cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.24.22 - Nicolas Coolman (24/01/2014)
~ Launched by HmZa (26/01/2014 12:08:20)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.76
OPIE: Opera vStable 18.0.1284.68

---\\ Windows product information
~ Langage: Anglais
Windows 8.1 Pro with Media Center, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
~ Windows Partial Key : BR9WD
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Kaspersky PURE 3.0 v13.0.2.558
Malwarebytes Anti-Malware النسخة 1.75.0.1300
Windows Defender W8

---\\ System optimization software
CCleaner =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 28 GB (30%) free of 90 GB

---\\ Connection to the system mode
~ Computer Name: HAMZA
~ User Name: HmZa
~ All Users Names: HmZa, ASPNET, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\HmZa\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HmZa\AppData\Roaming\
~ %Desktop% : C:\Users\HmZa\Desktop\
~ %Favorites% : C:\Users\HmZa\Favorites\
~ %LocalAppData% : C:\Users\HmZa\AppData\Local\
~ %StartMenu% : C:\Users\HmZa\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 28 Go of 90 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 22 Go of 59 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.22/10/2013 - 07:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 09:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 09:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 10:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 12:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 11:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 08:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 11:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 11:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 11:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.30/09/2013 - 04:13:41.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/09/2013 - 04:13:38.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 11:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 13:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 11:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 11:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 03:59:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/72
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 2/44
~ Mon Bureau (My Desktop) : 2/7007
~ Menu demarrer (Programs) : 1/67
~ Hidden Files: Scanned in 00mn 10s



---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3124]
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.1876]
[MD5.5409EBAD61CFC4EE3184C66D9C64B148] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136] [PID.7164]
[MD5.B5622C1549F75A2E2312B59CE2293A09] - (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848] [PID.2500]
[MD5.9673736471643D5E6D75BB8319589720] - (.TechSmith Corporation - Snagit.) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe [9479536] [PID.3096]
[MD5.AC6F3C6648E20188DAD74B56806147A7] - (.Microsoft - win32.) -- C:\Users\HmZa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adsystem.exe [253440] [PID.5928]
[MD5.C305C4E666E015BA644B05519458959B] - (.Microsoft - Windows.) -- C:\Users\HmZa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe [289792] [PID.2264]
[MD5.E80335157A225AD734865ADF1F929FFB] - (.VMware, Inc. - VMware Tray Process.) -- C:\Users\HmZa\vmware-tray.exe [111696] [PID.5308]
[MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1520]
[MD5.0A1810F3CF866F67856C8A4E98194493] - (.TechSmith Corporation - TechSmith HTML Help Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe [46080] [PID.5616]
[MD5.812C5A0ABB4A254CD4EBA9D03B0CDB6E] - (.TechSmith Corporation - Snagit RPC Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe [105328] [PID.7076]
[MD5.237A9108BCC77ECCAAB8FCC295E8B243] - (.TechSmith Corporation - Snagit Editor.) -- C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe [8915312] [PID.4208]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6156]
[MD5.1ACC305A386B6D29251215651A70C6D4] - (...) -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [516096] [PID.2880]
[MD5.4B35BE5C6A1F3C91BD839220CEEBB1E2] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [815992] [PID.4188]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.4612]
[MD5.635F9280C61F3A67D920061E382A7717] - (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248] [PID.3256]
[MD5.358B77E2B2CCC9BD8396DC495E463275] - (.Adobe Systems Incorporated - Adobe Dynamic Link Manager.) -- C:\Program Files (x86)\Common Files\Adobe\dynamiclink\7.0\dynamiclinkmanager.exe [554392] [PID.664]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5372]
[MD5.5D60EE718D0C708D69DFF4B3336B68BF] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.7008]
[MD5.8B60C338C7919351E53375447FC68507] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8338432] [PID.5380]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\HmZa\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.yahoo.com
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Safe Money v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.1 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [User Data\Default] [icdlfehblmklkikfigmjhbmmpmkmpooj] Domain Error Assistant v.1.3 (Désactivé)
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [User Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.4 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.2.558 (Désactivé)
~ Google Browser: 24 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\HmZa\AppData\Roaming\Mozilla\Firefox\Profiles\duas6dsq.default-1388251415981\prefs.js
M3 - MFPP: Plugins - [HmZa] -- C:\Users\HmZa\AppData\Roaming\Mozilla\Firefox\Profiles\duas6dsq.default-1388251415981\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [HmZa - duas6dsq.default-1388251415981\savingsslider@mybrowserbar.com] [] Slick Savings v2.9 (..) =>Adware.WidgiToolbar
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect_x86_64] - (...) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (.not file.)
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 87



