Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2013.10.28.74 - Nicolas Coolman (28-10-2013)
~ Launched by nabil (29-10-2013 22:40:38)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 25.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 5
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Kaspersky Internet Security v14.0.0.4651
Windows Defender W7
---\\ System optimization software
CCleaner v4.06 =>Piriform Ltd
---\\ Sharing software PeerToPeer
�Torrent v3.2.1.28086 =>P2P.�Torrent
---\\ Surveillance software
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047.3 MB (46% free)
System Restore: Activ� (Enable)
System drive C: has 120 GB (86%) free of 139 GB
---\\ Connection to the system mode
~ Computer Name: NABIL-PC
~ User Name: nabil
~ All Users Names: UpdatusUser, nabil, HomeGroupUser$, ENIGMA, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\nabil\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\nabil\AppData\Roaming\
~ %Desktop% : C:\Users\nabil\Desktop\
~ %Favorites% : C:\Users\nabil\Favorites\
~ %LocalAppData% : C:\Users\nabil\AppData\Local\
~ %StartMenu% : C:\Users\nabil\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 120 Go of 139 Go)
D: Hard drive, Flash drive, Thumb drive (Free 7 Go of 10 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 342 Go of 466 Go)
---\\ State of the Windows Security Center
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20-11-2010 - 22:29:20.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14-07-2009 - 2:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10-10-2013 - 14:13:44.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20-11-2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20-11-2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25-04-2011 - 3:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 2:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-07-2009 - 0:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14-07-2009 - 0:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 0:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-04-2011 - 3:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12-04-2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14-07-2009 - 0:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 0:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 0:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 2/412
~ Mes Documents (My Documents) : 1/27
~ Mon Bureau (My Desktop) : 1/39
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.EE39A16FCDAF62A716F8DF24F0FF4819] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [990400] [PID.2112]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2528]
[MD5.B2BCB4A5553E137B026F095D5260EDFC] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864] [PID.2964]
[MD5.1A06BDE20D1312F4FD50E7C157D5A81D] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe [1942328] [PID.3856]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.3752]
[MD5.471EAE674FA1FB3BDC53F5400A80712E] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe [3581816] [PID.5064]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\IEMonitor.exe [268248] [PID.5088]
[MD5.3B605772669BDFD6DC266B9320E87B45] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8143872] [PID.4188]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] , "http://signin.ebay.ca
G2 - GCE: Preference [User Data\Default] [aeifanonhefcaphaeeknpklkfnjjmpec] Learn French - Tr� s Bien v.1.46 (Activ�)
G2 - GCE: Preference [User Data\Default] [bmekbplkjhgmljmbblmhmcnocafhaink] BeGone: Last Stand HD v.1.8.2.17 (Activ�)
G2 - GCE: Preference [User Data\Default] [bppbpeijolfcampacpljolaegibfhjph] TV v.2.5 (Activ�)
G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.16.100.504, (D�sactiv�) =>P2P.�Torrent
G2 - GCE: Preference [User Data\Default] [cmimnpfphpmminhlhfijocolgmmhmibo] Online TV From UK v.2.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [dliaancdkclmoacockpgpcopnfcjgmpe] Parking Mania v.1.0.0.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [dnflngnfkdlpnchnjkppoebemjdaamji] Man of Steel 3D v.1.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [fcanljafkhmmideajcgekocpbdhkened] Bikini TV v.2.5.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Activ�)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [jbdlnhcijcebenimakdlpmpgipkimioe] Free TV Australia v.2.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [kbkkbdjoenphfolcadckgblciaeeippp] Wrath Of The Titans HD v.2.5 (Activ�)
G2 - GCE: Preference [User Data\Default] [kkdkcgeghhfjiglphfppinecpcpnnbne] Movi Kanti Revo v.1.0.0.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [knlgfedckdhkgjinnhogmhkbcjpmmhko] Atlas mondial de donn�es v.1.0.9 (Activ�)
G2 - GCE: Preference [User Data\Default] [nananoifaaimehnlhoolpggpgkbefdom] Live TV Free - TV 360 v.2.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [ojeooogpinnpchmelddadhlplpolocoe] Calendrier en ligne v.4.9.3 (Activ�)
~ Google Browser: 38 Legitimates Filtered in 01mn 02s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [nabil - mz6wsot1.default\{96f454ea-9d38-474f-b504-56193e00c1a5}] [] uTorrentControl_v6 v10.20.0.13 (..) =>P2P.�Torrent
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: SnagIt - [HKLM]{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: uTorrentControl_v6 Toolbar - [HKLM]{96f454ea-9d38-474f-b504-56193e00c1a5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentControl_v6\prxtbuTor.dll =>Toolbar.Conduit
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{96F454EA-9D38-474F-B504-56193E00C1A5} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Angry Birds.lnk . (.Rovio Mobile - Angry Birds.) -- F:\GAMES\INSTALL GAMES\AngryBirds.exe
O4 - GS\Desktop [Public]: B-Link 11n USB Wireless LAN Utility.lnk . (.Realtek - ReStart MFC Application.) -- C:\Program Files\B-Link\11n USB Wireless LAN Utility\ReStart.exe
O4 - GS\Desktop [Public]: DriverPack Solution Lite.lnk . (.Kuzyakov Artur - DriverPack Solution Lite.) -- C:\Program Files\DriverPack Solution Lite 12.3\DRPSu12.3-Lite.exe
O4 - GS\Desktop [Public]: FlashPeak SlimBrowser.lnk . (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PCSX2 0.9.8 (r4600).lnk . (...) -- C:\Program Files\PCSX2 0.9.8\pcsx2-r4600.exe
O4 - GS\Desktop [Public]: Xilisoft Video Converter Ultimate 6.lnk . (...) -- C:\Program Files\Xilisoft\Video Converter Ultimate 6\vcloader.exe
O4 - GS\Desktop [Public]: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [UpdatusUser]: CheMax.lnk . (.www.CheMax.ru - Cheats Maximal.) -- C:\Program Files\CheMax\CheMax.exe
O4 - GS\QuickLaunch [nabil]: 4shared Desktop.lnk . (...) -- C:\Program Files\4shared Desktop\desktop.exe
O4 - GS\QuickLaunch [nabil]: FlashPeak SlimBrowser.lnk . (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe
O4 - GS\QuickLaunch [nabil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [nabil]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [nabil]: Xilisoft Video Converter Ultimate 6.lnk . (...) -- C:\Program Files\Xilisoft\Video Converter Ultimate 6\vcloader.exe
O4 - GS\QuickLaunch [nabil]: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [nabil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [nabil]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [nabil]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [nabil]: DVB Dream Plugins Folder (pip00).lnk . (...) -- C:\dvbdream\Plugins\pip00
O4 - GS\Desktop [nabil]: 4shared Desktop.lnk . (...) -- C:\Program Files\4shared Desktop\desktop.exe
O4 - GS\Desktop [nabil]: Cheat Engine 6.1.lnk . (...) -- C:\Program Files\Cheat Engine 6.1\Cheat Engine.exe
O4 - GS\Desktop [nabil]: CheMax.lnk . (.www.CheMax.ru - Cheats Maximal.) -- C:\Program Files\CheMax\CheMax.exe
O4 - GS\Desktop [nabil]: Connexion au r�seau local - Raccourci.lnk - Orphan key
O4 - GS\Desktop [nabil]: DVB Dream.lnk . (.www.dvbdream.org - No Comment.) -- C:\dvbdream\dvbdream.exe
O4 - GS\Desktop [nabil]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [nabil]: Sat Utilities EN by DDv122.lnk . (.Ddv122 Home - SatU.) -- C:\dvbdream\Misc\SatU.exe
~ Global Startup: 87 Legitimates Filtered in 00mn 01s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063433970-2433234358-3378070945-1001\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-4063433970-2433234358-3378070945-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} . (.Stardock.net, Inc - IconPackager Repair Module.) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (dtsoftbus01) . (. - .) - C:\Windows\System32\DRIVERS\dtsoftbus01.sys (.not file.)
