Laptop shuts down on its own
Closed
Sia
-
Dec 20, 2013 at 04:08 PM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Dec 21, 2013 at 02:31 PM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Dec 21, 2013 at 02:31 PM
Hello,
My laptop is an ASUS N71J and it's shutting down on its own as if there's a power outage. It's plugged in, not running on battery. I'm running windows 7.
I ran bitdefender to scan for viruses, but it's not coming up with anything.
I ran ZHPdiag and this is what it spat out.
I'm wondering if someone here can divine what's going on?
Thanks so much!
----
~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Launched by Sia (20/12/2013 3:43:48 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v29.0.1547.62
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Bitdefender Antivirus Plus 2012 v15.0.41
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45
Java 7 Update 45
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4020.5 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 362 GB (81%) free of 446 GB
---\\ Connection to the system mode
~ Computer Name: SISI
~ User Name: Sia
~ All Users Names: Sia, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sia\AppData\Roaming\
~ %Desktop% : C:\Users\Sia\Desktop\
~ %Favorites% : C:\Users\Sia\Favorites\
~ %LocalAppData% : C:\Users\Sia\AppData\Local\
~ %StartMenu% : C:\Users\Sia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 362 Go of 446 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 8:24:45 AM.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Internet Extensions for Win32.) (.04/09/2013 - 2:19:13 AM.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 8:25:30 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 8:27:26 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/12/2011 - 10:59:24 PM.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 4:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 4:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 5:43:43 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 4:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 9:45:08 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 5:52:35 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 4:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 8:34:02 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 02mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/1277
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/45
~ Mon Bureau (My Desktop) : 1/793
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 03mn AMs
---\\ Process running
[MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.3760]
[MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.3848]
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.No owner - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.3856]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.No owner - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.3868]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sia\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.2416]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.3204]
[MD5.C32B36D2168AEA9D4FA77C0A4F56379D] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7350912] [PID.3316]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3508]
[MD5.E0923A875F209557BA312912BB3C83D6] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328] [PID.3608]
[MD5.D3242FF9E28EAFC77EACB2B8956724C3] - (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240] [PID.3156]
[MD5.F1BA2F00F892B3C029C5B88E0C1C103E] - (.No owner - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [4624240] [PID.4216]
[MD5.A51008DA51494B89E1593076B7AFE7B1] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [395120] [PID.4908]
[MD5.07E56F90546052D0574355E16AB48A6F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.4612]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3544]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3824]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8295936] [PID.3060]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.712]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.No owner - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1600]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2260]
[MD5.53281BC7812F67534489FF4001A2887E] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [182912] [PID.3420]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.5048]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.5096]
~ Processes Running: Scanned in 04mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Sia\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Sia - 6tuk5adl.default\***@***] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 7 Legitimates Filtered in 02mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: WebConnect [64Bits] - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files (x86)\WebConnect\WebConnectbho.dll =>PUP.WebConnect
~ BHO: 11 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Orphan key
~ Toolbar: Scanned in 00mn AMs
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Spirit Tales.lnk . (.X-LEGEND ENTERTAINMENT - Spirit Tales.) -- C:\koramgame\STOnline\Launcher.exe
O4 - GS\Desktop [Public]: syncables desktop SE.lnk . (.syncables, LLC - SyncablesHost.) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesHost.exe
