\Spark.exe
~ FASS Keys: 10 Legitimates Filtered in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.No owner - spark.) -- C:\Program Files\baidu\Spark33.8.9999.10081\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files\baidu\Spark\Spark.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files\baidu\Spark\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld\Chrome\Application\twchrome.exe (.not file.)
~ Keys: Scanned in :0mn صs



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\Anti_Porn_v12.3.6.23\Cracked\EagleSvr.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\Anti_Porn_v12.3.6.23\Cracked\EglSrv.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\كل كل كل البرامج\Winavi All-in-one Converter V1.2.1.3985 + Keygen\Setup.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\كل كل كل البرامج\نسخة مكركة لسوبر هايد اى بى\Super Hide Ip Cracked By zaza151.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\Anti_Porn_v12.3.6.23\Cracked\EagleSvr.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\Anti_Porn_v12.3.6.23\Cracked\EglSrv.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\كل كل كل البرامج\Winavi All-in-one Converter V1.2.1.3985 + Keygen\Setup.exe =>.Crack,Keygen
C:\Documents and Settings\Administrator\My Documents\فلاشة\برامج\Removable Disk (H)\كل البرامج\كل كل كل البرامج\نسخة مكركة لسوبر هايد اى بى\Super Hide Ip Cracked By zaza151.exe =>.Crack,Keygen
D:\CCleaner.5.14.5493.Elk!ng\CCleaner.5.14.5493.Elk!ng\keygen\cr-piriform.exe =>.Crack,Keygen
D:\CCleaner.5.14.5493.Elk!ng\CCleaner.5.14.5493.Elk!ng\keygen.rar =>.Crack,Keygen
F:\Games\fifa2007\Crak Fifa 2007\fifa.07.keygen-tsrh.zip =>.Crack,Keygen
F:\Games\PES6\PES6\keygen.exe =>.Crack,Keygen
F:\منوعات\Compressed\DF_Au_En By MR ! HERO\DF_Au_En By MR ! HERO\DFX_Audio_Enhance\CORE\CORE\keygen.exe =>.Crack,Keygen
~ Files: Scanned in :3mn صs



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial) =>PUP.SpeedDial
~ BCK: 2545 Legitimates Filtered in :0mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/11/2017 272384 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 18/11/2016 172488 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 22/07/1658 0 | (MxService) . (...) - C:\Program Files\Maxthon\Bin\MxService.exe
SR - | Auto 21/07/2016 237096 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/05/2012 473088 | (NetTimeSvc) . (...) - C:\Program Files\NetTime\NetTimeService.exe
SR - | Auto 25/08/2017 96784 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Spark33.8.9999.10081\sparkservice.exe
~ Services: Scanned in :0mn صs



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrator at 17/11/2017 06:13:25 م
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x8658EAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in :0mn صs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrator at 17/11/2017 06:13:27 م
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in :0mn صs



---\\ Scan Additionnel (O88)
Database Version : 13008 - (29/03/2015)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\PIP] =>Toolbar.Ask
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial) =>PUP.SpeedDial^
~ Additionnel Scan: 94443 Items scanned in :2mn صs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in :0mn صs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/32720552-pup-speeddial =>PUP.SpeedDial
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Toolbar.Yahoo
~ MSI: 4 link(s) detected in :0mn صs



~ 716 Legitimates filtered by white list
End of the scan (485 lines in :0mn صs)(13.4)

Publicité


Signaler le contenu de ce document

Publicité