~ Drivers: 107 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: Startimes Codecs v1.0 - (...) [HKLM] -- Startimes Codecs_is1
O42 - Logiciel: UpdateChecker - (.SqueakyChocolate, LLC.) [HKLM] -- SqueakyChocolate, LLC UpdateChecker
~ Logic: 77 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\CatalinaGroup]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DebugNano]
[HKCU\Software\Mixesoft]
[HKCU\Software\Popajar]
[HKCU\Software\SmileysWeLove]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\nanocosmos]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DVBDream]
[HKLM\Software\DebugNano]
[HKLM\Software\HAL7600] =>Hijacker.Windows7
[HKLM\Software\InstallIQ]
~ Key Software: 169 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24-10-2013 - 19:32:10 - [10.612] ----D C:\Program Files\B-Link
O43 - CFD: 14-10-2013 - 10:26:36 - [4.017] ----D C:\Program Files\CheMax
O43 - CFD: 09-10-2013 - 22:46:06 - [0.883] ----D C:\Program Files\Conduit
O43 - CFD: 08-10-2013 - 23:38:27 - [0.215] ----D C:\Program Files\FireDTV
O43 - CFD: 08-10-2013 - 23:26:47 - [61.925] ----D C:\Program Files\Startimes Codecs
O43 - CFD: 08-10-2013 - 23:07:06 - [0.309] ----D C:\Program Files\Toolbar
O43 - CFD: 08-10-2013 - 23:26:44 - [0.156] ----D C:\Program Files\Common Files\BitCtrl
O43 - CFD: 08-10-2013 - 23:26:44 - [3.391] ----D C:\Program Files\Common Files\Blaze
O43 - CFD: 08-10-2013 - 22:53:52 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 27-10-2013 - 16:29:34 - [1.820] ----D C:\ProgramData\Conduit
O43 - CFD: 09-10-2013 - 14:48:03 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 08-10-2013 - 22:53:52 - [0.002] ----D C:\Users\nabil\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 26-10-2013 - 22:10:50 - [0.000] ----D C:\Users\nabil\AppData\Roaming\driver
O43 - CFD: 26-10-2013 - 22:43:10 - [15.459] ----D C:\Users\nabil\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 13-10-2013 - 10:41:17 - [0.014] ----D C:\Users\nabil\AppData\Roaming\SmileysWeLove
O43 - CFD: 08-10-2013 - 22:53:53 - [74.131] ----D C:\Users\nabil\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 26-10-2013 - 22:47:21 - [0] ----D C:\Users\nabil\AppData\Local\CatalinaGroup
O43 - CFD: 27-10-2013 - 16:29:30 - [0.918] ----D C:\Users\nabil\AppData\Local\Conduit
O43 - CFD: 24-10-2013 - 23:01:27 - [0.001] ----D C:\Users\nabil\AppData\Local\MyRouter
~ Program Folder: 170 Legitimates Filtered in 00mn 18s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.A98A4EF9198FB9280B15CB3079327F18] - 18-10-2013 - 23:07:26 RSH-- . (...) -- C:\DZASP [481082]
O44 - LFC:[MD5.EDD400CC92C6D43F98D3D3AFC97C2559] - 24-10-2013 - 19:32:10 ---A- . (...) -- C:\Windows\System32\ISSRemoveSP.exe [451072]
O44 - LFC:[MD5.678C7EA24776534FF6DDF491A4F86005] - 24-10-2013 - 19:32:12 ---A- . (...) -- C:\Windows\RtlUI2.exe.manifest [901]
O44 - LFC:[MD5.A64711C9CF690718EADA750370EC5EB2] - 26-10-2013 - 22:56:03 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\Windows\System32\Redemption.dll [4659712]
O44 - LFC:[MD5.6BFF69D1DBF9B80FCD30C64C50D1B93A] - 28-10-2013 - 11:52:35 ---A- . (...) -- C:\Windows\System32\kavremvr 2013-10-28 11-50-08 (pid 5852).log [190387]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 28-10-2013 - 17:45:35 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.9AF05956BFFE5381E76CA6ACCFC097EC] - 29-10-2013 - 19:32:13 ---A- . (...) -- C:\logFileUI.txt [1324]
~ Files: 107 Legitimates Filtered in 00mn 49s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.0435C751DEF88E765F071037C8E0F496] - 28-10-2013 - 11:30:47 ---A- - C:\Windows\Prefetch\SETUP_11.0.1.1245.X01_2013_10-30898C08.pf
O45 - LFCP:[MD5.D05EE32B1026B8784CCB589F13F5ED50] - 28-10-2013 - 11:30:50 ---A- - C:\Windows\Prefetch\8962476.EXE-4422DA8E.pf
O45 - LFCP:[MD5.7C49258FC489B4F39EAA7995354682D3] - 29-10-2013 - 19:29:22 ---A- - C:\Windows\Prefetch\UNINST.EXE-74721B37.pf
O45 - LFCP:[MD5.E53C04A666D0357019D11D6507D62009] - 29-10-2013 - 19:32:09 ---A- - C:\Windows\Prefetch\UNINSTALLERUI.EXE-83F9F3E0.pf
O45 - LFCP:[MD5.890F015048E66D7F4FA0E7EC97609008] - 29-10-2013 - 19:33:00 ---A- - C:\Windows\Prefetch\CIPHER.EXE-A20C4FBA.pf
O45 - LFCP:[MD5.E0670278EAE4BFD6BC41D7ECE39A7208] - 29-10-2013 - 22:10:26 ---A- - C:\Windows\Prefetch\SBFRAME.EXE-5321359E.pf
O45 - LFCP:[MD5.5110B6F91DFEEF58B4ACD557073CD64F] - 29-10-2013 - 22:10:34 ---A- - C:\Windows\Prefetch\SBRENDER.EXE-5CC62E6F.pf
O45 - LFCP:[MD5.C2A136F32E4C891E790E73B5C2B0EA14] - 29-10-2013 - 22:28:46 ---A- - C:\Windows\Prefetch\AVPUI.EXE-53EB6C45.pf
~ Prefetcher: 116 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - itunes.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
~ IFEO: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BackgroundContainer [Key] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit
O53 - SMSR:HKLM\...\startupreg\DrvUpdater [Key] . (.No owner - DRP Su Updater.) -- C:\Users\nabil\AppData\Roaming\DRPSu\DrvUpdater.exe
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\UpdateChecker [Key] . (.SqueakyChocolate, LLC - UpdateCheckerApp.) -- C:\Program Files\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14-07-2009 - 2:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13-07-2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Last modified or created user files (O61)
O61 - LFC: 26-10-2013 - 22:43:39 ---A- . (...) -- C:\Users\nabil\AppData\Local\Avg2014\log\avgdiagex.log.lock [0]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\files.db [0]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\uploader.db [22528]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\uploader.tk [18432]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\options.xml [2132]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\overlay.db [12288]
O61 - LFC: 26-10-2013 - 22:44:32 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\driver\driver.html [137]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\OpenCandy\BEE450405A584ADE92A76A3CA9C5B0A4\RegistryReviverSetup_AFF_p3v1.exe [5267320] =>Adware.OpenCandy
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\dljobs.xml [1753]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\mail.google.com.ico [3638]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\pc-drivers.fr.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.4shared.com.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (.OpenCandy.) -- C:\Users\nabil\AppData\Roaming\OpenCandy\BEE450405A584ADE92A76A3CA9C5B0A4\LatestDLMgr.exe [303400] =>Adware.OpenCandy