O4 - GS\Desktop [Public]: TERA-Launcher.lnk . (.Solid State Networks - TERA.) -- C:\Program Files (x86)\TERA\TERA-Launcher.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Sia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Sia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Sia]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Sia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Sia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 62 Legitimates Filtered in 17mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BDAgent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sia\AppData\Local\Akamai\netsession_win.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2881421560-2958287968-3058176618-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sia\AppData\Local\Akamai\netsession_win.exe
~ Application: Scanned in 00mn AMs
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.vizzed.com
~ IE Zone Confiance: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0948111-9195-4039-86C0-EAE76631D16F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0948111-9195-4039-86C0-EAE76631D16F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0948111-9195-4039-86C0-EAE76631D16F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) . (.No owner - GFNEXSrv.) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) . (.Bitdefender - Bitdefender Security Service.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
~ Services: 7 Legitimates Filtered in 06mn AMs
---\\ Software installed (O42)
O42 - Logiciel: STOnline - (.koramgame.) [HKLM][64Bits] -- {14FE48DA-E172-4CC5-B397-92ECA4B0E088}
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM][64Bits] -- WebConnect =>PUP.WebConnect
~ Logic: 23 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Downloads24-7]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\OCS]
[HKCU\Software\The Sea App] =>Adware.TheSeaApp
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp
[HKCU\Software\WebConnect] =>PUP.WebConnect
[HKLM\Software\Wow6432Node\En Masse Entertainment]
[HKLM\Software\Wow6432Node\Koramgame]
~ Key Software: 231 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 31/08/2013 - 9:31:30 PM - [0.015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 31/08/2013 - 9:28:18 PM - [1.172] ----D C:\Program Files (x86)\WebConnect =>PUP.WebConnect
O43 - CFD: 02/10/2013 - 2:29:25 PM - [0.001] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 31/08/2013 - 9:32:46 PM - [0.001] ----D C:\ProgramData\Partner
O43 - CFD: 01/09/2013 - 1:18:30 AM - [0.000] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 01/09/2013 - 1:18:32 AM - [0.000] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 31/08/2013 - 9:28:31 PM - [0] ----D C:\Users\Sia\AppData\Roaming\0D1F2W1G1I1F1T1Q1BtByE
O43 - CFD: 02/10/2013 - 2:28:57 PM - [0.308] ----D C:\Users\Sia\AppData\Roaming\File Scout =>PUP.FileScout
~ Program Folder: 139 Legitimates Filtered in 02mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CDD862092CDA309A99D3B04C0A9FF563] - 15/12/2013 - 6:10:59 PM --HA- . (...) -- C:\bdr-bz01 [2510608]
O44 - LFC:[MD5.7A9BC57206FBFCA5B2004FEE6FDF5E1F] - 15/12/2013 - 6:10:59 PM --HA- . (...) -- C:\bdr-im01.gz [37133166]
O44 - LFC:[MD5.C58E870A4B7E49805DD74EE77A4BAB34] - 15/12/2013 - 6:15:48 PM --HA- . (...) -- C:\bdr-cf01 [684]
O44 - LFC:[MD5.8E83A0EAB3AD8599EA4CC21F18564B2D] - 15/12/2013 - 6:15:48 PM --HA- . (...) -- C:\bdr-ld01 [253404]
O44 - LFC:[MD5.0F6AA65A6E1037C915DD38A8109ACAFE] - 15/12/2013 - 6:15:48 PM --HA- . (...) -- C:\bdr-ld01.mbr [9216]
O44 - LFC:[MD5.A97DFDECBE7D85ACB894931906FB5C63] - 15/12/2013 - 7:19:35 PM ---A- . (...) -- C:\Windows\ntbtlog.txt [424080]
O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 15/12/2013 - 7:22:27 PM ---A- . (...) -- C:\Windows\System32\user_gensett.xml [385]
O44 - LFC:[MD5.C0D75B3C4669BAEC4DEB93A8C70B4833] - 15/12/2013 - 7:23:00 PM ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [2082]
O44 - LFC:[MD5.92133EAF0CFAD1D16255CD90BD51CC7B] - 15/12/2013 - 7:23:00 PM ---A- . (...) -- C:\Windows\System32\ServiceFilter.ini [1673]
O44 - LFC:[MD5.53F204E0365921211781CB4B204113EB] - 20/12/2013 - 6:05:14 AM ---A- . (...) -- C:\bdlog.txt [5069]
~ Files: 19 Legitimates Filtered in 41mn AMs
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.CE53C6A20739D9A7880AA69556E41146] - 18/12/2013 - 8:29:56 PM ---A- - C:\Windows\Prefetch\PAPERSPLEASE.EXE-3EFBEA1C.pf
O45 - LFCP:[MD5.DA9BCF0E17E06F316720DEBB8E50642C] - 18/12/2013 - 8:30:22 PM ---A- - C:\Windows\Prefetch\PAPERSPLEASE.EXE-3F5CCDDC.pf
O45 - LFCP:[MD5.7C3B2380E645424C5C5D8562859B8F99] - 20/12/2013 - 2:58:39 AM ---A- - C:\Windows\Prefetch\TL.EXE-0C70FE4C.pf
O45 - LFCP:[MD5.4B260C6B005B2DA0FAB67D296D6F4F77] - 20/12/2013 - 2:58:41 AM ---A- - C:\Windows\Prefetch\TERA.EXE-E2CA2035.pf
O45 - LFCP:[MD5.8808758450678F42E8C4BED2442E5D74] - 20/12/2013 - 3:30:43 PM ---A- - C:\Windows\Prefetch\CORESYNC.EXE-4B2BC29D.pf
O45 - LFCP:[MD5.3A9E84F29AA234DA334AB15DFFCA7D61] - 20/12/2013 - 4:05:27 AM ---A- - C:\Windows\Prefetch\DS3_TOOL.EXE-AB4B06EA.pf
O45 - LFCP:[MD5.D11B023BD148D52649A5DEA3E9FCDF83] - 20/12/2013 - 5:43:22 AM ---A- - C:\Windows\Prefetch\INSTALLER.EXE-F13B2F53.pf
~ Prefetcher: 99 Legitimates Filtered in 01mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Setwallpaper [Key] . (...) -- c:\programdata\SetWallpaper.cmd (.not file.)
