~ Report of ZHPDiag v2013.10.28.74 - Nicolas Coolman (28-10-2013) ~ Launched by nabil (29-10-2013 22:40:38) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v10.0.9200.16721 MFIE: Mozilla Firefox 25.0 GCIE: Google Chrome v30.0.1599.101 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : HYRR2 Windows License : OK ~ Windows Remaining Initializations Number : 5 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software Kaspersky Internet Security v14.0.0.4651 Windows Defender W7 ---\\ System optimization software CCleaner v4.06 =>Piriform Ltd ---\\ Sharing software PeerToPeer µTorrent v3.2.1.28086 =>P2P.µTorrent ---\\ Surveillance software Adobe Flash Player 11 ActiveX Adobe Reader XI ---\\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047.3 MB (46% free) System Restore: Activé (Enable) System drive C: has 120 GB (86%) free of 139 GB ---\\ Connection to the system mode ~ Computer Name: NABIL-PC ~ User Name: nabil ~ All Users Names: UpdatusUser, nabil, HomeGroupUser$, ENIGMA, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\nabil\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\nabil\AppData\Roaming\ ~ %Desktop% : C:\Users\nabil\Desktop\ ~ %Favorites% : C:\Users\nabil\Favorites\ ~ %LocalAppData% : C:\Users\nabil\AppData\Local\ ~ %StartMenu% : C:\Users\nabil\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 120 Go of 139 Go) D: Hard drive, Flash drive, Thumb drive (Free 7 Go of 10 Go) E: CD-ROM drive (Not Inserted) F: Hard drive, Flash drive, Thumb drive (Free 342 Go of 466 Go) ---\\ State of the Windows Security Center ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20-11-2010 - 22:29:20.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14-07-2009 - 2:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10-10-2013 - 14:13:44.) -- C:\Windows\System32\wininet.dll [1767936] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20-11-2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20-11-2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25-04-2011 - 3:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 2:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-07-2009 - 0:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14-07-2009 - 0:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 0:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-04-2011 - 3:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12-04-2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14-07-2009 - 0:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 0:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 0:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/8 ~ Mes Videos (My Videos) : 1/7 ~ Mes Favoris (My Favorites) : 2/412 ~ Mes Documents (My Documents) : 1/27 ~ Mon Bureau (My Desktop) : 1/39 ~ Menu demarrer (Programs) : 1/31 ~ Hidden Files: Scanned in 00mn 00s ---\\ Process running [MD5.EE39A16FCDAF62A716F8DF24F0FF4819] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [990400] [PID.2112] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2528] [MD5.B2BCB4A5553E137B026F095D5260EDFC] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864] [PID.2964] [MD5.1A06BDE20D1312F4FD50E7C157D5A81D] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe [1942328] [PID.3856] [MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.3752] [MD5.471EAE674FA1FB3BDC53F5400A80712E] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe [3581816] [PID.5064] [MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\IEMonitor.exe [268248] [PID.5088] [MD5.3B605772669BDFD6DC266B9320E87B45] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8143872] [PID.4188] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default] , "http://signin.ebay.ca G2 - GCE: Preference [User Data\Default] [aeifanonhefcaphaeeknpklkfnjjmpec] Learn French - Trè s Bien v.1.46 (Activé) G2 - GCE: Preference [User Data\Default] [bmekbplkjhgmljmbblmhmcnocafhaink] BeGone: Last Stand HD v.1.8.2.17 (Activé) G2 - GCE: Preference [User Data\Default] [bppbpeijolfcampacpljolaegibfhjph] TV v.2.5 (Activé) G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.16.100.504, (Désactivé) =>P2P.