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.adslgate.com.ico [4286]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.amazon.com.ico [17542]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.blu-ray.com.ico [3638]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.camsympa.com.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.google.com.ico [4286]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.ouedkniss.com.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.zone-telechargement.com.ico [4286]
O61 - LFC: 26-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\.4sh\-2919f4bd855a35effd19672a7ecb024e7 [144469]
O61 - LFC: 26-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\.4sh\-2dc93e9e1604f7775115367c28b4eba5b [144468]
O61 - LFC: 27-10-2013 - 22:43:39 ---A- . (.Conduit Ltd..) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll [278272] =>Toolbar.Conduit
O61 - LFC: 27-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\i1.bzpics.com.ico [1150]
O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.brazzers.com.ico [1406]
O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.ebay.com.ico [1150]
O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.gulfup.com.ico [1150]
O61 - LFC: 28-10-2013 - 22:43:39 ---A- . (.Conduit Ltd..) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll [278272] =>Toolbar.Conduit
O61 - LFC: 28-10-2013 - 22:43:40 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408]
O61 - LFC: 28-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 28-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744]
O61 - LFC: 28-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml [57]
O61 - LFC: 28-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates.xml [5630]
O61 - LFC: 28-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.kaspersky.com.ico [7078]
O61 - LFC: 29-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Local State [44835]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\b4closeall.sgp [77]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\filter.dat [24]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\freqform.txt [3]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\freqsite.txt [5592]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\html\newtab\newtab.js [1285]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\html\newtab\newtab_lz.htm [33352]
O61 - LFC: 29-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\lastsession.sgp [77]
O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\ZHP\Log.txt [19712] =>.Nicolas Coolman
O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\ZHP\TestsZHPDiag.txt [2812] =>.Nicolas Coolman
O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\startup.txt [3788]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 2470 Legitimates Filtered in 00mn 58s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {41EBFAEA-4682-4E7A-B82E-1CA4D6A59687} - (uTorrentControl_v6 Customized Web Search) - http://search.conduit.com =>P2P.�Torrent
O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} [DefaultScope] - (mail.ru: ????? ? ?????????) - http://go.mail.ru
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9562C82478CA7CE4F89AE5A57B0F74CB] [SPRF][28-10-2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.90F66B2BCEE12E534E1A2E003683E5CD] [SPRF][04-11-2001] (.John's Soft ;) - Chrono ShutDown.) -- C:\Users\nabil\Desktop\Chrono Shutdown.exe [204800]
[MD5.6ECD9B1596F6113CD4491BBB59232A68] [SPRF][03-06-2009] (...) -- C:\Users\nabil\Desktop\KYNG_MultiLoader_V1_41.exe [559616]
[MD5.ABBC129CE99C082F05B8743FF1B9433D] [SPRF][26-02-2013] (.Tonec Inc. - Download with IDM IE menu handler.) -- C:\Program Files\downlWithIDM.dll [96064]
[MD5.B69C2FA8366928652CEDE5B26A950D34] [SPRF][26-02-2013] (.Tonec Inc. - Download with IDM IE menu handler.) -- C:\Program Files\downlWithIDM64.dll [148800]
[MD5.471EAE674FA1FB3BDC53F5400A80712E] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe [3581816]
[MD5.D861AD56296DBA68371CB7AB1038238E] [SPRF][30-04-2013] (.Tonec Inc. - Internet Download Manager Button.) -- C:\Program Files\idmbrbtn.dll [82104]
[MD5.873AC292F34BD3BDC79F0E5AA65FBC72] [SPRF][30-04-2013] (.Tonec Inc. - Internet Download Manager Button.) -- C:\Program Files\idmbrbtn64.dll [94976]
[MD5.40D33E039779128C2BE79B3124E6FAE7] [SPRF][14-12-2012] (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) -- C:\Program Files\idmBroker.exe [67544]
[MD5.6DBDDB32DD86014B7FE2EC85A9DA3EC3] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager click catcher for browsers.) -- C:\Program Files\idmcchandler2.dll [260416]
[MD5.ED692476B951AE7E59D64A30C069A4B2] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager click catcher for browsers.) -- C:\Program Files\idmcchandler2_64.dll [369472]
[MD5.56AE147E62A772F319CCC306B4338F68] [SPRF][29-06-2012] (.Tonec Inc. - Internet Download Manager assistant.) -- C:\Program Files\idmfsa.dll [83336]
[MD5.5B4B1C3DAC327832C49985D497EBAEB3] [SPRF][21-03-2013] (...) -- C:\Program Files\IDMFType.dat [184167]
[MD5.48DB4BFCE6F3476DFA6602546F5FB5D4] [SPRF][21-03-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\idmftype.dll [43976]
[MD5.C976CEB4BE1DAF3A848C11A4ADF224BA] [SPRF][21-03-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMFType64.dll [52240]
[MD5.4FE3A40CEA0D83BCDC1A5CBF939B8373] [SPRF][26-02-2013] (.Tonec Inc. - Internet Download Manager Module.) -- C:\Program Files\IDMGetAll.dll [55104]
[MD5.AB4DAB5825DED835B82B3C9E536509D0] [SPRF][26-02-2013] (.Tonec Inc. - Internet Download Manager Module.) -- C:\Program Files\IDMGetAll64.dll [87872]
[MD5.8CD4AF625346E26BCAAFDB1ED4CB3321] [SPRF][12-12-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMGrHlp.exe [491480]
[MD5.7DE6DB8B61D0C80546967BACAF3E2305] [SPRF][30-04-2013] (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\IDMIECC.dll [364352]
[MD5.22C824B3182C3EB9072552582835FDC2] [SPRF][30-04-2013] (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\IDMIECC64.dll [400704]
[MD5.A27F1C97FA55CE60D11139875794A124] [SPRF][24-01-2011] (.Internet Download Manager, Tonec Inc. - IDM Integration module.) -- C:\Program Files\IDMIntegrator64.exe [64352]
[MD5.F3D66D5AFF658162D93EDBCDA2DA35DC] [SPRF][30-03-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\idmmkb.dll [38304]
[MD5.2198AF523DEB6C3C79B5E7FFFEB73829] [SPRF][01-05-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMNetMon.dll [131032]
[MD5.9E612E6DAC12367D921C4DD2DD57C1B3] [SPRF][01-05-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMNetMon64.dll [170696]
[MD5.36503CD4506F7A2033A3330C2A2BCC4E] [SPRF][16-11-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMShellExt.dll [21904]
