Rapport de ZHPDiag v2013.4.30.182 par Nicolas Coolman, Update du 30/04/2013 Run by MOHAMMED at 30/04/2013 18:11:14 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 MFIE: Mozilla Firefox 20.0.1 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Ultimate Edition, 32-bit (Build 6000) Windows Server License Manager Script : Absent (Not found) Windows ID Activation : Inconnue (Unknown) Windows Licence : Inconnue (Unknown) Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK ---\\ System Protection ESET Online Scanner v3 ---\\ System Optimizer CCleaner v3.25 ---\\ Peer To Peer (P2P) µTorrent v3.1.0 ---\\ Software Update Adobe Flash Player 11 ActiveX ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3055 MB (39% free) System Restore: Activé (Enable) System drive C: has 46 GB (62%) free of 74 GB ---\\ Logged in mode ~ Computer Name: AMRANI ~ User Name: MOHAMMED ~ All Users Names: MOHAMMED, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\MOHAMMED\AppData\Roaming\ ~ %Desktop% : C:\Users\MOHAMMED\Desktop\ ~ %Favorites% : C:\Users\MOHAMMED\Favorites\ ~ %LocalAppData% : C:\Users\MOHAMMED\AppData\Local\ ~ %StartMenu% : C:\Users\MOHAMMED\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 46 Go of 74 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 75 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 295 Go of 373 Go) F:\ CD-ROM drive (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations ~ Security Center: 25 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:14:20.) -- C:\Windows\Explorer.exe [2613248] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 01:16:19.) -- C:\Windows\System32\wininet.dll [977920] [MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Winlogon.exe [285696] [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024] [MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392] [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240] [MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/2094 ~ Mes musiques (My Musics) : 2/4 ~ Mes Favoris (My Favorites) : 1/32 ~ Mes Documents (My Documents) : 1/177 ~ Mon Bureau (My Desktop) : 2/81 ~ Menu demarrer (Programs) : 1/39 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.C3ED032AF1C30F92546A698CC7173605] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3080264] [PID.2256] [MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.2352] [MD5.F15E6014E812A5E2CD469FCF5682C0E1] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.2400] [MD5.E04A8938CDFF49D3B4AEE4D4F80CF48B] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3532224] [PID.2408] [MD5.4679D9A51C33938BB5AB230E817C36D0] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [735608] [PID.2496] =>P2P.µTorrent [MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18643560] [PID.3364] [MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [263600] [PID.3800] [MD5.407FE7D64BF0257EC28D8DA8EF77DDA4] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe [1631144] [PID.4468] [MD5.2C32E3E596CFE660353753EABEFB0540] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [673048] [PID.5652] [MD5.BDB7D97012F9B3102DB72AA76A24942A] - (.ESET - ESET Online Scanner container.) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe [546944] [PID.1424] [MD5.E44242BF9861C118A1DE12E279BF4B1E] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe [697272] [PID.788] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.2704] [MD5.CE0D0B11986FD2C0247AE88A59B36A6E] - (...) -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe [579904] [PID.4168] [MD5.9313678EC46F3A2E89D3F6377350EEB3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7100928] [PID.176] [MD5.EB5A13F9139F20AD71ADF4BF79C3AA29] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.696] [MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.720] [MD5.C71F2B4D0151CFEDE5D405C5D60B6FCE] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864616] [PID.1308] [MD5.C7BB95CF9631AA401E4ADED1648F6AF7] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [974944] [PID.1648] [MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\system32\nlssrv32.exe [66560] [PID.1716] [MD5.0F97E7A47A52F4A36969F0FC319654C2] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136] [PID.1756] [MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.4036] [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2724] [MD5.0AB205EDC2D0DD419D88AF0E3C2358F2] - (.Valve Corporation - Steam Client Service (buildbot_winslave04_s.) -- C:\Program Files\Common Files\Steam\SteamService.exe [543656] [PID.4596] [MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe [4640000] [PID.5380] [MD5.B45DA4D9075AF4297DF675CCD11D4997] - (.Microsoft Corporation - Isolation graphique de périphérique audio W.) -- C:\Windows\system32\AUDIODG.exe [100864] [PID.5660] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\MOHAMMED\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com G0 - GCSP: Preference [User Data\Default] http://www.google.com G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Documents Google v.0.5 (Activé) G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [bbljgmognlmekcmkmlbgnmmkpklflojd] nGenx nFinity Browser v.0.0.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé) G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activé) G2 - GCE: Preference [User Data\Default] [djajencflkkjdejpmmielapebmcjogoc] vBulletin WYSIWYG v.1.36 (Activé) G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [elioihkkcdgakfbahdoddophfngopipi] Photo Zoom for Facebook v.1.1208.30.1 (Activé) G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [janmfndmohbaaoocpcgfbghioojoakjg] rtplugin v.0.7 (Désactivé) G2 - GCE: Preference [User Data\Default] [jfmjfhklogoienhpfnppmbcbjfjnkonk] RealPlayer HTML5Video Downloader Extension v.1.5 (Désactivé) G2 - GCE: Preference [User Data\Default] [jmolcgpienlcieaajfkkdamlngancncm] IDM Integration v.6.15.9.1, (Désactivé) G2 - GCE: Preference [User Data\Default] [knfmphhfikndpfbllhdojajhgpmlnlef] Man of Steel v.1 (Activé) G2 - GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call v.6.1.0.10441 (Désactivé) G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé) G2 - GCE: Preference [User Data\Default] [pmejhjjecaldkllonlokhkglbdbkdcni] Privacyfix by Privacychoice v.4.0.4 (Désactivé) ~ Google Browser: Scanned in 00mn 14s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\MOHAMMED\AppData\Roaming\Mozilla\Firefox\Profiles\1lptkgb0.default\prefs.js ~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startimes2.com ~ IE Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) O1 - Hosts: 212.227.67.195 we9stun.winning-eleven.net O1 - Hosts: 31.193.132.42 pes6gate-ec.winning-eleven.net ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 22 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - Complitly - Helps you search the web.) -- C:\Users\MOHAMMED\AppData\Roaming\Complitly\Complitly.dll =>Adware.PredictAd ~ BHO: 6 Legitimates Filtered in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MOHAMMED\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.µTorrent O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe O4 - HKCU\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MOHAMMED\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [AdobeBridge] Clé orpheline O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.µTorrent O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-4135628867-2155432133-4217210963-1000\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: PC CS6.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) -- C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: ChrisTV Online!.lnk . (.Chris P.C. srl - ChrisTV Online!.) -- C:\Program Files\ChrisTV Online\ChrisTV Online.exe O4 - GS\QuickLaunch: Foxit Reader 5.1.lnk . (...) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe O4 - GS\QuickLaunch: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.µTorrent O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) -- C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe O4 - GS\Desktop: Aimersoft Video Converter Ultimate.lnk . (.Aimersoft - Aimersoft Studio.) -- C:\Program Files\Aimersoft\Video Converter Ultimate\VideoConverterUltimate.exe O4 - GS\Desktop: ChrisTV Online!.lnk . (.Chris P.C. srl - ChrisTV Online!.) -- C:\Program Files\ChrisTV Online\ChrisTV Online.exe O4 - Global Startup: C:\Users\MOHAMMED\Desktop\Company of Heroes 2 - Beta Stress Test.url . (.Chris P.C. srl - ChrisTV Online!.) -- C:\Users\MOHAMMED\Desktop\Company of Heroes 2 - Beta Stress Test.url O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\MOHAMMED\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms O4 - GS\Desktop: PC CS5.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe O4 - GS\Desktop: PC CS6.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) -- C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe O4 - GS\Desktop: ProgDVB.lnk . (...) -- C:\Program Files\ProgDVB\ProgDVB.exe O4 - GS\Desktop: Téléchargement.lnk . (...) -- C:\Users\MOHAMMED\Downloads O4 - GS\Desktop: Word 2010.lnk . (...) -- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{811F5916-AD50-49A4-85F5-B5AA2FC08D43}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{811F5916-AD50-49A4-85F5-B5AA2FC08D43}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{811F5916-AD50-49A4-85F5-B5AA2FC08D43}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.74E56A0D832162C0830541E9E2C6C373] [APT] [{BE124513-61F8-4031-8616-52CEC3F38151}] (...) -- E:\KONAMI\PES6\PES6\kitserver\setup.exe [57344] ~ Scheduled Task: 23 Legitimates Filtered in 00mn 04s ---\\ Logiciels installés (O42) O42 - Logiciel: CLVD Pack - 08.04.2010 - (...) [HKLM] -- CLVD Pack O42 - Logiciel: Complitly - (.Complitly.) [HKLM] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1 =>Adware.PredictAd O42 - Logiciel: Easy MP3 Downloader - (...) [HKLM] -- EasyMP3Downloader O42 - Logiciel: HDR Efex Pro 2 - (.Nik Software, Inc..) [HKLM] -- HDR Efex Pro 2 O42 - Logiciel: PESJP Patch 2013 version 3.0.0 - (.PESJP Production.) [HKLM] -- {A3EBC021-4FBA-40DB-BC59-9C5ECEF3514E}_is1 ~ Logic: 81 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\973935f91e7e01875b34a217ebd20cc6] [HKCU\Software\ChrisTV Online] [HKCU\Software\Colorjinn] [HKCU\Software\Complitly] =>Adware.PredictAd [HKCU\Software\Sharing] [HKCU\Software\Softonic] [HKCU\Software\Topaz Labs] [HKLM\Software\ChrisTV Online] [HKLM\Software\ChrisTV_Online] [HKLM\Software\DVB Support] [HKLM\Software\SimplyGen] =>Adware.PredictAd [HKLM\Software\Topaz Labs LLC] [HKLM\Software\Topaz Labs] [HKLM\Software\VVK] ~ Key Software: 178 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/02/2013 - 00:32:40 - [0,000] ----D C:\Program Files\Apex O43 - CFD: 23/03/2013 - 22:51:52 - [9,823] ----D C:\Program Files\ChrisTV Online O43 - CFD: 21/03/2013 - 22:55:55 - [1,611] ----D C:\Program Files\Complitly =>Adware.PredictAd O43 - CFD: 13/03/2013 - 21:11:56 - [45,627] ----D C:\Program Files\HDR Efex Pro 2 O43 - CFD: 24/02/2013 - 01:05:19 - [0] ----D C:\Program Files\iPixSoft O43 - CFD: 12/12/2012 - 20:16:44 - [4,929] ----D C:\Program Files\Topaz Labs LLC O43 - CFD: 02/03/2013 - 21:02:31 - [2,866] ----D C:\Program Files\Webplayer setup =>Adware.SocialSkinz O43 - CFD: 20/02/2013 - 16:38:01 - [46,821] ----D C:\Program Files\Common Files\Topaz Labs O43 - CFD: 14/04/2013 - 13:18:36 - [0] ----D C:\ProgramData\xml_param O43 - CFD: 20/02/2013 - 16:38:01 - [19,845] --H-D C:\ProgramData\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B} O43 - CFD: 21/03/2013 - 22:55:54 - [0,474] ----D C:\Users\MOHAMMED\AppData\Roaming\Complitly =>Adware.PredictAd O43 - CFD: 08/03/2013 - 20:00:10 - [4,937] ----D C:\Users\MOHAMMED\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 13/12/2012 - 15:14:55 - [0,001] ----D C:\Users\MOHAMMED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVB Support O43 - CFD: 12/12/2012 - 20:16:47 - [0,008] ----D C:\Users\MOHAMMED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs ~ 198 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 390 Legitimates Filtered in 00mn 19s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.31CAE7029DFC81FC01D2E01E916D2AD2] - 27/04/2013 - 10:31:08 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [13296] O44 - LFC:[MD5.31CAE7029DFC81FC01D2E01E916D2AD2] - 27/04/2013 - 10:31:07 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [13296] ~ Files: 44 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.014DF770CA26383B9FACA84D72C1A2C3] - 27/04/2013 - 16:09:05 ---A- - C:\Windows\Prefetch\GLADIATOR.EXE-031D3A77.pf O45 - LFCP:[MD5.D6AB9D16E5F3CDF5AF2402F7B924D2E4] - 27/04/2013 - 16:11:02 ---A- - C:\Windows\Prefetch\GALADIAOR BY SOUFIANE.EXE-13A2EA86.pf O45 - LFCP:[MD5.C8BEE34175459647135B503407466290] - 27/04/2013 - 16:12:20 ---A- - C:\Windows\Prefetch\GLADIATOR_SSSP_CCCAM V1.16.EX-83756D41.pf O45 - LFCP:[MD5.43564FC1CB10EA09396952F1596F6B64] - 27/04/2013 - 16:13:29 ---A- - C:\Windows\Prefetch\SATHACKS TEAM.EXE-9935EE26.pf O45 - LFCP:[MD5.E65C9D710914217EA434ECF1A671BB77] - 27/04/2013 - 16:14:45 ---A- - C:\Windows\Prefetch\GALADIAOR BY SOUFIANE.EXE-AB26462B.pf O45 - LFCP:[MD5.334ABADA3D140274CCDB37A95BC9C363] - 27/04/2013 - 16:16:02 ---A- - C:\Windows\Prefetch\SATHACKS TEAM.EXE-064A78AF.pf O45 - LFCP:[MD5.6B705DC49A18017F82D5834837CFFA55] - 27/04/2013 - 16:17:12 ---A- - C:\Windows\Prefetch\CLIQUER ICI.EXE-186BBCBA.pf O45 - LFCP:[MD5.D06000D1D656DC6FBA1AA4C9F864FD50] - 27/04/2013 - 17:38:19 ---A- - C:\Windows\Prefetch\NCPV1.EXE-8020C059.pf O45 - LFCP:[MD5.7E50A2E564FB30266871F04AFE0876B0] - 27/04/2013 - 17:38:50 ---A- - C:\Windows\Prefetch\NCP1.EXE-E0A366CB.pf O45 - LFCP:[MD5.99E0EFFBC0AB3CD52F821CC59304D4AA] - 28/04/2013 - 22:03:31 ---A- - C:\Windows\Prefetch\MPC-HC.EXE-AB34CF8C.pf O45 - LFCP:[MD5.5786BB19957C729D28BF7FB2872109C1] - 29/04/2013 - 21:51:20 ---A- - C:\Windows\Prefetch\LOGTRANSPORT2.EXE-D6DBADED.pf O45 - LFCP:[MD5.18990EC43B829FCE24A7B45CFEA76BC1] - 30/04/2013 - 12:14:43 ---A- - C:\Windows\Prefetch\NCPV1.EXE-535C6B30.pf O45 - LFCP:[MD5.88FD2B9EE05F53389B520E509E00F47D] - 30/04/2013 - 12:14:46 ---A- - C:\Windows\Prefetch\NCP1.EXE-3074227A.pf O45 - LFCP:[MD5.9CFFA4D5909AA72DC46A418EF845E675] - 30/04/2013 - 12:43:15 ---A- - C:\Windows\Prefetch\NS3882.TMP-16FBAF12.pf O45 - LFCP:[MD5.00EBC51F74F5273EF9A349A7CE6951AE] - 30/04/2013 - 12:43:15 ---A- - C:\Windows\Prefetch\NS3959.TMP-988F6042.pf O45 - LFCP:[MD5.7DABB5412FFC61C45DFBE0AEE8964B56] - 30/04/2013 - 17:40:13 ---A- - C:\Windows\Prefetch\PESJP 2013 - 1.00.EXE-6B899567.pf ~ Prefetcher: 139 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{c0d349f3-5e82-11e2-93ff-00215a165ff7}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.) O51 - MPSK:{c0d34a0d-5e82-11e2-93ff-00215a165ff7}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 01:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 27/04/2013 - 10:06:27 ---A- C:\Users\MOHAMMED\Downloads\Video\880003_10201092504614109_1568287584_n.mp4 [4647405] O61 - LFC: 27/04/2013 - 16:15:27 ---A- C:\Users\MOHAMMED\Downloads\Compressed\gladiator-of-krimo_71_6.rar [44712] O61 - LFC: 27/04/2013 - 16:15:32 ---A- C:\Users\MOHAMMED\Downloads\Compressed\JSC Sport+1 TO +10 FULL HD By sathacks.com.rar [992797] O61 - LFC: 27/04/2013 - 17:04:19 ---A- C:\Users\MOHAMMED\Downloads\Compressed\gladiator-of-krimo_71_6_2.rar [44712] O61 - LFC: 27/04/2013 - 19:45:22 ---A- C:\Users\MOHAMMED\Downloads\Video\001...avi - YouTube.mp4 [14683974] O61 - LFC: 28/04/2013 - 12:09:21 ---A- C:\Users\MOHAMMED\Downloads\Compressed\Hair Textures 3.rar [1128446] O61 - LFC: 28/04/2013 - 12:18:39 ---A- C:\Users\MOHAMMED\Downloads\Compressed\Tou.11.rar [238340999] O61 - LFC: 30/04/2013 - 12:05:17 ---A- C:\Users\MOHAMMED\Downloads\Programs\esetsmartinstaller_fra.exe [2347384] O61 - LFC: 30/04/2013 - 12:35:45 ---A- C:\Users\MOHAMMED\AppData\Local\Google\Chrome\User Data\First Run [0] O61 - LFC: 30/04/2013 - 12:41:52 ---A- C:\Users\MOHAMMED\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [271421] O61 - LFC: 30/04/2013 - 12:42:38 ---A- C:\Users\MOHAMMED\Downloads\Programs\Firefox Setup 20.0.1.exe [21192480] O61 - LFC: 30/04/2013 - 17:42:23 ---A- C:\Users\MOHAMMED\Documents\KONAMI\Pro Evolution Soccer 2013\PesJP\ML01.bin [8985744] O61 - LFC: 30/04/2013 - 17:42:29 ---A- C:\Users\MOHAMMED\Documents\KONAMI\Pro Evolution Soccer 2013\PesJP\OPTION.bin [402008] O61 - LFC: 30/04/2013 - 18:12:11 ---A- C:\Users\MOHAMMED\AppData\Local\Google\Chrome\User Data\Local State [30823] ~ 7 Fichiers temporaires (Temporary files) ~ Files: 618 Legitimates Filtered in 00mn 05s ---\\ Alternate Data Stream File (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\100.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\D3DCompiler_43.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\D3DX9_43.dll:Zone.Identifier ~ ADS: Scanned in 00mn 01s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (ATE_PROCMON) .(...) - LEGACY_ATE_PROCMON O64 - Services: CurCS - 27/09/2012 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV ~ Legacy: 110 Legitimates Filtered in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\MOHAMMED\AppData\Roaming\uTorrent\DAEMON Tools Pro Advanced v5.0.0316.0317 + Keygen.rar.torrent =>P2P.µTorrent C:\Users\MOHAMMED\AppData\Roaming\uTorrent\DAEMON Tools Pro Advanced v5.0.0316.0317 + Keygen.rar.torrent =>P2P.µTorrent D:\?????\Al-Haytham.Soft.v.1.0~By.MoOOoKa\AutoPlay\Docs\keygen For Ultraiso BY Haitham Gamal.exe D:\?????\Al-Haytham.Soft.v.1.0~By.MoOOoKa\AutoPlay\Docs\Keygen For WinRAR By Haitham Gamal.exe D:\?????\istirjal sowar\32 Bit\Keygen\Keygen.exe D:\?????\Keygen Photoshop CS6.rar D:\?????\logciel\winrar.4b4\CoRE Keygen.exe D:\?????\logciel\winrar.4b4\keygen.rar D:\???? ???? ???\????? ????? ???\Serials + Keygen X-Force.rar D:\???? ???? ???\?????? ???? ???? ???\MyEgy.CoM.Photoshop.Filters.2013\Topaz Photoshop Plugins Bundle 2013\keygen.rar E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\1.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\2.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\3.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\4.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\5.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\6.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Adobe Photoshop CS3 ME\keygen\???\7.png E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\(3000) Filters & (900) Actions For Adobe Photoshop\(3000) Filters & (900) Actions For Adobe Photoshop\Photoshop Actions\Cracked_Text.atn E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\(3000) Filters & (900) Actions For Adobe Photoshop\(3000) Filters & (900) Actions For Adobe Photoshop\Photoshop Actions\Cracked_Text.gif E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\(3000) Filters & (900) Actions For Adobe Photoshop\(3000) Filters & (900) Actions For Adobe Photoshop\Photoshop Actions\herosactions1\atn\cracked tile.atn E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\(3000) Filters & (900) Actions For Adobe Photoshop\(3000) Filters & (900) Actions For Adobe Photoshop\Photoshop Actions\herosactions1\atn\Crackle_bevel_2.ATN E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\(3000) Filters & (900) Actions For Adobe Photoshop\(3000) Filters & (900) Actions For Adobe Photoshop\Photoshop Actions\pbutter crackers.atn