cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2013.10.21.57 - Nicolas Coolman (21/10/2013)
~ Launched by Administrator (23/10/2013 10:47:43)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System protection software
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System optimization software
CCleaner v4.06 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 15 Model 6 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (75% free)
System Restore: Activ� (Enable)
System drive C: has 216 GB (92%) free of 233 GB

---\\ Connection to the system mode
~ Computer Name: JUJU-CE8D864783
~ User Name: Administrator
~ All Users Names: SUPPORT_388945a0, postgres, HelpAssistant, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrator\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrator\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrator\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrator\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Administrator\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrator\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 216 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 15 Go of 298 Go)



---\\ State of the Windows Security Center
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/43
~ Mon Bureau (My Desktop) : 0/14
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1400]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.432]
[MD5.F08D9F81ED9A632A3E52BBDD0B8AECE3] - (.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1867600] [PID.472]
[MD5.F90137A9897071EDE961A5ABA4EA524F] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [59392] [PID.728]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.716]
[MD5.0F869E88FA4489FBE231A42646488CE8] - (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\WINDOWS\stsystra.exe [339968] [PID.736]
[MD5.CFE4BD7C25A750D71A5BD2390953BEB6] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640] [PID.928]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1004]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.1012] =>Toolbar.Google
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1128]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.1640]
[MD5.82E2FA029973DF797E3609021FDFDC0B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8116224] [PID.216]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 3 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: FlvPlayer.lnk . (...) -- C:\Program Files\FlvPlayer\FLVPlayerApp.exe
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Administrator]: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
O4 - GS\Desktop [Administrator]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 6 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] . (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\WINDOWS\stsystra.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Param�tres WEB: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BF3D82-F95A-4A31-96BC-65E58437C642}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72BF3D82-F95A-4A31-96BC-65E58437C642}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) . (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
~ Services: 7 Legitimates Filtered in 00mn 04s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: BetclicPoker.fr - (...) [HKLM] -- BetclicPoker.fr
O42 - Logiciel: Holdem Manager - (...) [HKLM] -- HoldemManager
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {973DD1DF-D51D-46BB-B6AC-D56617D133C1} =>Adware.IMBooster
~ Logic: 53 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BetclicPoker.fr]
~ Key Software: 108 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 22/10/2013 - 20:50:27 - [0,046] ----D C:\Program Files\Uninstaller
~ Program Folder: 86 Legitimates Filtered in 00mn 10s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.22210F050E3BA47D708DBF40214665E7] - 08/10/2013 - 13:15:10 ---A- . (...) -- C:\WINDOWS\system32\nvinfo.pb [18300]
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 14/10/2013 - 18:23:02 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 14/10/2013 - 18:23:12 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.28E3647CBB608139AFB076103208552B] - 14/10/2013 - 18:23:12 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [1931]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 14/10/2013 - 18:23:13 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.03C361FAB5AD67924C5150A384C62BE6] - 14/10/2013 - 18:23:13 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [13223]