~ SMSR Keys: 20 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3C38648375B7F3988691F53A7AAE10A9] - 15/10/2009 - 4:23:19 AM ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [117760]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/07/2009 - 4:29:39 AM ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.1CDADE078F46F10919F21E08E22D227D] - 29/12/2008 - 4:14:27 AM ---A- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35456]
O58 - SDL:[MD5.2114518E55B380A3ACC28B2C27FD499A] - 19/08/2009 - 9:41:37 PM ---A- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1800192]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 33mn AMs
---\\ Last modified or created user files (O61)
O61 - LFC: 18/12/2013 - 3:49:23 PM ---A- . (...) -- C:\Users\Sia\AppData\Roaming\3909 LLC\PapersPlease\save.sol [1966]
O61 - LFC: 18/12/2013 - 3:49:45 PM ---A- . (...) -- C:\Users\Sia\Downloads\PapersPlease-0.5.13-Win.zip [12863847]
O61 - LFC: 19/12/2013 - 3:49:28 PM ---A- . (...) -- C:\Users\Sia\AppData\Roamingprivacy.xml [376]
O61 - LFC: 19/12/2013 - 3:49:29 PM ---A- . (...) -- C:\Users\Sia\Documents\clockstrikesmidnight.odt [9029]
O61 - LFC: 20/12/2013 - 3:49:23 PM ---A- . (...) -- C:\Users\Sia\AppData\Local\TERA\launcher\live.settings [240]
O61 - LFC: 20/12/2013 - 3:49:28 PM ---A- . (...) -- C:\Users\Sia\AppData\Roaming\ZHP\Log.txt [18575] =>.Nicolas Coolman
O61 - LFC: 20/12/2013 - 3:49:28 PM ---A- . (...) -- C:\Users\Sia\AppData\Roaming\ZHP\TestsZHPDiag.txt [2768] =>.Nicolas Coolman
~ 38 Fichiers temporaires (Temporary files)
~ Files: 116 Legitimates Filtered in 25mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.5098FEFDC94A4019A1D8CA376B623CE6] [SPRF][15/12/2013] (...) -- C:\ProgramData\1387148891.bdinstall.bin [280416]
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][06/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
~ Files: 2 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{7E4A95C3-7EBA-4DE6-A0C9-3D1E1ADBA755}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{44277665-C4FD-4702-8C38-86325E5C084A}" |Out - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{A004D4D8-EB61-4F42-9A7A-E2082D8FDAE8}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{C8512823-AC92-468A-9889-2F7BC1FC8338}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{606B2099-91A6-472E-9D7D-E1EDC85CE0D2}" | In - None - P6 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{94769EB4-A7ED-4E92-8F1A-10353A1A2984}" | Out - None - P6 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{59F28349-8A2D-4B12-93D0-623921B97935}" | In - None - P17 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{D270ED6C-7CD9-499F-9685-5EBB7F2C68BF}" | Out - None - P17 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
~ Firewall: 213 Legitimates Filtered in 04mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/10/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 25/10/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 25/10/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 30/09/2009 262144 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Disabled 13/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 06/04/2010 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Disabled 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 30/09/2009 2314240 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/10/2011 466736 | (Update Server) . (.BitDefender.) - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
SS - | Disabled 29/08/2013 206632 | (Update WebConnect) . (.WebConnect.) - C:\Program Files (x86)\WebConnect\updateWebConnect.exe =>PUP.WebConnect
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 18/11/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 15/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 28/05/2012 67904 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
SR - | Auto 21/11/2012 1957912 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 31mn AMs
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Sia at 20/12/2013 3:54:15 PM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sia at 20/12/2013 3:54:17 PM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect] =>PUP.WebConnect^
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon] =>PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect
[HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =>PUP.WebConnect
[HKLM\Software\Wow6432Node\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =>PUP.WebConnect
[HKLM\Software\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}] =>PUP.WebConnect
