Laptop Randomly restarts itself
Closed
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
-
Jan 17, 2015 at 05:53 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 18, 2015 at 06:24 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 18, 2015 at 06:24 AM
Related:
- Laptop Randomly restarts itself
- How to type # in laptop - Guide
- Gta 5 download apk laptop - Download - Action and adventure
- Laptop screen goes black randomly - Guide
- Laptop restarts on its own - Guide
- Minecraft free download laptop - Download - Sandbox
9 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Jan 17, 2015 at 05:57 AM
Jan 17, 2015 at 05:57 AM
Hello
It may not be a virus issue but a hardware issue such as a power supply problem.
Have you added hardware? Have you downloaded and installed new software ?
It may not be a virus issue but a hardware issue such as a power supply problem.
Have you added hardware? Have you downloaded and installed new software ?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Jan 17, 2015 at 06:14 AM
Jan 17, 2015 at 06:14 AM
Shut down can also be cause by a memory problem.
What is your operating system?
What is your operating system?
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 06:15 AM
Jan 17, 2015 at 06:15 AM
win 7 home premium
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Jan 17, 2015 at 06:18 AM
Jan 17, 2015 at 06:18 AM
Okay
Let's try ZHP Diag again but make sure you follow the instructions in this link:
https://ccm.net/download/download-23176-zhpdiag
Let's try ZHP Diag again but make sure you follow the instructions in this link:
https://ccm.net/download/download-23176-zhpdiag
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 06:19 AM
Jan 17, 2015 at 06:19 AM
okay sir! :)
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
>
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 06:22 AM
Jan 17, 2015 at 06:22 AM
You may delay answering you as I will sign out until later today.
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 06:32 AM
Jan 17, 2015 at 06:32 AM
i forgot, i also installed PowerISO
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
>
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 06:42 AM
Jan 17, 2015 at 06:42 AM
That's okay as long as you got it from a reliable source.
Didn't find the answer you are looking for?
Ask a question
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 06:57 AM
Jan 17, 2015 at 06:57 AM
is there any way i can send you the log, cause it wont start uploading at speedyshare
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Jan 17, 2015 at 07:06 AM
Jan 17, 2015 at 07:06 AM
Exceptionally for you, copy and paste here "reply to topic.
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 07:08 AM
Jan 17, 2015 at 07:08 AM
~ Report of ZHPDiag v2015.1.15.6 - Nicolas Coolman (1/15/2015)
~ Launched by ka domeng (1/16/2015 7:28:47 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : https://nicolascoolman.eu
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v12.0.742.91 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
---\\ System protection software
McAfee Internet Security v11.0.543
Windows Defender W7 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 10 ActiveX
Adobe Reader X
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4077.9 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 401 GB (88%) free of 453 GB
---\\ Connection to the system mode
~ Computer Name: TOSHIBA
~ User Name: ka domeng
~ All Users Names: ka domeng, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\ka domeng\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ka domeng\AppData\Roaming\
~ %Desktop% : C:\Users\ka domeng\Desktop\
~ %Favorites% : C:\Users\ka domeng\Favorites\
~ %LocalAppData% : C:\Users\ka domeng\AppData\Local\
~ %StartMenu% : C:\Users\ka domeng\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 401 Go of 453 Go)
D: Hard drive, Flash drive, Thumb drive (Free 12 Go of 128 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 40 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 2:19:30 PM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 9:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2011 - 5:57:18 PM.) -- C:\Windows\System32\wininet.dll [1389056]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.11/21/2010 - 11:24:29 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/21/2010 - 11:24:16 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D5B031C308A409A0A576BFF4CF083D30] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/25/2011 - 10:34:03 AM.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 9:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 7:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/21/2010 - 11:23:47 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/21/2010 - 11:24:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/21/2010 - 11:23:47 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 7:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 8:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 10:40:40 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/21/2010 - 11:23:51 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - NT File System Driver.) (.3/11/2011 - 2:41:34 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 8:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/21/2010 - 11:24:33 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 8:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/21/2010 - 11:24:32 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.2/25/2011 - 2:25:38 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 1/2768
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.8E07CD62B3B3C009CC50986A4D6FA9AA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1011768] [PID.3008]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1620]
[MD5.AFDF3BDDF90824B727A272A2715D34FB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8154624] [PID.2384]
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\ka domeng\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 3 Legitimates Filtered in 09mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 1 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
~ Toolbar: Scanned in 00mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe (.not file.)