O44 - LFC:[MD5.F463BC45CD34ADE54F801746B6D322B1] - 14/10/2013 - 18:23:13 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1161]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 14/10/2013 - 18:23:16 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 14/10/2013 - 18:23:16 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 14/10/2013 - 18:23:16 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 14/10/2013 - 18:23:16 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 14/10/2013 - 18:23:16 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 14/10/2013 - 18:23:16 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 14/10/2013 - 18:23:17 ---A- . (...) -- C:\WINDOWS\Blue Lace 16.bmp [1272]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 14/10/2013 - 18:23:17 ---A- . (...) -- C:\WINDOWS\Coffee Bean.bmp [17062]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 14/10/2013 - 18:23:17 ---A- . (...) -- C:\WINDOWS\Soap Bubbles.bmp [65978]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 14/10/2013 - 18:23:17 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 14/10/2013 - 18:23:17 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\FeatherTexture.bmp [16730]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\Gone Fishing.bmp [17336]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\Greenstone.bmp [26582]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\Prairie Wind.bmp [65954]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\River Sumida.bmp [26680]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 14/10/2013 - 18:23:18 ---A- . (...) -- C:\WINDOWS\Santa Fe Stucco.bmp [65832]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 14/10/2013 - 18:23:19 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.D9FE96B59F23D4ED9CD612B9D8C4BE6E] - 14/10/2013 - 18:24:44 ---A- . (...) -- C:\WINDOWS\system32\mypixdx.chm [11452]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 14/10/2013 - 18:25:17 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 14/10/2013 - 18:25:17 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.6C55DD95F76A421FCDD26DEACF727482] - 14/10/2013 - 18:25:19 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21640]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 14/10/2013 - 18:27:04 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 14/10/2013 - 18:27:04 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 14/10/2013 - 18:27:04 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [48680]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 14/10/2013 - 18:27:04 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [48680]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/10/2013 - 18:27:53 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/10/2013 - 18:27:53 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/10/2013 - 18:27:53 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/10/2013 - 18:27:53 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/10/2013 - 18:27:53 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/10/2013 - 18:27:53 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 14/10/2013 - 18:27:58 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 14/10/2013 - 18:27:58 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.53D7F47255085310F50604FDE3076F97] - 14/10/2013 - 18:28:46 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4161]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 14/10/2013 - 18:28:50 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 14/10/2013 - 18:28:51 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 14/10/2013 - 18:28:51 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.8715347D6B7B2E3A7CFE5ADF2D510CE3] - 14/10/2013 - 18:28:56 ---A- . (...) -- C:\WINDOWS\win.ini [477]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 18:28:57 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 18:28:57 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 18:28:57 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 18:28:57 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 18:28:57 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.5D63303869C881CA9AF7A574CE52FCD6] - 14/10/2013 - 18:31:59 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [237]
O44 - LFC:[MD5.B9F3E2CB97417BADA193B57801B9EB8C] - 14/10/2013 - 20:16:56 R--A- . (...) -- C:\WINDOWS\SET3.tmp [106147]
O44 - LFC:[MD5.CCCD69C24828C62127FFD891A132F7AB] - 14/10/2013 - 20:16:57 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1086058]
O44 - LFC:[MD5.61823BC8DB1DC8F98B12AA54A3CE587F] - 14/10/2013 - 20:16:59 R--A- . (...) -- C:\WINDOWS\SET8.tmp [13753]
O44 - LFC:[MD5.B4D429A292813B2C7201B109C90F3B1F] - 14/10/2013 - 20:17:02 R--A- . (...) -- C:\WINDOWS\SET2D.tmp [22339]
O44 - LFC:[MD5.AEFBE8D10C624D6386EE1B68A8FA8CCF] - 14/10/2013 - 20:17:03 R--A- . (...) -- C:\WINDOWS\SET2E.tmp [10559]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 14/10/2013 - 20:17:08 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2577]
O44 - LFC:[MD5.30475F091008E24550523515A023270D] - 14/10/2013 - 20:17:08 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1688]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 14/10/2013 - 20:17:13 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 14/10/2013 - 20:17:18 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 14/10/2013 - 20:17:18 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 14/10/2013 - 20:17:18 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 14/10/2013 - 20:17:18 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 14/10/2013 - 20:17:22 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 14/10/2013 - 20:17:22 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 14/10/2013 - 20:17:23 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 14/10/2013 - 20:17:24 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 14/10/2013 - 