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\WebConnect =>PUP.WebConnect^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\Users\Sia\AppData\Roaming\File Scout =>PUP.FileScout^
C:\ProgramData\Partner =>Spyware.Partner
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\The Sea App] =>Adware.TheSeaApp^
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp^
[HKCU\Software\WebConnect] =>PUP.WebConnect^
~ Additionnel Scan: 277931 Items scanned in 19mn AMs
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect =>PUP.WebConnect
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/32592770-adware-theseaapp =>Adware.TheSeaApp
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 7 link(s) detected in 19mn AMs
~ 1210 Legitimates filtered by white list
End of the scan (485 lines in 48mn AMs)(0)
My laptop is an ASUS N71J and it's shutting down on its own as if there's a power outage. It's plugged in, not running on battery. I'm running windows 7.
I ran bitdefender to scan for viruses, but it's not coming up with anything.
I ran ZHPdiag and this is what it spat out.
I'm wondering if someone here can divine what's going on?
Thanks so much!
----
~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Launched by Sia (20/12/2013 3:43:48 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v29.0.1547.62
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Bitdefender Antivirus Plus 2012 v15.0.41
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45
Java 7 Update 45
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4020.5 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 362 GB (81%) free of 446 GB
---\\ Connection to the system mode
~ Computer Name: SISI
~ User Name: Sia
~ All Users Names: Sia, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sia\AppData\Roaming\
~ %Desktop% : C:\Users\Sia\Desktop\
~ %Favorites% : C:\Users\Sia\Favorites\
~ %LocalAppData% : C:\Users\Sia\AppData\Local\
~ %StartMenu% : C:\Users\Sia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 362 Go of 446 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 8:24:45 AM.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Internet Extensions for Win32.) (.04/09/2013 - 2:19:13 AM.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 8:25:30 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 8:27:26 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/12/2011 - 10:59:24 PM.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 4:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 4:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 5:43:43 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 4:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 9:45:08 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 5:52:35 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 4:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 8:34:02 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 02mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/1277
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/45
~ Mon Bureau (My Desktop) : 1/793
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 03mn AMs
---\\ Process running
[MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.3760]
[MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.3848]
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.No owner - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.3856]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.No owner - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.3868]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sia\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.2416]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.3204]
[MD5.C32B36D2168AEA9D4FA77C0A4F56379D] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7350912] [PID.3316]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3508]
[MD5.E0923A875F209557BA312912BB3C83D6] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328] [PID.3608]
[MD5.D3242FF9E28EAFC77EACB2B8956724C3] - (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240] [PID.3156]
[MD5.F1BA2F00F892B3C029C5B88E0C1C103E] - (.No owner - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [4624240] [PID.4216]
[MD5.A51008DA51494B89E1593076B7AFE7B1] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [395120] [PID.4908]