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Wow6432Node\Run: [TSleepSrv] . (.TOSHIBA - TOSHIBA Sleep Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-361853049-1329643384-892397189-1000\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
~ Application: Scanned in 00mn AMs
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (rpcnetp) . (...) - C:\Windows\System32\rpcnetp.exe
~ Services: 24 Legitimates Filtered in 01mn AMs
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [898]
~ Scheduled Task: 4 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 1/16/2015 - 11:34:40 PM - [] ----D C:\ProgramData\Partner
O43 - CFD: 11/21/2010 - 3:16:41 PM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
~ Program Folder: 114 Legitimates Filtered in 00mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.7B0E5D3CFE331717FB8A4570E116465A] - 1/16/2015 - 5:16:04 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24912]
O44 - LFC:[MD5.7B0E5D3CFE331717FB8A4570E116465A] - 1/16/2015 - 5:16:04 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24912]
O44 - LFC:[MD5.F4402AFE7F512904D05D657FE16F8BE0] - 1/16/2015 - 5:22:34 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17920]
O44 - LFC:[MD5.77E63C86C201A07AAC9C5075B22F9451] - 1/16/2015 - 5:26:50 PM ---A- . (...) -- C:\Windows\System32\prfc0816.dat [137572]
O44 - LFC:[MD5.363277C0422A9FB6437358482AC6A11D] - 1/16/2015 - 5:26:50 PM ---A- . (...) -- C:\Windows\System32\prfh0816.dat [691358]
O44 - LFC:[MD5.041FBDE2E9E1DA5330D9ABF0D10E042C] - 1/16/2015 - 5:58:57 PM ---A- . (...) -- C:\Windows\ntbtlog.txt [335160]
O44 - LFC:[MD5.F4E96289F6B7EB2799C16C2B826982AE] - 1/16/2015 - 8:00:39 AM ---A- . (...) -- C:\Windows\DPINST.LOG [26166]
O44 - LFC:[MD5.4C2AF188B91C808B4E39B0CD94710C0D] - 1/16/2015 - 8:11:53 AM ---A- . (...) -- C:\Windows\Synaptics.log [1038]
O44 - LFC:[MD5.73F0EF629319FC97B3C26CD5A658B70D] - 1/16/2015 - 8:19:31 PM ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.7B66683A3A4513B6D256E4F1C1447E71] - 1/16/2015 - 8:24:34 PM ---A- . (...) -- C:\Windows\System32\nvinfo.pb [7621]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/16/2015 - 9:29:32 PM ---A- . (...) -- C:\Windows\NDSTray.INI [0]
O44 - LFC:[MD5.5B465CA157127419AC559C1DEB7064D6] - 1/16/2015 - 9:38:44 PM ---A- . (...) -- C:\Windows\DtcInstall.log [4059]
~ Files: 66 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:7/14/2009 - 9:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:6/11/2009 - 4:31:59 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:7/14/2009 - 9:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 83 Legitimates Filtered in 00mn AMs
---\\ Last modified or created user files (O61)
O61 - LFC: 1/16/2015 - 7:29:03 PM ---A- . (...) -- C:\Users\ka domeng\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin [297531]
~ 108 Fichiers temporaires (Temporary files)
~ 8 Fichiers cookies (Cookies files)
~ Files: 3 Legitimates Filtered in 00mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 3/13/2011 - C:\Windows\System32\drivers\cfwids.sys (cfwids) .(.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - LEGACY_CFWIDS
O64 - Services: CurCS - 5/23/1745 - C:\Users\KADOME~1\AppData\Local\Temp\pwddipow.sys (pwddipow) .(...) - LEGACY_PWDDIPOW
~ Legacy: 108 Legitimates Filtered in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 6/6/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Auto 1/28/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SS - | Auto 3/11/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SS - | Demand 10/13/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 1/16/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 1/16/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8/3/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 11/14/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 12/21/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 1/28/2011 249936 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 1/28/2011 225216 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Auto 1/28/2011 249936 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 1/28/2011 249936 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 3/17/2011 501768 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 1/28/2011 249936 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 1/28/2011 249936 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 1/28/2011 249936 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Auto 3/29/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Auto 5/12/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 8/3/2011 332272 | (Partner Service) . (.Google Inc..) - C:\ProgramData\Partner\Partner.exe
SS - | Auto 1/16/2015 17920 | (rpcnetp) . (...) - C:\Windows\System32\rpcnetp.exe
SS - | Auto 5/12/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 2/10/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Auto 12/25/2010 526848 | (Thpsrv) . (.TOSHIBA Corporation.) - C:\windows\system32\ThpSrv.exe
SS - | Demand 7/12/2011 57216 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SS - | Auto 10/20/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\windows\system32\TODDSrv.exe