µTorrent G2 - GCE: Preference [User Data\Default] [cmimnpfphpmminhlhfijocolgmmhmibo] Online TV From UK v.2.2 (Activé) G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (Désactivé) G2 - GCE: Preference [User Data\Default] [dliaancdkclmoacockpgpcopnfcjgmpe] Parking Mania v.1.0.0.0 (Activé) G2 - GCE: Preference [User Data\Default] [dnflngnfkdlpnchnjkppoebemjdaamji] Man of Steel 3D v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [fcanljafkhmmideajcgekocpbdhkened] Bikini TV v.2.5.2 (Activé) G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Activé) G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (Désactivé) G2 - GCE: Preference [User Data\Default] [jbdlnhcijcebenimakdlpmpgipkimioe] Free TV Australia v.2.2 (Activé) G2 - GCE: Preference [User Data\Default] [kbkkbdjoenphfolcadckgblciaeeippp] Wrath Of The Titans HD v.2.5 (Activé) G2 - GCE: Preference [User Data\Default] [kkdkcgeghhfjiglphfppinecpcpnnbne] Movi Kanti Revo v.1.0.0.0 (Activé) G2 - GCE: Preference [User Data\Default] [knlgfedckdhkgjinnhogmhkbcjpmmhko] Atlas mondial de données v.1.0.9 (Activé) G2 - GCE: Preference [User Data\Default] [nananoifaaimehnlhoolpggpgkbefdom] Live TV Free - TV 360 v.2.0 (Activé) G2 - GCE: Preference [User Data\Default] [ojeooogpinnpchmelddadhlplpolocoe] Calendrier en ligne v.4.9.3 (Activé) ~ Google Browser: 38 Legitimates Filtered in 01mn 02s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) M2 - MFEP: prefs.js [nabil - mz6wsot1.default\{96f454ea-9d38-474f-b504-56193e00c1a5}] [] uTorrentControl_v6 v10.20.0.13 (..) =>P2P.µTorrent ~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: SnagIt - [HKLM]{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: uTorrentControl_v6 Toolbar - [HKLM]{96f454ea-9d38-474f-b504-56193e00c1a5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentControl_v6\prxtbuTor.dll =>Toolbar.Conduit O3 - Toolbar\WebBrowser: (no name) - [HKCU]{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} Orphan key O3 - Toolbar\WebBrowser: (no name) - [HKCU]{96F454EA-9D38-474F-B504-56193E00C1A5} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: Angry Birds.lnk . (.Rovio Mobile - Angry Birds.) -- F:\GAMES\INSTALL GAMES\AngryBirds.exe O4 - GS\Desktop [Public]: B-Link 11n USB Wireless LAN Utility.lnk . (.Realtek - ReStart MFC Application.) -- C:\Program Files\B-Link\11n USB Wireless LAN Utility\ReStart.exe O4 - GS\Desktop [Public]: DriverPack Solution Lite.lnk . (.Kuzyakov Artur - DriverPack Solution Lite.) -- C:\Program Files\DriverPack Solution Lite 12.3\DRPSu12.3-Lite.exe O4 - GS\Desktop [Public]: FlashPeak SlimBrowser.lnk . (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: PCSX2 0.9.8 (r4600).lnk . (...) -- C:\Program Files\PCSX2 0.9.8\pcsx2-r4600.exe O4 - GS\Desktop [Public]: Xilisoft Video Converter Ultimate 6.lnk . (...) -- C:\Program Files\Xilisoft\Video Converter Ultimate 6\vcloader.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Desktop [UpdatusUser]: CheMax.lnk . (.www.CheMax.ru - Cheats Maximal.) -- C:\Program Files\CheMax\CheMax.exe O4 - GS\QuickLaunch [nabil]: 4shared Desktop.lnk . (...) -- C:\Program Files\4shared Desktop\desktop.exe O4 - GS\QuickLaunch [nabil]: FlashPeak SlimBrowser.lnk . (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe O4 - GS\QuickLaunch [nabil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [nabil]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [nabil]: Xilisoft Video Converter Ultimate 6.lnk . (...) -- C:\Program Files\Xilisoft\Video Converter Ultimate 6\vcloader.exe O4 - GS\QuickLaunch [nabil]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [nabil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\Program [nabil]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [nabil]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo [nabil]: DVB Dream Plugins Folder (pip00).lnk . (...) -- C:\dvbdream\Plugins\pip00 O4 - GS\Desktop [nabil]: 4shared Desktop.lnk . (...) -- C:\Program Files\4shared Desktop\desktop.exe O4 - GS\Desktop [nabil]: Cheat Engine 6.1.lnk . (...) -- C:\Program Files\Cheat Engine 6.1\Cheat Engine.exe O4 - GS\Desktop [nabil]: CheMax.lnk . (.www.CheMax.ru - Cheats Maximal.) -- C:\Program Files\CheMax\CheMax.exe O4 - GS\Desktop [nabil]: Connexion au réseau local - Raccourci.lnk - Orphan key O4 - GS\Desktop [nabil]: DVB Dream.lnk . (.www.dvbdream.org - No Comment.) -- C:\dvbdream\dvbdream.exe O4 - GS\Desktop [nabil]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe O4 - GS\Desktop [nabil]: Sat Utilities EN by DDv122.lnk . (.Ddv122 Home - SatU.) -- C:\dvbdream\Misc\SatU.exe ~ Global Startup: 87 Legitimates Filtered in 00mn 01s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKCU\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-4063433970-2433234358-3378070945-1001\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit O4 - HKUS\S-1-5-21-4063433970-2433234358-3378070945-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} . (.Stardock.net, Inc - IconPackager Repair Module.) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll ~ SSODL: 2 Legitimates Filtered in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: (dtsoftbus01) . (. - .) - C:\Windows\System32\DRIVERS\dtsoftbus01.sys (.not file.) ~ Drivers: 107 Legitimates Filtered in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Startimes Codecs v1.0 - (...) [HKLM] -- Startimes Codecs_is1 O42 - Logiciel: UpdateChecker - (.SqueakyChocolate, LLC.) [HKLM] -- SqueakyChocolate, LLC UpdateChecker ~ Logic: 77 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\CatalinaGroup] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\DebugNano] [HKCU\Software\Mixesoft] [HKCU\Software\Popajar] [HKCU\Software\SmileysWeLove] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\nanocosmos] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\Conduit] =>Toolbar.Conduit [HKLM\Software\DVBDream] [HKLM\Software\DebugNano] [HKLM\Software\HAL7600] =>Hijacker.Windows7 [HKLM\Software\InstallIQ] ~ Key Software: 169 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 24-10-2013 - 19:32:10 - [10.612] ----D C:\Program Files\B-Link O43 - CFD: 14-10-2013 - 10:26:36 - [4.017] ----D C:\Program Files\CheMax O43 - CFD: 09-10-2013 - 22:46:06 - [0.883] ----D C:\Program Files\Conduit O43 - CFD: 08-10-2013 - 23:38:27 - [0.215] ----D C:\Program Files\FireDTV O43 - CFD: 08-10-2013 - 23:26:47 - [61.925] ----D C:\Program Files\Startimes Codecs O43 - CFD: 08-10-2013 - 23:07:06 - [0.309] ----D C:\Program Files\Toolbar O43 - CFD: 08-10-2013 - 23:26:44 - [0.156] ----D C:\Program Files\Common Files\BitCtrl O43 - CFD: 08-10-2013 - 23:26:44 - [3.391] ----D C:\Program Files\Common Files\Blaze O43 - CFD: 08-10-2013 - 22:53:52 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 27-10-2013 - 16:29:34 - [1.820] ----D C:\ProgramData\Conduit O43 - CFD: 09-10-2013 - 14:48:03 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 08-10-2013 - 22:53:52 - [0.002] ----D C:\Users\nabil\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 26-10-2013 - 22:10:50 - [0.000] ----D C:\Users\nabil\AppData\Roaming\driver O43 - CFD: 26-10-2013 - 22:43:10 - [15.459] ----D C:\Users\nabil\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 13-10-2013 - 10:41:17 - [0.014] ----D C:\Users\nabil\AppData\Roaming\SmileysWeLove O43 - CFD: 08-10-2013 - 22:53:53 - [74.131] ----D C:\Users\nabil\AppData\Local\Babylon =>Toolbar.Babylon O43 - CFD: 26-10-2013 - 22:47:21 - [0] ----D C:\Users\nabil\AppData\Local\CatalinaGroup O43 - CFD: 27-10-2013 - 16:29:30 - [0.918] ----D C:\Users\nabil\AppData\Local\Conduit O43 - CFD: 24-10-2013 - 23:01:27 - [0.001] ----D C:\Users\nabil\AppData\Local\MyRouter ~ Program Folder: 170 Legitimates Filtered in 00mn 