[MD5.07E56F90546052D0574355E16AB48A6F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.4612]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3544]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3824]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8295936] [PID.3060]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.712]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.No owner - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1600]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2260]
[MD5.53281BC7812F67534489FF4001A2887E] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [182912] [PID.3420]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.5048]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.5096]
~ Processes Running: Scanned in 04mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Sia\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Sia - 6tuk5adl.default\***@***] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 7 Legitimates Filtered in 02mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: WebConnect [64Bits] - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files (x86)\WebConnect\WebConnectbho.dll =>PUP.WebConnect
~ BHO: 11 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Orphan key
~ Toolbar: Scanned in 00mn AMs
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Spirit Tales.lnk . (.X-LEGEND ENTERTAINMENT - Spirit Tales.) -- C:\koramgame\STOnline\Launcher.exe
O4 - GS\Desktop [Public]: syncables desktop SE.lnk . (.syncables, LLC - SyncablesHost.) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesHost.exe
O4 - GS\Desktop [Public]: TERA-Launcher.lnk . (.Solid State Networks - TERA.) -- C:\Program Files (x86)\TERA\TERA-Launcher.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Sia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Sia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Sia]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Sia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Sia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 62 Legitimates Filtered in 17mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BDAgent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sia\AppData\Local\Akamai\netsession_win.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2881421560-2958287968-3058176618-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sia\AppData\Local\Akamai\netsession_win.exe
~ Application: Scanned in 00mn AMs
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.vizzed.com
~ IE Zone Confiance: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0948111-9195-4039-86C0-EAE76631D16F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0948111-9195-4039-86C0-EAE76631D16F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0948111-9195-4039-86C0-EAE76631D16F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) . (.No owner - GFNEXSrv.) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) . (.Bitdefender - Bitdefender Security Service.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
~ Services: 7 Legitimates Filtered in 06mn AMs
---\\ Software installed (O42)
O42 - Logiciel: STOnline - (.koramgame.) [HKLM][64Bits] -- {14FE48DA-E172-4CC5-B397-92ECA4B0E088}
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM][64Bits] -- WebConnect =>PUP.WebConnect
~ Logic: 23 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Downloads24-7]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\OCS]
[HKCU\Software\The Sea App] =>Adware.TheSeaApp
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp
[HKCU\Software\WebConnect] =>PUP.WebConnect
[HKLM\Software\Wow6432Node\En Masse Entertainment]
[HKLM\Software\Wow6432Node\Koramgame]
~ Key Software: 231 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 31/08/2013 - 9:31:30 PM - [0.015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 31/08/2013 - 9:28:18 PM - [1.172] ----D C:\Program Files (x86)\WebConnect =>PUP.WebConnect
O43 - CFD: 02/10/2013 - 2:29:25 PM - [0.001] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 31/08/2013 - 9:32:46 PM - [0.001] ----D C:\ProgramData\Partner
O43 - CFD: 01/09/2013 - 1:18:30 AM - [0.000] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 01/09/2013 - 1:18:32 AM - [0.000] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 31/08/2013 - 9:28:31 PM - [0] ----D C:\Users\Sia\AppData\Roaming\0D1F2W1G1I1F1T1Q1BtByE
O43 - CFD: 02/10/2013 - 2:28:57 PM - [0.308] ----D C:\Users\Sia\AppData\Roaming\File Scout =>PUP.FileScout
~ Program Folder: 139 Legitimates Filtered in 02mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CDD862092CDA309A99D3B04C0A9FF563] - 15/12/2013 - 6:10:59 PM --HA- . (...) -- C:\bdr-bz01 [2510608]