SS - | Auto 12/10/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SS - | Demand 4/12/2010 196976 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SS - | Auto 3/2/2011 266680 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SS - | Demand 12/8/2010 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SS - | Demand 7/1/2011 828856 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SS - | Auto 12/21/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 3/1/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 7/11/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 3/1/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1/28/2011 249936 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 1/28/2011 249936 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 3/13/2011 197960 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 3/13/2011 208272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 3/13/2011 158832 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
~ Services: Scanned in 06mn AMs
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by ka domeng at 1/16/2015 7:29:21 PM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ka domeng at 1/16/2015 7:29:23 PM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13008 - (1/15/2015)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}] =>Adware.BHO
[HKLM\Software\Wow6432Node\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}] =>Adware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Classes\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
~ Additionnel Scan: 294363 Items scanned in 15mn AMs
---\\ Additional information about modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Internet Explorer toolbars (O3)
~ https://nicolascoolman.eu =>.Auto loading programs from Registry and folders (O4)
~ AMI: 3 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
https://nicolascoolman.eu =>Adware.BHO
https://nicolascoolman.eu =>Spyware.BHO
https://nicolascoolman.eu =>PUP.BProtector
~ MSI: 3 link(s) detected in 00mn AMs
~ 723 Legitimates filtered by white list
End of the scan (409 lines in 52mn AMs)(0)
~ Launched by ka domeng (1/16/2015 7:28:47 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : https://nicolascoolman.eu
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v12.0.742.91 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
---\\ System protection software
McAfee Internet Security v11.0.543
Windows Defender W7 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 10 ActiveX
Adobe Reader X
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4077.9 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 401 GB (88%) free of 453 GB
---\\ Connection to the system mode
~ Computer Name: TOSHIBA
~ User Name: ka domeng
~ All Users Names: ka domeng, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\ka domeng\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ka domeng\AppData\Roaming\
~ %Desktop% : C:\Users\ka domeng\Desktop\
~ %Favorites% : C:\Users\ka domeng\Favorites\
~ %LocalAppData% : C:\Users\ka domeng\AppData\Local\
~ %StartMenu% : C:\Users\ka domeng\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 401 Go of 453 Go)
D: Hard drive, Flash drive, Thumb drive (Free 12 Go of 128 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 40 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 2:19:30 PM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 9:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2011 - 5:57:18 PM.) -- C:\Windows\System32\wininet.dll [1389056]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.11/21/2010 - 11:24:29 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/21/2010 - 11:24:16 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D5B031C308A409A0A576BFF4CF083D30] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/25/2011 - 10:34:03 AM.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 9:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 7:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/21/2010 - 11:23:47 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/21/2010 - 11:24:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/21/2010 - 11:23:47 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 7:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 8:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 10:40:40 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/21/2010 - 11:23:51 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - NT File System Driver.) (.3/11/2011 - 2:41:34 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 8:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/21/2010 - 11:24:33 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 8:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/21/2010 - 11:24:32 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.2/25/2011 - 2:25:38 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 1/2768
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.8E07CD62B3B3C009CC50986A4D6FA9AA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1011768] [PID.3008]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1620]
[MD5.AFDF3BDDF90824B727A272A2715D34FB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8154624] [PID.2384]
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\ka domeng\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 3 Legitimates Filtered in 09mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 1 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
~ Toolbar: Scanned in 00mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe (.not file.)