[MD5.F1C91F6B5EF0E849FF79099799D8F5B4] [SPRF][16-11-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMShellExt64.dll [23496]
[MD5.271B6EBCDC29723EE4CDF151C2037EDF] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\Program Files\idmtdi32.sys [114608]
[MD5.691C66FB2B59C9CAD2080A1F7C641DCB] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\Program Files\idmtdi64.sys [189248]
[MD5.58EBB5D8D87457A1C8D53FC19A52BB5F] [SPRF][15-05-2013] (.Tonec Inc. - Internet Download Manager version module.) -- C:\Program Files\idmvs.dll [30528]
[MD5.CF6BBE95D20BFAAEEB0D61136C5D4CAD] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Program Files\idmwfp32.sys [101168]
[MD5.74183EF1B72A5AB17B92B209FD0EC690] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Program Files\idmwfp64.sys [166576]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] [SPRF][12-12-2012] (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) -- C:\Program Files\IEMonitor.exe [268248]
[MD5.4E0CD0B9AD4E28CF86B0D099CB0C8184] [SPRF][13-12-2012] (.Tonec Inc. - Internet Download Manager installer.) -- C:\Program Files\Uninstall.exe [176600]
~ Files: 34 Legitimates Filtered in 00mn 01s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 05-09-2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 27-02-2012 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 28-10-2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
SR - | Auto 16-04-2010 36864 | (B-Link11nCU) . (.Realtek.) - C:\Program Files\B-Link\11n USB Wireless LAN Utility\RtlService.exe
SS - | Disabled 30-08-2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 28-10-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28-10-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 27-03-2012 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28-10-2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 03-08-2011 599144 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 03-08-2011 2255464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 03-08-2011 379496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 30-08-2013 1740600 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
SR - | Auto 14-07-2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14-07-2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by nabil at 29-10-2013 22:45:19
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86A5F1F8]<<
1 ntkrnlpa!IofCallDriver[0x8423E52F] >> \Device\Harddisk0\DR0[0x87889A00]
\Driver\atapi[0x86B11868] >> IRP_MJ_CREATE >> 0x86A5F1F8
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by nabil at 29-10-2013 22:45:21
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12960 - (28-10-2013)
Cl�s trouv�es (Keys found) : 19
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 11
Fichiers trouv�s (Files found) : 5
[HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp] =>P2P.�Torrent^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer] =>Toolbar.Conduit^
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\BHO.DLL] =>Toolbar.Agent
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\InstallIQ] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon
[HKLM\Software\Classes\Toolbar.CT3289075] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{96f454ea-9d38-474f-b504-56193e00c1a5} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BackgroundContainer =>Toolbar.Conduit^
C:\Users\nabil\AppData\Roaming\Mozilla\Firefox\Profiles\mz6wsot1.default\{96f454ea-9d38-474f-b504-56193e00c1a5} =>P2P.�Torrent^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\Users\nabil\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\nabil\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\nabil\AppData\Local\Babylon =>Toolbar.Babylon^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\ProgramData\Conduit =>Toolbar.Conduit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools =>Toolbar.4shared
C:\Users\nabil\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\nabil\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\nabil\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp =>P2P.�Torrent^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Babylon] =>Toolbar.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\HAL7600] =>Hijacker.Windows7^
~ Additionnel Scan: 236337 Items scanned in 00mn 25s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ MSI: 7 link(s) detected in 00mn 25s
~ 3703 Legitimates filtered by white list
End of the scan (631 lines in 05mn 08s)(0)
~ Launched by nabil (29-10-2013 22:40:38)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 25.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 5
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Kaspersky Internet Security v14.0.0.4651
Windows Defender W7
---\\ System optimization software
CCleaner v4.06 =>Piriform Ltd
---\\ Sharing software PeerToPeer
�Torrent v3.2.1.28086 =>P2P.�Torrent
---\\ Surveillance software
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047.3 MB (46% free)
System Restore: Activ� (Enable)
System drive C: has 120 GB (86%) free of 139 GB
---\\ Connection to the system mode
~ Computer Name: NABIL-PC
~ User Name: nabil
~ All Users Names: UpdatusUser, nabil, HomeGroupUser$, ENIGMA, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\nabil\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\nabil\AppData\Roaming\
~ %Desktop% : C:\Users\nabil\Desktop\
~ %Favorites% : C:\Users\nabil\Favorites\
~ %LocalAppData% : C:\Users\nabil\AppData\Local\
~ %StartMenu% : C:\Users\nabil\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 120 Go of 139 Go)
D: Hard drive, Flash drive, Thumb drive (Free 7 Go of 10 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 342 Go of 466 Go)
---\\ State of the Windows Security Center
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20-11-2010 - 22:29:20.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14-07-2009 - 2:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10-10-2013 - 14:13:44.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20-11-2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20-11-2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25-04-2011 - 3:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 2:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-07-2009 - 0:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14-07-2009 - 0:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 0:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-04-2011 - 3:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12-04-2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14-07-2009 - 0:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 0:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 0:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20-11-2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 2/412