O44 - LFC:[MD5.7A9BC57206FBFCA5B2004FEE6FDF5E1F] - 15/12/2013 - 6:10:59 PM --HA- . (...) -- C:\bdr-im01.gz [37133166]
O44 - LFC:[MD5.C58E870A4B7E49805DD74EE77A4BAB34] - 15/12/2013 - 6:15:48 PM --HA- . (...) -- C:\bdr-cf01 [684]
O44 - LFC:[MD5.8E83A0EAB3AD8599EA4CC21F18564B2D] - 15/12/2013 - 6:15:48 PM --HA- . (...) -- C:\bdr-ld01 [253404]
O44 - LFC:[MD5.0F6AA65A6E1037C915DD38A8109ACAFE] - 15/12/2013 - 6:15:48 PM --HA- . (...) -- C:\bdr-ld01.mbr [9216]
O44 - LFC:[MD5.A97DFDECBE7D85ACB894931906FB5C63] - 15/12/2013 - 7:19:35 PM ---A- . (...) -- C:\Windows\ntbtlog.txt [424080]
O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 15/12/2013 - 7:22:27 PM ---A- . (...) -- C:\Windows\System32\user_gensett.xml [385]
O44 - LFC:[MD5.C0D75B3C4669BAEC4DEB93A8C70B4833] - 15/12/2013 - 7:23:00 PM ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [2082]
O44 - LFC:[MD5.92133EAF0CFAD1D16255CD90BD51CC7B] - 15/12/2013 - 7:23:00 PM ---A- . (...) -- C:\Windows\System32\ServiceFilter.ini [1673]
O44 - LFC:[MD5.53F204E0365921211781CB4B204113EB] - 20/12/2013 - 6:05:14 AM ---A- . (...) -- C:\bdlog.txt [5069]
~ Files: 19 Legitimates Filtered in 41mn AMs
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.CE53C6A20739D9A7880AA69556E41146] - 18/12/2013 - 8:29:56 PM ---A- - C:\Windows\Prefetch\PAPERSPLEASE.EXE-3EFBEA1C.pf
O45 - LFCP:[MD5.DA9BCF0E17E06F316720DEBB8E50642C] - 18/12/2013 - 8:30:22 PM ---A- - C:\Windows\Prefetch\PAPERSPLEASE.EXE-3F5CCDDC.pf
O45 - LFCP:[MD5.7C3B2380E645424C5C5D8562859B8F99] - 20/12/2013 - 2:58:39 AM ---A- - C:\Windows\Prefetch\TL.EXE-0C70FE4C.pf
O45 - LFCP:[MD5.4B260C6B005B2DA0FAB67D296D6F4F77] - 20/12/2013 - 2:58:41 AM ---A- - C:\Windows\Prefetch\TERA.EXE-E2CA2035.pf
O45 - LFCP:[MD5.8808758450678F42E8C4BED2442E5D74] - 20/12/2013 - 3:30:43 PM ---A- - C:\Windows\Prefetch\CORESYNC.EXE-4B2BC29D.pf
O45 - LFCP:[MD5.3A9E84F29AA234DA334AB15DFFCA7D61] - 20/12/2013 - 4:05:27 AM ---A- - C:\Windows\Prefetch\DS3_TOOL.EXE-AB4B06EA.pf
O45 - LFCP:[MD5.D11B023BD148D52649A5DEA3E9FCDF83] - 20/12/2013 - 5:43:22 AM ---A- - C:\Windows\Prefetch\INSTALLER.EXE-F13B2F53.pf
~ Prefetcher: 99 Legitimates Filtered in 01mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Setwallpaper [Key] . (...) -- c:\programdata\SetWallpaper.cmd (.not file.)
~ SMSR Keys: 20 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3C38648375B7F3988691F53A7AAE10A9] - 15/10/2009 - 4:23:19 AM ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [117760]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/07/2009 - 4:29:39 AM ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.1CDADE078F46F10919F21E08E22D227D] - 29/12/2008 - 4:14:27 AM ---A- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35456]
O58 - SDL:[MD5.2114518E55B380A3ACC28B2C27FD499A] - 19/08/2009 - 9:41:37 PM ---A- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1800192]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 33mn AMs
---\\ Last modified or created user files (O61)
O61 - LFC: 18/12/2013 - 3:49:23 PM ---A- . (...) -- C:\Users\Sia\AppData\Roaming\3909 LLC\PapersPlease\save.sol [1966]
O61 - LFC: 18/12/2013 - 3:49:45 PM ---A- . (...) -- C:\Users\Sia\Downloads\PapersPlease-0.5.13-Win.zip [12863847]
O61 - LFC: 19/12/2013 - 3:49:28 PM ---A- . (...) -- C:\Users\Sia\AppData\Roamingprivacy.xml [376]
O61 - LFC: 19/12/2013 - 3:49:29 PM ---A- . (...) -- C:\Users\Sia\Documents\clockstrikesmidnight.odt [9029]
O61 - LFC: 20/12/2013 - 3:49:23 PM ---A- . (...) -- C:\Users\Sia\AppData\Local\TERA\launcher\live.settings [240]
O61 - LFC: 20/12/2013 - 3:49:28 PM ---A- . (...) -- C:\Users\Sia\AppData\Roaming\ZHP\Log.txt [18575] =>.Nicolas Coolman
O61 - LFC: 20/12/2013 - 3:49:28 PM ---A- . (...) -- C:\Users\Sia\AppData\Roaming\ZHP\TestsZHPDiag.txt [2768] =>.Nicolas Coolman
~ 38 Fichiers temporaires (Temporary files)
~ Files: 116 Legitimates Filtered in 25mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.5098FEFDC94A4019A1D8CA376B623CE6] [SPRF][15/12/2013] (...) -- C:\ProgramData\1387148891.bdinstall.bin [280416]
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][06/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