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Wow6432Node\Run: [TSleepSrv] . (.TOSHIBA - TOSHIBA Sleep Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-361853049-1329643384-892397189-1000\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
~ Application: Scanned in 00mn AMs
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D49EC34-BDD6-4A13-84B3-C9C63CEAF7F9}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (rpcnetp) . (...) - C:\Windows\System32\rpcnetp.exe
~ Services: 24 Legitimates Filtered in 01mn AMs
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [898]
~ Scheduled Task: 4 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 1/16/2015 - 11:34:40 PM - [] ----D C:\ProgramData\Partner
O43 - CFD: 11/21/2010 - 3:16:41 PM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
~ Program Folder: 114 Legitimates Filtered in 00mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.7B0E5D3CFE331717FB8A4570E116465A] - 1/16/2015 - 5:16:04 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24912]
O44 - LFC:[MD5.7B0E5D3CFE331717FB8A4570E116465A] - 1/16/2015 - 5:16:04 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24912]
O44 - LFC:[MD5.F4402AFE7F512904D05D657FE16F8BE0] - 1/16/2015 - 5:22:34 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17920]
O44 - LFC:[MD5.77E63C86C201A07AAC9C5075B22F9451] - 1/16/2015 - 5:26:50 PM ---A- . (...) -- C:\Windows\System32\prfc0816.dat [137572]
O44 - LFC:[MD5.363277C0422A9FB6437358482AC6A11D] - 1/16/2015 - 5:26:50 PM ---A- . (...) -- C:\Windows\System32\prfh0816.dat [691358]
O44 - LFC:[MD5.041FBDE2E9E1DA5330D9ABF0D10E042C] - 1/16/2015 - 5:58:57 PM ---A- . (...) -- C:\Windows\ntbtlog.txt [335160]
O44 - LFC:[MD5.F4E96289F6B7EB2799C16C2B826982AE] - 1/16/2015 - 8:00:39 AM ---A- . (...) -- C:\Windows\DPINST.LOG [26166]
O44 - LFC:[MD5.4C2AF188B91C808B4E39B0CD94710C0D] - 1/16/2015 - 8:11:53 AM ---A- . (...) -- C:\Windows\Synaptics.log [1038]
O44 - LFC:[MD5.73F0EF629319FC97B3C26CD5A658B70D] - 1/16/2015 - 8:19:31 PM ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.7B66683A3A4513B6D256E4F1C1447E71] - 1/16/2015 - 8:24:34 PM ---A- . (...) -- C:\Windows\System32\nvinfo.pb [7621]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/16/2015 - 9:29:32 PM ---A- . (...) -- C:\Windows\NDSTray.INI [0]
O44 - LFC:[MD5.5B465CA157127419AC559C1DEB7064D6] - 1/16/2015 - 9:38:44 PM ---A- . (...) -- C:\Windows\DtcInstall.log [4059]
~ Files: 66 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:7/14/2009 - 9:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:6/11/2009 - 4:31:59 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:7/14/2009 - 9:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 83 Legitimates Filtered in 00mn AMs
---\\ Last modified or created user files (O61)
O61 - LFC: 1/16/2015 - 7:29:03 PM ---A- . (...) -- C:\Users\ka domeng\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin [297531]
~ 108 Fichiers temporaires (Temporary files)
~ 8 Fichiers cookies (Cookies files)
~ Files: 3 Legitimates Filtered in 00mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 3/13/2011 - C:\Windows\System32\drivers\cfwids.sys (cfwids) .(.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - LEGACY_CFWIDS
O64 - Services: CurCS - 5/23/1745 - C:\Users\KADOME~1\AppData\Local\Temp\pwddipow.sys (pwddipow) .(...) - LEGACY_PWDDIPOW
~ Legacy: 108 Legitimates Filtered in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 6/6/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Auto 1/28/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SS - | Auto 3/11/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SS - | Demand 10/13/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 1/16/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 1/16/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8/3/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 11/14/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 12/21/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 1/28/2011 249936 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 1/28/2011 225216 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Auto 1/28/2011 249936 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 1/28/2011 249936 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 3/17/2011 501768 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 1/28/2011 249936 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 1/28/2011 249936 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 1/28/2011 249936 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Auto 3/29/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Auto 5/12/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 8/3/2011 332272 | (Partner Service) . (.Google Inc..) - C:\ProgramData\Partner\Partner.exe
SS - | Auto 1/16/2015 17920 | (rpcnetp) . (...) - C:\Windows\System32\rpcnetp.exe
SS - | Auto 5/12/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 2/10/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Auto 12/25/2010 526848 | (Thpsrv) . (.TOSHIBA Corporation.) - C:\windows\system32\ThpSrv.exe