~ Mes Documents (My Documents) : 1/27
~ Mon Bureau (My Desktop) : 1/39
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.EE39A16FCDAF62A716F8DF24F0FF4819] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [990400] [PID.2112]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2528]
[MD5.B2BCB4A5553E137B026F095D5260EDFC] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864] [PID.2964]
[MD5.1A06BDE20D1312F4FD50E7C157D5A81D] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe [1942328] [PID.3856]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.3752]
[MD5.471EAE674FA1FB3BDC53F5400A80712E] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe [3581816] [PID.5064]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\IEMonitor.exe [268248] [PID.5088]
[MD5.3B605772669BDFD6DC266B9320E87B45] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8143872] [PID.4188]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] , "http://signin.ebay.ca
G2 - GCE: Preference [User Data\Default] [aeifanonhefcaphaeeknpklkfnjjmpec] Learn French - Tr� s Bien v.1.46 (Activ�)
G2 - GCE: Preference [User Data\Default] [bmekbplkjhgmljmbblmhmcnocafhaink] BeGone: Last Stand HD v.1.8.2.17 (Activ�)
G2 - GCE: Preference [User Data\Default] [bppbpeijolfcampacpljolaegibfhjph] TV v.2.5 (Activ�)
G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.16.100.504, (D�sactiv�) =>P2P.�Torrent
G2 - GCE: Preference [User Data\Default] [cmimnpfphpmminhlhfijocolgmmhmibo] Online TV From UK v.2.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [dliaancdkclmoacockpgpcopnfcjgmpe] Parking Mania v.1.0.0.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [dnflngnfkdlpnchnjkppoebemjdaamji] Man of Steel 3D v.1.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [fcanljafkhmmideajcgekocpbdhkened] Bikini TV v.2.5.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Activ�)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [jbdlnhcijcebenimakdlpmpgipkimioe] Free TV Australia v.2.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [kbkkbdjoenphfolcadckgblciaeeippp] Wrath Of The Titans HD v.2.5 (Activ�)
G2 - GCE: Preference [User Data\Default] [kkdkcgeghhfjiglphfppinecpcpnnbne] Movi Kanti Revo v.1.0.0.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [knlgfedckdhkgjinnhogmhkbcjpmmhko] Atlas mondial de donn�es v.1.0.9 (Activ�)
G2 - GCE: Preference [User Data\Default] [nananoifaaimehnlhoolpggpgkbefdom] Live TV Free - TV 360 v.2.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [ojeooogpinnpchmelddadhlplpolocoe] Calendrier en ligne v.4.9.3 (Activ�)
~ Google Browser: 38 Legitimates Filtered in 01mn 02s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [nabil - mz6wsot1.default\{96f454ea-9d38-474f-b504-56193e00c1a5}] [] uTorrentControl_v6 v10.20.0.13 (..) =>P2P.�Torrent
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: SnagIt - [HKLM]{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: uTorrentControl_v6 Toolbar - [HKLM]{96f454ea-9d38-474f-b504-56193e00c1a5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentControl_v6\prxtbuTor.dll =>Toolbar.Conduit
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{96F454EA-9D38-474F-B504-56193E00C1A5} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Angry Birds.lnk . (.Rovio Mobile - Angry Birds.) -- F:\GAMES\INSTALL GAMES\AngryBirds.exe
O4 - GS\Desktop [Public]: B-Link 11n USB Wireless LAN Utility.lnk . (.Realtek - ReStart MFC Application.) -- C:\Program Files\B-Link\11n USB Wireless LAN Utility\ReStart.exe
O4 - GS\Desktop [Public]: DriverPack Solution Lite.lnk . (.Kuzyakov Artur - DriverPack Solution Lite.) -- C:\Program Files\DriverPack Solution Lite 12.3\DRPSu12.3-Lite.exe
O4 - GS\Desktop [Public]: FlashPeak SlimBrowser.lnk . (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PCSX2 0.9.8 (r4600).lnk . (...) -- C:\Program Files\PCSX2 0.9.8\pcsx2-r4600.exe
O4 - GS\Desktop [Public]: Xilisoft Video Converter Ultimate 6.lnk . (...) -- C:\Program Files\Xilisoft\Video Converter Ultimate 6\vcloader.exe
O4 - GS\Desktop [Public]: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [UpdatusUser]: CheMax.lnk . (.www.CheMax.ru - Cheats Maximal.) -- C:\Program Files\CheMax\CheMax.exe
O4 - GS\QuickLaunch [nabil]: 4shared Desktop.lnk . (...) -- C:\Program Files\4shared Desktop\desktop.exe
O4 - GS\QuickLaunch [nabil]: FlashPeak SlimBrowser.lnk . (.FlashPeak Inc. - FlashPeak SlimBrowser.) -- C:\Program Files\SlimBrowser\sbframe.exe
O4 - GS\QuickLaunch [nabil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [nabil]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [nabil]: Xilisoft Video Converter Ultimate 6.lnk . (...) -- C:\Program Files\Xilisoft\Video Converter Ultimate 6\vcloader.exe
O4 - GS\QuickLaunch [nabil]: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [nabil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [nabil]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [nabil]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [nabil]: DVB Dream Plugins Folder (pip00).lnk . (...) -- C:\dvbdream\Plugins\pip00
O4 - GS\Desktop [nabil]: 4shared Desktop.lnk . (...) -- C:\Program Files\4shared Desktop\desktop.exe
O4 - GS\Desktop [nabil]: Cheat Engine 6.1.lnk . (...) -- C:\Program Files\Cheat Engine 6.1\Cheat Engine.exe
O4 - GS\Desktop [nabil]: CheMax.lnk . (.www.CheMax.ru - Cheats Maximal.) -- C:\Program Files\CheMax\CheMax.exe
O4 - GS\Desktop [nabil]: Connexion au r�seau local - Raccourci.lnk - Orphan key
O4 - GS\Desktop [nabil]: DVB Dream.lnk . (.www.dvbdream.org - No Comment.) -- C:\dvbdream\dvbdream.exe
O4 - GS\Desktop [nabil]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
O4 - GS\Desktop [nabil]: Sat Utilities EN by DDv122.lnk . (.Ddv122 Home - SatU.) -- C:\dvbdream\Misc\SatU.exe
~ Global Startup: 87 Legitimates Filtered in 00mn 01s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063433970-2433234358-3378070945-1001\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-4063433970-2433234358-3378070945-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: DhcpNameServer = 192.168.6.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{F8BBA2C9-7DA8-48C0-85F1-CB975807D847}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} . (.Stardock.net, Inc - IconPackager Repair Module.) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (dtsoftbus01) . (. - .) - C:\Windows\System32\DRIVERS\dtsoftbus01.sys (.not file.)