~ Files: 2 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{7E4A95C3-7EBA-4DE6-A0C9-3D1E1ADBA755}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{44277665-C4FD-4702-8C38-86325E5C084A}" |Out - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{A004D4D8-EB61-4F42-9A7A-E2082D8FDAE8}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{C8512823-AC92-468A-9889-2F7BC1FC8338}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{606B2099-91A6-472E-9D7D-E1EDC85CE0D2}" | In - None - P6 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{94769EB4-A7ED-4E92-8F1A-10353A1A2984}" | Out - None - P6 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{59F28349-8A2D-4B12-93D0-623921B97935}" | In - None - P17 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{D270ED6C-7CD9-499F-9685-5EBB7F2C68BF}" | Out - None - P17 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
~ Firewall: 213 Legitimates Filtered in 04mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/10/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 25/10/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 25/10/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 30/09/2009 262144 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Disabled 13/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 06/04/2010 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Disabled 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 30/09/2009 2314240 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/10/2011 466736 | (Update Server) . (.BitDefender.) - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
SS - | Disabled 29/08/2013 206632 | (Update WebConnect) . (.WebConnect.) - C:\Program Files (x86)\WebConnect\updateWebConnect.exe =>PUP.WebConnect
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 18/11/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 15/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 28/05/2012 67904 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
SR - | Auto 21/11/2012 1957912 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 31mn AMs
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Sia at 20/12/2013 3:54:15 PM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sia at 20/12/2013 3:54:17 PM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect] =>PUP.WebConnect^
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon] =>PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect
[HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =>PUP.WebConnect
[HKLM\Software\Wow6432Node\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =>PUP.WebConnect
[HKLM\Software\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}] =>PUP.WebConnect
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\WebConnect =>PUP.WebConnect^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\Users\Sia\AppData\Roaming\File Scout =>PUP.FileScout^
C:\ProgramData\Partner =>Spyware.Partner
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\The Sea App] =>Adware.TheSeaApp^
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp^
[HKCU\Software\WebConnect] =>PUP.WebConnect^
~ Additionnel Scan: 277931 Items scanned in 19mn AMs
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect =>PUP.WebConnect
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/32592770-adware-theseaapp =>Adware.TheSeaApp
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 7 link(s) detected in 19mn AMs
~ 1210 Legitimates filtered by white list
End of the scan (485 lines in 48mn AMs)(0)
Related:
- Laptop shuts down on its own
- How to type # on laptop keyboard - Guide
- Gta 5 download apk laptop - Download - Action and adventure
- Laptop restarts on its own - Guide
- Can't type on laptop - Guide
- Google meet download for laptop - Download - Video calls
1 response
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Dec 21, 2013 at 02:31 PM
Dec 21, 2013 at 02:31 PM
Hello,
Try this 1
May be because of overheating, it's getting shutdown.
Clean all the vents, blow out with canned air.
Remove the power adapter and the battery from your laptop. Open the laptop
case to access the CPU Fan and the heat sink. Remove all the dust from the Fan
and also from the heat sink. Never run your laptop on bag & bed. Sides, back and
bottom must be clear.
If possible remove the old thermal paste from the CPU and apply a new thermal
paste for better heat conductivity.
Good Luck
Try this 1
May be because of overheating, it's getting shutdown.
Clean all the vents, blow out with canned air.
Remove the power adapter and the battery from your laptop. Open the laptop
case to access the CPU Fan and the heat sink. Remove all the dust from the Fan
and also from the heat sink. Never run your laptop on bag & bed. Sides, back and
bottom must be clear.
If possible remove the old thermal paste from the CPU and apply a new thermal
paste for better heat conductivity.
Good Luck