18s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.A98A4EF9198FB9280B15CB3079327F18] - 18-10-2013 - 23:07:26 RSH-- . (...) -- C:\DZASP [481082] O44 - LFC:[MD5.EDD400CC92C6D43F98D3D3AFC97C2559] - 24-10-2013 - 19:32:10 ---A- . (...) -- C:\Windows\System32\ISSRemoveSP.exe [451072] O44 - LFC:[MD5.678C7EA24776534FF6DDF491A4F86005] - 24-10-2013 - 19:32:12 ---A- . (...) -- C:\Windows\RtlUI2.exe.manifest [901] O44 - LFC:[MD5.A64711C9CF690718EADA750370EC5EB2] - 26-10-2013 - 22:56:03 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\Windows\System32\Redemption.dll [4659712] O44 - LFC:[MD5.6BFF69D1DBF9B80FCD30C64C50D1B93A] - 28-10-2013 - 11:52:35 ---A- . (...) -- C:\Windows\System32\kavremvr 2013-10-28 11-50-08 (pid 5852).log [190387] O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 28-10-2013 - 17:45:35 ---A- . (...) -- C:\Windows\win.ini [478] O44 - LFC:[MD5.9AF05956BFFE5381E76CA6ACCFC097EC] - 29-10-2013 - 19:32:13 ---A- . (...) -- C:\logFileUI.txt [1324] ~ Files: 107 Legitimates Filtered in 00mn 49s ---\\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.0435C751DEF88E765F071037C8E0F496] - 28-10-2013 - 11:30:47 ---A- - C:\Windows\Prefetch\SETUP_11.0.1.1245.X01_2013_10-30898C08.pf O45 - LFCP:[MD5.D05EE32B1026B8784CCB589F13F5ED50] - 28-10-2013 - 11:30:50 ---A- - C:\Windows\Prefetch\8962476.EXE-4422DA8E.pf O45 - LFCP:[MD5.7C49258FC489B4F39EAA7995354682D3] - 29-10-2013 - 19:29:22 ---A- - C:\Windows\Prefetch\UNINST.EXE-74721B37.pf O45 - LFCP:[MD5.E53C04A666D0357019D11D6507D62009] - 29-10-2013 - 19:32:09 ---A- - C:\Windows\Prefetch\UNINSTALLERUI.EXE-83F9F3E0.pf O45 - LFCP:[MD5.890F015048E66D7F4FA0E7EC97609008] - 29-10-2013 - 19:33:00 ---A- - C:\Windows\Prefetch\CIPHER.EXE-A20C4FBA.pf O45 - LFCP:[MD5.E0670278EAE4BFD6BC41D7ECE39A7208] - 29-10-2013 - 22:10:26 ---A- - C:\Windows\Prefetch\SBFRAME.EXE-5321359E.pf O45 - LFCP:[MD5.5110B6F91DFEEF58B4ACD557073CD64F] - 29-10-2013 - 22:10:34 ---A- - C:\Windows\Prefetch\SBRENDER.EXE-5CC62E6F.pf O45 - LFCP:[MD5.C2A136F32E4C891E790E73B5C2B0EA14] - 29-10-2013 - 22:28:46 ---A- - C:\Windows\Prefetch\AVPUI.EXE-53EB6C45.pf ~ Prefetcher: 116 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - itunes.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" ~ IFEO: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BackgroundContainer [Key] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit O53 - SMSR:HKLM\...\startupreg\DrvUpdater [Key] . (.No owner - DRP Su Updater.) -- C:\Users\nabil\AppData\Roaming\DRPSu\DrvUpdater.exe O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe O53 - SMSR:HKLM\...\startupreg\UpdateChecker [Key] . (.SqueakyChocolate, LLC - UpdateCheckerApp.) -- C:\Program Files\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe ~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14-07-2009 - 2:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13-07-2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: 16 Legitimates Filtered in 00mn 00s ---\\ Last modified or created user files (O61) O61 - LFC: 26-10-2013 - 22:43:39 ---A- . (...) -- C:\Users\nabil\AppData\Local\Avg2014\log\avgdiagex.log.lock [0] O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\files.db [0] O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\uploader.db [22528] O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\uploader.tk [18432] O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\options.xml [2132] O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\overlay.db [12288] O61 - LFC: 26-10-2013 - 22:44:32 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\driver\driver.html [137] O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\OpenCandy\BEE450405A584ADE92A76A3CA9C5B0A4\RegistryReviverSetup_AFF_p3v1.exe [5267320] =>Adware.OpenCandy O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\dljobs.xml [1753] O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\mail.google.com.ico [3638] O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\pc-drivers.fr.ico [1150] O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.4shared.com.ico [1150] O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (.OpenCandy.) -- C:\Users\nabil\AppData\Roaming\OpenCandy\BEE450405A584ADE92A76A3CA9C5B0A4\LatestDLMgr.exe [303400] =>Adware.OpenCandy O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.adslgate.com.ico [4286] O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.amazon.com.ico [17542] O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.blu-ray.com.ico [3638] O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.camsympa.com.ico [1150] O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.google.com.ico [4286] O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.ouedkniss.com.ico [1150] O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.zone-telechargement.com.ico [4286] O61 - LFC: 26-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\.4sh\-2919f4bd855a35effd19672a7ecb024e7 [144469] O61 - LFC: 26-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\.4sh\-2dc93e9e1604f7775115367c28b4eba5b [144468] O61 - LFC: 27-10-2013 - 22:43:39 ---A- . (.Conduit Ltd..) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll [278272] =>Toolbar.Conduit O61 - LFC: 27-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\i1.bzpics.com.ico [1150] O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.brazzers.com.ico [1406] O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.ebay.com.ico [1150] O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.gulfup.com.ico [1150] O61 - LFC: 28-10-2013 - 22:43:39 ---A- . (.Conduit Ltd..) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll [278272] =>Toolbar.Conduit O61 - LFC: 28-10-2013 - 22:43:40 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408] O61 - LFC: 28-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\First Run [0] O61 - LFC: 28-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744] O61 - LFC: 28-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml [57] O61 - LFC: 28-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates.xml [5630] O61 - LFC: 28-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.kaspersky.com.ico [7078] O61 - LFC: 29-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Local State [44835] O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\b4closeall.sgp [77] O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\filter.dat [24] O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\freqform.txt [3] O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\freqsite.txt [5592] O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\html\newtab\newtab.js [1285] O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\html\newtab\newtab_lz.htm [33352] O61 - LFC: 29-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\lastsession.sgp [77] O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\ZHP\Log.txt [19712] =>.Nicolas Coolman O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\ZHP\TestsZHPDiag.txt [2812] =>.Nicolas Coolman O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\startup.txt [3788] ~ 1 Fichiers temporaires (Temporary files) ~ Files: 2470 Legitimates Filtered in 00mn 58s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {41EBFAEA-4682-4E7A-B82E-1CA4D6A59687} - (uTorrentControl_v6 Customized Web Search) - http://search.conduit.com =>P2P.