~ Drivers: 107 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: Startimes Codecs v1.0 - (...) [HKLM] -- Startimes Codecs_is1
O42 - Logiciel: UpdateChecker - (.SqueakyChocolate, LLC.) [HKLM] -- SqueakyChocolate, LLC UpdateChecker
~ Logic: 77 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\CatalinaGroup]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DebugNano]
[HKCU\Software\Mixesoft]
[HKCU\Software\Popajar]
[HKCU\Software\SmileysWeLove]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\nanocosmos]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DVBDream]
[HKLM\Software\DebugNano]
[HKLM\Software\HAL7600] =>Hijacker.Windows7
[HKLM\Software\InstallIQ]
~ Key Software: 169 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24-10-2013 - 19:32:10 - [10.612] ----D C:\Program Files\B-Link
O43 - CFD: 14-10-2013 - 10:26:36 - [4.017] ----D C:\Program Files\CheMax
O43 - CFD: 09-10-2013 - 22:46:06 - [0.883] ----D C:\Program Files\Conduit
O43 - CFD: 08-10-2013 - 23:38:27 - [0.215] ----D C:\Program Files\FireDTV
O43 - CFD: 08-10-2013 - 23:26:47 - [61.925] ----D C:\Program Files\Startimes Codecs
O43 - CFD: 08-10-2013 - 23:07:06 - [0.309] ----D C:\Program Files\Toolbar
O43 - CFD: 08-10-2013 - 23:26:44 - [0.156] ----D C:\Program Files\Common Files\BitCtrl
O43 - CFD: 08-10-2013 - 23:26:44 - [3.391] ----D C:\Program Files\Common Files\Blaze
O43 - CFD: 08-10-2013 - 22:53:52 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 27-10-2013 - 16:29:34 - [1.820] ----D C:\ProgramData\Conduit
O43 - CFD: 09-10-2013 - 14:48:03 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 08-10-2013 - 22:53:52 - [0.002] ----D C:\Users\nabil\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 26-10-2013 - 22:10:50 - [0.000] ----D C:\Users\nabil\AppData\Roaming\driver
O43 - CFD: 26-10-2013 - 22:43:10 - [15.459] ----D C:\Users\nabil\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 13-10-2013 - 10:41:17 - [0.014] ----D C:\Users\nabil\AppData\Roaming\SmileysWeLove
O43 - CFD: 08-10-2013 - 22:53:53 - [74.131] ----D C:\Users\nabil\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 26-10-2013 - 22:47:21 - [0] ----D C:\Users\nabil\AppData\Local\CatalinaGroup
O43 - CFD: 27-10-2013 - 16:29:30 - [0.918] ----D C:\Users\nabil\AppData\Local\Conduit
O43 - CFD: 24-10-2013 - 23:01:27 - [0.001] ----D C:\Users\nabil\AppData\Local\MyRouter
~ Program Folder: 170 Legitimates Filtered in 00mn 18s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.A98A4EF9198FB9280B15CB3079327F18] - 18-10-2013 - 23:07:26 RSH-- . (...) -- C:\DZASP [481082]
O44 - LFC:[MD5.EDD400CC92C6D43F98D3D3AFC97C2559] - 24-10-2013 - 19:32:10 ---A- . (...) -- C:\Windows\System32\ISSRemoveSP.exe [451072]
O44 - LFC:[MD5.678C7EA24776534FF6DDF491A4F86005] - 24-10-2013 - 19:32:12 ---A- . (...) -- C:\Windows\RtlUI2.exe.manifest [901]
O44 - LFC:[MD5.A64711C9CF690718EADA750370EC5EB2] - 26-10-2013 - 22:56:03 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\Windows\System32\Redemption.dll [4659712]
O44 - LFC:[MD5.6BFF69D1DBF9B80FCD30C64C50D1B93A] - 28-10-2013 - 11:52:35 ---A- . (...) -- C:\Windows\System32\kavremvr 2013-10-28 11-50-08 (pid 5852).log [190387]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 28-10-2013 - 17:45:35 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.9AF05956BFFE5381E76CA6ACCFC097EC] - 29-10-2013 - 19:32:13 ---A- . (...) -- C:\logFileUI.txt [1324]
~ Files: 107 Legitimates Filtered in 00mn 49s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.0435C751DEF88E765F071037C8E0F496] - 28-10-2013 - 11:30:47 ---A- - C:\Windows\Prefetch\SETUP_11.0.1.1245.X01_2013_10-30898C08.pf
O45 - LFCP:[MD5.D05EE32B1026B8784CCB589F13F5ED50] - 28-10-2013 - 11:30:50 ---A- - C:\Windows\Prefetch\8962476.EXE-4422DA8E.pf
O45 - LFCP:[MD5.7C49258FC489B4F39EAA7995354682D3] - 29-10-2013 - 19:29:22 ---A- - C:\Windows\Prefetch\UNINST.EXE-74721B37.pf
O45 - LFCP:[MD5.E53C04A666D0357019D11D6507D62009] - 29-10-2013 - 19:32:09 ---A- - C:\Windows\Prefetch\UNINSTALLERUI.EXE-83F9F3E0.pf
O45 - LFCP:[MD5.890F015048E66D7F4FA0E7EC97609008] - 29-10-2013 - 19:33:00 ---A- - C:\Windows\Prefetch\CIPHER.EXE-A20C4FBA.pf
O45 - LFCP:[MD5.E0670278EAE4BFD6BC41D7ECE39A7208] - 29-10-2013 - 22:10:26 ---A- - C:\Windows\Prefetch\SBFRAME.EXE-5321359E.pf
O45 - LFCP:[MD5.5110B6F91DFEEF58B4ACD557073CD64F] - 29-10-2013 - 22:10:34 ---A- - C:\Windows\Prefetch\SBRENDER.EXE-5CC62E6F.pf
O45 - LFCP:[MD5.C2A136F32E4C891E790E73B5C2B0EA14] - 29-10-2013 - 22:28:46 ---A- - C:\Windows\Prefetch\AVPUI.EXE-53EB6C45.pf
~ Prefetcher: 116 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - itunes.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
~ IFEO: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BackgroundContainer [Key] . (.Conduit Ltd. - Background Container.) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>Toolbar.Conduit
O53 - SMSR:HKLM\...\startupreg\DrvUpdater [Key] . (.No owner - DRP Su Updater.) -- C:\Users\nabil\AppData\Roaming\DRPSu\DrvUpdater.exe
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\UpdateChecker [Key] . (.SqueakyChocolate, LLC - UpdateCheckerApp.) -- C:\Program Files\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14-07-2009 - 2:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13-07-2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Last modified or created user files (O61)
O61 - LFC: 26-10-2013 - 22:43:39 ---A- . (...) -- C:\Users\nabil\AppData\Local\Avg2014\log\avgdiagex.log.lock [0]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\files.db [0]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\uploader.db [22528]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\meguellati-nabil@hotmail.com\uploader.tk [18432]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\options.xml [2132]
O61 - LFC: 26-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\4shared Desktop\overlay.db [12288]
O61 - LFC: 26-10-2013 - 22:44:32 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\driver\driver.html [137]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\OpenCandy\BEE450405A584ADE92A76A3CA9C5B0A4\RegistryReviverSetup_AFF_p3v1.exe [5267320] =>Adware.OpenCandy