E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\(3000) Filters & (900) Actions For Adobe Photoshop\(3000) Filters & (900) Actions For Adobe Photoshop\Photoshop Actions\pbutter crackers.jpg E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\Adobe Photoshop Filters DVD\Adobe Photoshop Filters DVD\Topaz Plugins Bundle\Instructions\Activation\Keygen.rar E:\photo shop\Photoshop.Collection.2013.WwW.MaZika2daY.CoM\Tools\Over 1000 brushes for Photoshop\Shop_Brushes_\Brushes1\pureanodyne - cracked.abr ~ Files: Scanned in 00mn 45s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{0322DB9B-521C-4BE7-B1BE-5BB7E3F4ACFD}C:\program files\progdvb\progdvbnet.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\progdvb\progdvbnet.exe (.not file.) O87 - FAEL: "UDP Query User{095FB53E-7B6B-411F-8C84-9A59697CF69D}C:\program files\progdvb\progdvbnet.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\progdvb\progdvbnet.exe (.not file.) O87 - FAEL: "TCP Query User{0A6261C9-212B-4D3C-ABA1-1825D434D770}C:\program files\progdvb\progdvb.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - ProgDVB.) -- C:\program files\progdvb\progdvb.exe O87 - FAEL: "UDP Query User{668C67C2-E8B0-4503-A83B-8587EF4FEEE0}C:\program files\progdvb\progdvb.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - ProgDVB.) -- C:\program files\progdvb\progdvb.exe O87 - FAEL: "TCP Query User{A60808BC-7608-4241-ADFA-ADBBFAEF13A6}C:\program files\christv online\christv online.exe" | In - Private - P6 - TRUE | .(.Chris P.C. srl - ChrisTV Online!.) -- C:\program files\christv online\christv online.exe O87 - FAEL: "UDP Query User{8D5568C0-46C4-4E34-8150-5EFF94ABF16E}C:\program files\christv online\christv online.exe" | In - Private - P17 - TRUE | .(.Chris P.C. srl - ChrisTV Online!.) -- C:\program files\christv online\christv online.exe ~ Firewall: 236 Legitimates Filtered in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11782 - (30/04/2013) Clés trouvées (Keys found) : 22 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}] =>Adware.PredictAd [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}] =>Adware.PredictAd [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}] =>Parasite.Pugi [HKLM\Software\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}] =>Adware.PredictAd [HKLM\Software\Classes\AppID\Complitly.DLL] =>Adware.PredictAd [HKLM\Software\Classes\suggestmeyes.suggestmeyesbho] =>Adware.PredictAd [HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1] =>Adware.PredictAd [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Complitly] =>Adware.PredictAd [HKLM\Software\SimplyGen] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1] =>Adware.PredictAd C:\Program Files\Webplayer setup =>Adware.SocialSkinz C:\Users\MOHAMMED\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\MOHAMMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd ~ Additionnel Scan: 175092 Items scanned in 00mn 26s ---\\ Random Export Key (O91) [HKCU\Software\973935f91e7e01875b34a217ebd20cc6]:US="@" ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 22/09/2011 974944 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe SS - | Auto 30/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 30/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 05/09/2012 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\system32\nlssrv32.exe SR - | Auto 02/10/2012 645992 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 05/07/2012 3048136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Demand 19/04/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe SR - | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by MOHAMMED at 30/04/2013 18:13:39 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by MOHAMMED at 30/04/2013 18:13:41 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2100 Legitimates filtered by white list End of the scan (595 lines in 02mn 26s)(25)