µTorrent O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} [DefaultScope] - (mail.ru: ????? ? ?????????) - http://go.mail.ru ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.9562C82478CA7CE4F89AE5A57B0F74CB] [SPRF][28-10-2013] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.90F66B2BCEE12E534E1A2E003683E5CD] [SPRF][04-11-2001] (.John's Soft ;) - Chrono ShutDown.) -- C:\Users\nabil\Desktop\Chrono Shutdown.exe [204800] [MD5.6ECD9B1596F6113CD4491BBB59232A68] [SPRF][03-06-2009] (...) -- C:\Users\nabil\Desktop\KYNG_MultiLoader_V1_41.exe [559616] [MD5.ABBC129CE99C082F05B8743FF1B9433D] [SPRF][26-02-2013] (.Tonec Inc. - Download with IDM IE menu handler.) -- C:\Program Files\downlWithIDM.dll [96064] [MD5.B69C2FA8366928652CEDE5B26A950D34] [SPRF][26-02-2013] (.Tonec Inc. - Download with IDM IE menu handler.) -- C:\Program Files\downlWithIDM64.dll [148800] [MD5.471EAE674FA1FB3BDC53F5400A80712E] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe [3581816] [MD5.D861AD56296DBA68371CB7AB1038238E] [SPRF][30-04-2013] (.Tonec Inc. - Internet Download Manager Button.) -- C:\Program Files\idmbrbtn.dll [82104] [MD5.873AC292F34BD3BDC79F0E5AA65FBC72] [SPRF][30-04-2013] (.Tonec Inc. - Internet Download Manager Button.) -- C:\Program Files\idmbrbtn64.dll [94976] [MD5.40D33E039779128C2BE79B3124E6FAE7] [SPRF][14-12-2012] (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) -- C:\Program Files\idmBroker.exe [67544] [MD5.6DBDDB32DD86014B7FE2EC85A9DA3EC3] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager click catcher for browsers.) -- C:\Program Files\idmcchandler2.dll [260416] [MD5.ED692476B951AE7E59D64A30C069A4B2] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager click catcher for browsers.) -- C:\Program Files\idmcchandler2_64.dll [369472] [MD5.56AE147E62A772F319CCC306B4338F68] [SPRF][29-06-2012] (.Tonec Inc. - Internet Download Manager assistant.) -- C:\Program Files\idmfsa.dll [83336] [MD5.5B4B1C3DAC327832C49985D497EBAEB3] [SPRF][21-03-2013] (...) -- C:\Program Files\IDMFType.dat [184167] [MD5.48DB4BFCE6F3476DFA6602546F5FB5D4] [SPRF][21-03-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\idmftype.dll [43976] [MD5.C976CEB4BE1DAF3A848C11A4ADF224BA] [SPRF][21-03-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMFType64.dll [52240] [MD5.4FE3A40CEA0D83BCDC1A5CBF939B8373] [SPRF][26-02-2013] (.Tonec Inc. - Internet Download Manager Module.) -- C:\Program Files\IDMGetAll.dll [55104] [MD5.AB4DAB5825DED835B82B3C9E536509D0] [SPRF][26-02-2013] (.Tonec Inc. - Internet Download Manager Module.) -- C:\Program Files\IDMGetAll64.dll [87872] [MD5.8CD4AF625346E26BCAAFDB1ED4CB3321] [SPRF][12-12-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMGrHlp.exe [491480] [MD5.7DE6DB8B61D0C80546967BACAF3E2305] [SPRF][30-04-2013] (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\IDMIECC.dll [364352] [MD5.22C824B3182C3EB9072552582835FDC2] [SPRF][30-04-2013] (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\IDMIECC64.dll [400704] [MD5.A27F1C97FA55CE60D11139875794A124] [SPRF][24-01-2011] (.Internet Download Manager, Tonec Inc. - IDM Integration module.) -- C:\Program Files\IDMIntegrator64.exe [64352] [MD5.F3D66D5AFF658162D93EDBCDA2DA35DC] [SPRF][30-03-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\idmmkb.dll [38304] [MD5.2198AF523DEB6C3C79B5E7FFFEB73829] [SPRF][01-05-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMNetMon.dll [131032] [MD5.9E612E6DAC12367D921C4DD2DD57C1B3] [SPRF][01-05-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMNetMon64.dll [170696] [MD5.36503CD4506F7A2033A3330C2A2BCC4E] [SPRF][16-11-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMShellExt.dll [21904] [MD5.F1C91F6B5EF0E849FF79099799D8F5B4] [SPRF][16-11-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMShellExt64.dll [23496] [MD5.271B6EBCDC29723EE4CDF151C2037EDF] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\Program Files\idmtdi32.sys [114608] [MD5.691C66FB2B59C9CAD2080A1F7C641DCB] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\Program Files\idmtdi64.sys [189248] [MD5.58EBB5D8D87457A1C8D53FC19A52BB5F] [SPRF][15-05-2013] (.Tonec Inc. - Internet Download Manager version module.) -- C:\Program Files\idmvs.dll [30528] [MD5.CF6BBE95D20BFAAEEB0D61136C5D4CAD] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Program Files\idmwfp32.sys [101168] [MD5.74183EF1B72A5AB17B92B209FD0EC690] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Program Files\idmwfp64.sys [166576] [MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] [SPRF][12-12-2012] (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) -- C:\Program Files\IEMonitor.exe [268248] [MD5.4E0CD0B9AD4E28CF86B0D099CB0C8184] [SPRF][13-12-2012] (.Tonec Inc. - Internet Download Manager installer.) -- C:\Program Files\Uninstall.exe [176600] ~ Files: 34 Legitimates Filtered in 00mn 01s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 05-09-2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Disabled 27-02-2012 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 28-10-2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe SR - | Auto 16-04-2010 36864 | (B-Link11nCU) . (.Realtek.) - C:\Program Files\B-Link\11n USB Wireless LAN Utility\RtlService.exe SS - | Disabled 30-08-2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Auto 28-10-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 28-10-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 27-03-2012 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 28-10-2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 03-08-2011 599144 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 03-08-2011 2255464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe SR - | Auto 03-08-2011 379496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 30-08-2013 1740600 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe SR - | Auto 14-07-2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14-07-2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 09s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by nabil at 29-10-2013 22:45:19 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86A5F1F8]<< 1 ntkrnlpa!IofCallDriver[0x8423E52F] >> \Device\Harddisk0\DR0[0x87889A00] \Driver\atapi[0x86B11868] >> IRP_MJ_CREATE >> 0x86A5F1F8 kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Filtered in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by nabil at 29-10-2013 22:45:21 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 12960 - (28-10-2013) Clés trouvées (Keys found) : 19 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 11 Fichiers trouvés (Files found) : 5 [HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp] =>P2P.µTorrent^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer] =>Toolbar.Conduit^ [HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade [HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\BHO.DLL] =>Toolbar.Agent [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\InstallIQ] =>Toolbar.Agent [HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon [HKLM\Software\Classes\Toolbar.CT3289075] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{96f454ea-9d38-474f-b504-56193e00c1a5} =>Toolbar.Conduit^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BackgroundContainer =>Toolbar.Conduit^ C:\Users\nabil\AppData\Roaming\Mozilla\Firefox\Profiles\mz6wsot1.default\{96f454ea-9d38-474f-b504-56193e00c1a5} =>P2P.µTorrent^ C:\ProgramData\Babylon =>Toolbar.Babylon^ C:\Users\nabil\AppData\Roaming\Babylon =>Toolbar.Babylon^ C:\Users\nabil\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\nabil\AppData\Local\Babylon =>Toolbar.Babylon^ C:\Program Files\Conduit =>Toolbar.Conduit C:\ProgramData\Conduit =>Toolbar.Conduit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools =>Toolbar.4shared C:\Users\nabil\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\nabil\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\nabil\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp =>P2P.µTorrent^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Babylon] =>Toolbar.Babylon^ [HKLM\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\HAL7600] =>Hijacker.Windows7^ ~ Additionnel Scan: 236337 Items scanned in 00mn 25s ---\\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy ~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong ~ MSI: 7 link(s) detected in 00mn 25s ~ 3703 Legitimates filtered by white list End of the scan (631 lines in 05mn 08s)(0)