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\dljobs.xml [1753]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\mail.google.com.ico [3638]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\pc-drivers.fr.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.4shared.com.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:34 ---A- . (.OpenCandy.) -- C:\Users\nabil\AppData\Roaming\OpenCandy\BEE450405A584ADE92A76A3CA9C5B0A4\LatestDLMgr.exe [303400] =>Adware.OpenCandy
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.adslgate.com.ico [4286]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.amazon.com.ico [17542]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.blu-ray.com.ico [3638]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.camsympa.com.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.google.com.ico [4286]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.ouedkniss.com.ico [1150]
O61 - LFC: 26-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.zone-telechargement.com.ico [4286]
O61 - LFC: 26-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\.4sh\-2919f4bd855a35effd19672a7ecb024e7 [144469]
O61 - LFC: 26-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\.4sh\-2dc93e9e1604f7775115367c28b4eba5b [144468]
O61 - LFC: 27-10-2013 - 22:43:39 ---A- . (.Conduit Ltd..) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll [278272] =>Toolbar.Conduit
O61 - LFC: 27-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\i1.bzpics.com.ico [1150]
O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.brazzers.com.ico [1406]
O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.ebay.com.ico [1150]
O61 - LFC: 27-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.gulfup.com.ico [1150]
O61 - LFC: 28-10-2013 - 22:43:39 ---A- . (.Conduit Ltd..) -- C:\Users\nabil\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll [278272] =>Toolbar.Conduit
O61 - LFC: 28-10-2013 - 22:43:40 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408]
O61 - LFC: 28-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 28-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744]
O61 - LFC: 28-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml [57]
O61 - LFC: 28-10-2013 - 22:44:31 ---A- . (...) -- C:\Users\nabil\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates.xml [5630]
O61 - LFC: 28-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\iconcache\www.kaspersky.com.ico [7078]
O61 - LFC: 29-10-2013 - 22:44:29 ---A- . (...) -- C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Local State [44835]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\b4closeall.sgp [77]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\filter.dat [24]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\freqform.txt [3]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\freqsite.txt [5592]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\html\newtab\newtab.js [1285]
O61 - LFC: 29-10-2013 - 22:44:34 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\html\newtab\newtab_lz.htm [33352]
O61 - LFC: 29-10-2013 - 22:44:35 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\SlimBrowser\lastsession.sgp [77]
O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\ZHP\Log.txt [19712] =>.Nicolas Coolman
O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\AppData\Roaming\ZHP\TestsZHPDiag.txt [2812] =>.Nicolas Coolman
O61 - LFC: 29-10-2013 - 22:44:36 ---A- . (...) -- C:\Users\nabil\Documents\startup.txt [3788]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 2470 Legitimates Filtered in 00mn 58s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {41EBFAEA-4682-4E7A-B82E-1CA4D6A59687} - (uTorrentControl_v6 Customized Web Search) - http://search.conduit.com =>P2P.�Torrent
O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} [DefaultScope] - (mail.ru: ????? ? ?????????) - http://go.mail.ru
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9562C82478CA7CE4F89AE5A57B0F74CB] [SPRF][28-10-2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.90F66B2BCEE12E534E1A2E003683E5CD] [SPRF][04-11-2001] (.John's Soft ;) - Chrono ShutDown.) -- C:\Users\nabil\Desktop\Chrono Shutdown.exe [204800]
[MD5.6ECD9B1596F6113CD4491BBB59232A68] [SPRF][03-06-2009] (...) -- C:\Users\nabil\Desktop\KYNG_MultiLoader_V1_41.exe [559616]
[MD5.ABBC129CE99C082F05B8743FF1B9433D] [SPRF][26-02-2013] (.Tonec Inc. - Download with IDM IE menu handler.) -- C:\Program Files\downlWithIDM.dll [96064]
[MD5.B69C2FA8366928652CEDE5B26A950D34] [SPRF][26-02-2013] (.Tonec Inc. - Download with IDM IE menu handler.) -- C:\Program Files\downlWithIDM64.dll [148800]
[MD5.471EAE674FA1FB3BDC53F5400A80712E] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDMan.exe [3581816]
[MD5.D861AD56296DBA68371CB7AB1038238E] [SPRF][30-04-2013] (.Tonec Inc. - Internet Download Manager Button.) -- C:\Program Files\idmbrbtn.dll [82104]
[MD5.873AC292F34BD3BDC79F0E5AA65FBC72] [SPRF][30-04-2013] (.Tonec Inc. - Internet Download Manager Button.) -- C:\Program Files\idmbrbtn64.dll [94976]
[MD5.40D33E039779128C2BE79B3124E6FAE7] [SPRF][14-12-2012] (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) -- C:\Program Files\idmBroker.exe [67544]
[MD5.6DBDDB32DD86014B7FE2EC85A9DA3EC3] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager click catcher for browsers.) -- C:\Program Files\idmcchandler2.dll [260416]
[MD5.ED692476B951AE7E59D64A30C069A4B2] [SPRF][08-10-2013] (.Tonec Inc. - Internet Download Manager click catcher for browsers.) -- C:\Program Files\idmcchandler2_64.dll [369472]
[MD5.56AE147E62A772F319CCC306B4338F68] [SPRF][29-06-2012] (.Tonec Inc. - Internet Download Manager assistant.) -- C:\Program Files\idmfsa.dll [83336]
[MD5.5B4B1C3DAC327832C49985D497EBAEB3] [SPRF][21-03-2013] (...) -- C:\Program Files\IDMFType.dat [184167]
[MD5.48DB4BFCE6F3476DFA6602546F5FB5D4] [SPRF][21-03-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\idmftype.dll [43976]