20:17:24 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 14/10/2013 - 20:17:24 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 14/10/2013 - 20:17:24 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 14/10/2013 - 20:17:25 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 14/10/2013 - 20:17:27 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 14/10/2013 - 20:17:27 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 14/10/2013 - 20:17:27 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 14/10/2013 - 20:17:30 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 14/10/2013 - 20:17:30 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 14/10/2013 - 20:17:30 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 14/10/2013 - 20:17:32 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.B143A6852C9EF93E0BDECB02F524F9F2] - 14/10/2013 - 20:17:37 ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 20:18:57 ---A- . (...) -- C:\WINDOWS\system32\nvdrswr.lk [0]
O44 - LFC:[MD5.F2BFDB6DB62E1864E76E0798CAA4DA25] - 14/10/2013 - 20:19:41 ---A- . (...) -- C:\WINDOWS\system32\nvdrsdb1.bin [1114168]
O44 - LFC:[MD5.7E8A115A717E3A1445FCF6DB792995C3] - 14/10/2013 - 20:19:42 ---A- . (...) -- C:\WINDOWS\system32\nvdrsdb0.bin [1114168]
O44 - LFC:[MD5.93B885ADFE0DA089CDF634904FD59F71] - 14/10/2013 - 20:19:42 ---A- . (...) -- C:\WINDOWS\system32\nvdrssel.bin [1]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/10/2013 - 20:22:03 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.70F701DAD1D72BA1199FBEFB74C0EDCC] - 14/10/2013 - 20:59:12 ---A- . (...) -- C:\WINDOWS\system32\e1e5132.din [2740]
O44 - LFC:[MD5.9E817762C4472533D92214D735C97C81] - 14/10/2013 - 21:00:12 ----- . (...) -- C:\WINDOWS\system32\SetupBD.din [1902]
O44 - LFC:[MD5.573C7D0A32852B48F3058CFD8026F511] - 15/10/2013 - 17:31:25 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 15/10/2013 - 17:31:59 ---A- . (...) -- C:\WINDOWS\003141_.tmp [19569]
O44 - LFC:[MD5.E6EE29152D46FE655268C25C24E0B92C] - 15/10/2013 - 19:27:58 ---A- . (...) -- C:\WINDOWS\system32\spdwnwxp.log [160]
O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 15/10/2013 - 22:16:02 ---A- . (...) -- C:\WINDOWS\003120_.tmp [19569]
O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 15/10/2013 - 22:16:37 RSHA- . (...) -- C:\ntldr [252240]
O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 15/10/2013 - 22:17:00 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866]
O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 15/10/2013 - 22:17:02 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045]
O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 15/10/2013 - 22:17:04 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352]
O44 - LFC:[MD5.268D7B0F0C2D5554EA5A3AF08762260F] - 16/10/2013 - 16:53:39 ---A- . (...) -- C:\WINDOWS\system32\spupdsvc.inf [11102]
O44 - LFC:[MD5.E1973F8901E868A4C944EFBF0DCDF67E] - 16/10/2013 - 18:33:27 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6080]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 18:40:01 ---A- . (...) -- C:\WINDOWS\HMHud.INI [0]
O44 - LFC:[MD5.05F95A69A4918E3BE1D9FC993AC156A9] - 23/10/2013 - 09:31:58 ---A- . (...) -- C:\WINDOWS\system32\nvAppTimestamps [3288]
~ Files: 695 Legitimates Filtered in 00mn 36s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=1
O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] - 30/08/2013 - 08:48:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 10/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
~ Drivers: 7 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "FD1DD379D15DBB646BCA5D66711D331C" . (.Iminent.) -- C:\WINDOWS\Installer\{973DD1DF-D51D-46BB-B6AC-D56617D133C1}\imbooster.ico =>Adware.IMBooster
~ Update Products: 20 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.35467A01F29E0F69CB15C12524890487] [WIS][18/10/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\5853d.msi [1829888] =>Adware.IMBooster
~ WIS: 21 Legitimates Filtered in 00mn 02s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 14/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 22/10/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 04/10/2013 1867600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 28/01/2011 66048 | (postgresql-8.4) . (.PostgreSQL Global Development Group.) - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
~ Services: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (21/10/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 2
Fichiers trouv�s (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{973DD1DF-D51D-46BB-B6AC-D56617D133C1}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Documents and Settings\Administrator\Local Settings\Application Data\Software =>Adware.Boxore
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Iminent =>Adware.IMBooster
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
C:\Windows\Installer\5853d.msi =>Adware.IMBooster^
~ Additionnel Scan: 121171 Items scanned in 00mn 22s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 3 link(s) detected in 00mn 22s



~ 1300 Legitimates filtered by white list
End of the scan (487 lines in 01mn 33s)(0)

Publicité


Signaler le contenu de ce document

Publicité