SS - | Demand 7/12/2011 57216 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SS - | Auto 10/20/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\windows\system32\TODDSrv.exe
SS - | Auto 12/10/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SS - | Demand 4/12/2010 196976 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SS - | Auto 3/2/2011 266680 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SS - | Demand 12/8/2010 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SS - | Demand 7/1/2011 828856 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SS - | Auto 12/21/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 3/1/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 7/11/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 3/1/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1/28/2011 249936 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 1/28/2011 249936 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 3/13/2011 197960 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 3/13/2011 208272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 3/13/2011 158832 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
~ Services: Scanned in 06mn AMs
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by ka domeng at 1/16/2015 7:29:21 PM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ka domeng at 1/16/2015 7:29:23 PM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13008 - (1/15/2015)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}] =>Adware.BHO
[HKLM\Software\Wow6432Node\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}] =>Adware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Classes\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
~ Additionnel Scan: 294363 Items scanned in 15mn AMs
---\\ Additional information about modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Internet Explorer toolbars (O3)
~ https://nicolascoolman.eu =>.Auto loading programs from Registry and folders (O4)
~ AMI: 3 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
https://nicolascoolman.eu =>Adware.BHO
https://nicolascoolman.eu =>Spyware.BHO
https://nicolascoolman.eu =>PUP.BProtector
~ MSI: 3 link(s) detected in 00mn AMs
~ 723 Legitimates filtered by white list
End of the scan (409 lines in 52mn AMs)(0)
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Jan 17, 2015 at 07:24 AM
Jan 17, 2015 at 07:24 AM
Hi
There is infection but it's not serious and it may not be the cause of the restart.
Anyhow, as a first step I suggest you do this:
AdwCleaner is a tool created specifically for disinfection of adware:
Download AdwCleaner (by Xplode) on the desktop.
Launch the program and click on Remove and for the scan to be completed. You may need to restart the computer after the scan.
Once the removal procedure is complete, a report will be generated.
Malwarebytes' Anti-Malware is a disinfection tool known for its effectiveness. It can help remove residue left behind after a scan with AdwCleaner, or handle other types of infections.
Download and install Download Malwarebytes' Anti-Malware
Make update (Click on the "Updates" tab and then "Search for updates").
Launch a full scan.
Once the scan is complete, click on "Show results".
Select all detected items (some are not checked by default) and click "Remove Selected". If prompted to restart the PC, accept!
Let me know if the restart problem is solved.
Will contact you later today
Good luck
There is infection but it's not serious and it may not be the cause of the restart.
Anyhow, as a first step I suggest you do this:
AdwCleaner is a tool created specifically for disinfection of adware:
Download AdwCleaner (by Xplode) on the desktop.
Launch the program and click on Remove and for the scan to be completed. You may need to restart the computer after the scan.
Once the removal procedure is complete, a report will be generated.
Malwarebytes' Anti-Malware is a disinfection tool known for its effectiveness. It can help remove residue left behind after a scan with AdwCleaner, or handle other types of infections.
Download and install Download Malwarebytes' Anti-Malware
Make update (Click on the "Updates" tab and then "Search for updates").
Launch a full scan.
Once the scan is complete, click on "Show results".
Select all detected items (some are not checked by default) and click "Remove Selected". If prompted to restart the PC, accept!
Let me know if the restart problem is solved.
Will contact you later today
Good luck
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 07:32 AM
Jan 17, 2015 at 07:32 AM
okay sir, thanks for the tip, hope this works :)
techie_newbie
Posts
14
Registration date
Saturday January 17, 2015
Status
Member
Last seen
January 29, 2015
Jan 17, 2015 at 09:10 PM
Jan 17, 2015 at 09:10 PM
hey, it keeps on restarting itself, still finding solution though. anyway thanks for the help, :)
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Jan 18, 2015 at 06:24 AM
Jan 18, 2015 at 06:24 AM
Have you noticed what you are doing when it restarts, such as playing a game? How long before it restarts?
Jan 17, 2015 at 06:04 AM