[MD5.C976CEB4BE1DAF3A848C11A4ADF224BA] [SPRF][21-03-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMFType64.dll [52240]
[MD5.4FE3A40CEA0D83BCDC1A5CBF939B8373] [SPRF][26-02-2013] (.Tonec Inc. - Internet Download Manager Module.) -- C:\Program Files\IDMGetAll.dll [55104]
[MD5.AB4DAB5825DED835B82B3C9E536509D0] [SPRF][26-02-2013] (.Tonec Inc. - Internet Download Manager Module.) -- C:\Program Files\IDMGetAll64.dll [87872]
[MD5.8CD4AF625346E26BCAAFDB1ED4CB3321] [SPRF][12-12-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMGrHlp.exe [491480]
[MD5.7DE6DB8B61D0C80546967BACAF3E2305] [SPRF][30-04-2013] (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\IDMIECC.dll [364352]
[MD5.22C824B3182C3EB9072552582835FDC2] [SPRF][30-04-2013] (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\IDMIECC64.dll [400704]
[MD5.A27F1C97FA55CE60D11139875794A124] [SPRF][24-01-2011] (.Internet Download Manager, Tonec Inc. - IDM Integration module.) -- C:\Program Files\IDMIntegrator64.exe [64352]
[MD5.F3D66D5AFF658162D93EDBCDA2DA35DC] [SPRF][30-03-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\idmmkb.dll [38304]
[MD5.2198AF523DEB6C3C79B5E7FFFEB73829] [SPRF][01-05-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMNetMon.dll [131032]
[MD5.9E612E6DAC12367D921C4DD2DD57C1B3] [SPRF][01-05-2013] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMNetMon64.dll [170696]
[MD5.36503CD4506F7A2033A3330C2A2BCC4E] [SPRF][16-11-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMShellExt.dll [21904]
[MD5.F1C91F6B5EF0E849FF79099799D8F5B4] [SPRF][16-11-2012] (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\IDMShellExt64.dll [23496]
[MD5.271B6EBCDC29723EE4CDF151C2037EDF] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\Program Files\idmtdi32.sys [114608]
[MD5.691C66FB2B59C9CAD2080A1F7C641DCB] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\Program Files\idmtdi64.sys [189248]
[MD5.58EBB5D8D87457A1C8D53FC19A52BB5F] [SPRF][15-05-2013] (.Tonec Inc. - Internet Download Manager version module.) -- C:\Program Files\idmvs.dll [30528]
[MD5.CF6BBE95D20BFAAEEB0D61136C5D4CAD] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Program Files\idmwfp32.sys [101168]
[MD5.74183EF1B72A5AB17B92B209FD0EC690] [SPRF][05-04-2013] (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Program Files\idmwfp64.sys [166576]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] [SPRF][12-12-2012] (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) -- C:\Program Files\IEMonitor.exe [268248]
[MD5.4E0CD0B9AD4E28CF86B0D099CB0C8184] [SPRF][13-12-2012] (.Tonec Inc. - Internet Download Manager installer.) -- C:\Program Files\Uninstall.exe [176600]
~ Files: 34 Legitimates Filtered in 00mn 01s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 05-09-2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 27-02-2012 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 28-10-2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
SR - | Auto 16-04-2010 36864 | (B-Link11nCU) . (.Realtek.) - C:\Program Files\B-Link\11n USB Wireless LAN Utility\RtlService.exe
SS - | Disabled 30-08-2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 28-10-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28-10-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 27-03-2012 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28-10-2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 03-08-2011 599144 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 03-08-2011 2255464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 03-08-2011 379496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 30-08-2013 1740600 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
SR - | Auto 14-07-2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14-07-2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by nabil at 29-10-2013 22:45:19
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86A5F1F8]<<
1 ntkrnlpa!IofCallDriver[0x8423E52F] >> \Device\Harddisk0\DR0[0x87889A00]
\Driver\atapi[0x86B11868] >> IRP_MJ_CREATE >> 0x86A5F1F8
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by nabil at 29-10-2013 22:45:21
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12960 - (28-10-2013)
Cl�s trouv�es (Keys found) : 19
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 11
Fichiers trouv�s (Files found) : 5
[HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp] =>P2P.�Torrent^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer] =>Toolbar.Conduit^
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\BHO.DLL] =>Toolbar.Agent
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\InstallIQ] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon
[HKLM\Software\Classes\Toolbar.CT3289075] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{96f454ea-9d38-474f-b504-56193e00c1a5} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BackgroundContainer =>Toolbar.Conduit^
C:\Users\nabil\AppData\Roaming\Mozilla\Firefox\Profiles\mz6wsot1.default\{96f454ea-9d38-474f-b504-56193e00c1a5} =>P2P.�Torrent^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\Users\nabil\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\nabil\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\nabil\AppData\Local\Babylon =>Toolbar.Babylon^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\ProgramData\Conduit =>Toolbar.Conduit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools =>Toolbar.4shared
C:\Users\nabil\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\nabil\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\nabil\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp =>P2P.�Torrent^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Babylon] =>Toolbar.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\HAL7600] =>Hijacker.Windows7^
~ Additionnel Scan: 236337 Items scanned in 00mn 25s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ MSI: 7 link(s) detected in 00mn 25s
~ 3703 Legitimates filtered by white list
End of the scan (631 lines in 05mn 08s)(0)