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: GTA San Andreas.lnk . (...) -- E:\GTA San Andreas\gta_sa.exe
O4 - GS\Desktop [Public]: Kaspersky PURE 3.0.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus Launcher.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
O4 - GS\Desktop [Public]: Lightroom 5.3 64 bits.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe (.not file.) =>.Adobe Systems Incorporated
O4 - GS\Desktop [Public]: Mobile Partner.lnk . (...) -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Special Uninstaller.lnk . (...) -- C:\Program Files (x86)\Special Uninstaller\ALSU.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe
O4 - GS\Desktop [Public]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.) -- C:\Users\HmZa\vmware.exe =>.VMware, Inc
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\QuickLaunch [HmZa]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [HmZa]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HmZa]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HmZa]: Special Uninstaller.lnk . (...) -- C:\Program Files (x86)\Special Uninstaller\ALSU.exe
O4 - GS\QuickLaunch [HmZa]: Viber.lnk . (...) -- C:\Users\HmZa\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [HmZa]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.) -- C:\Users\HmZa\vmware.exe =>.VMware, Inc
O4 - GS\TaskBar [HmZa]: GOM.EXE.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\TaskBar [HmZa]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [HmZa]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [HmZa]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [HmZa]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\Program [HmZa]: Corbeille.lnk - Orphan key
O4 - GS\Program [HmZa]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [HmZa]: Kaspersky PURE 3.0.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O4 - GS\Program [HmZa]: Viber.lnk . (...) -- C:\Users\HmZa\AppData\Local\Viber\Viber.exe
O4 - GS\Desktop [HmZa]: Midnight Pool 3D.lnk . (.Gameloft - Pool3DWin.) -- C:\Users\HmZa\Desktop\Midnight Pool 3D karim oceans\MidnightPool3D_DX9.exe
O4 - GS\Desktop [HmZa]: Superbike Racers.lnk . (...) -- C:\Program Files (x86)\MyRealGames.com\Superbike Racers\game.exe
O4 - GS\Desktop [HmZa]: Viber.lnk . (...) -- C:\Users\HmZa\AppData\Local\Viber\Viber.exe
~ Global Startup: 100 Legitimates Filtered in 00mn 04s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Snagit 11.lnk . (.TechSmith Corporation - Snagit.) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
O4 - GS\Startup [HmZa]: Sidebar33.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar532.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar734.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar817.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar958.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar961.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar962.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar963.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar966.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar967.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar975.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar976.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar98.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar984.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar987.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar988.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar99.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar991.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar993.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar996.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar998.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Startup [HmZa]: Sidebar999.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [WebcamMaxAutoRun] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Users\HmZa\vmware-tray.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCEPServiceManager] . (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-21-790886937-3122888079-2944014703-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-790886937-3122888079-2944014703-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-790886937-3122888079-2944014703-1001\..\Run: [WebcamMaxAutoRun] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{326E4951-2945-476C-B103-713879A4B9F2}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{3626441F-32FA-4A12-AD2A-66FDFBC097AA}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE5C36F-A688-405A-B719-41F5C147A69A}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{9676163F-19D5-490B-ACB8-A4343DDC8713}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{326E4951-2945-476C-B103-713879A4B9F2}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3626441F-32FA-4A12-AD2A-66FDFBC097AA}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{8FE5C36F-A688-405A-B719-41F5C147A69A}: DhcpNameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{9676163F-19D5-490B-ACB8-A4343DDC8713}: DhcpNameServer = 41.214.140.5 41.214.140.4
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) . (...) - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Microsoft Ms (Service1) . (...) - C:\Windows\syswow64\service.exe (.not file.)
O23 - Service: VMware Workstation Server (VMwareHostd) . (...) - C:\Users\HmZa\vmware-hostd.exe =>.VMware, Inc
~ Services: 19 Legitimates Filtered in 00mn 27s



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{8C928254-7BB6-478E-9D5B-D1B91673AABF}] (...) -- C:\Program Files\ProgDVB\Reseter.exe (.not file.) [0]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 14s



---\\ Drivers launched at startup (O41)
O41 - Driver: (AntiLog32) . (. - .) - C:\Windows\system32\drivers\AntiLog64.sys (.not file.)
~ Drivers: 50 Legitimates Filtered in 00mn 01s



---\\ Software installed (O42)
O42 - Logiciel: 2.0 - (.www.video-gif-converter.com.) [HKLM][64Bits] -- Free Video to GIF Converter_is1
O42 - Logiciel: Patch PS CS6 Extended 13.0 - (.Dr.Adham eL Sharkawy © Startimes.) [HKLM][64Bits] -- Patch PS CS6 Extended 13.0
O42 - Logiciel: Special Uninstaller version 2.0 - (.http://www.specialuninstaller.com/.) [HKLM][64Bits] -- {46744C87-EE41-4BA3-A444-C2DECC145FC0}_is1
O42 - Logiciel: Superbike Racers - (.My Real Games Ltd.) [HKLM][64Bits] -- Superbike Racers_is1
~ Logic: 15 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Free_Size]
[HKCU\Software\Standard]
[HKLM\Software\Wow6432Node\SU]
[HKLM\Software\Wow6432Node\ValueApps] =>Toolbar.Conduit
~ Key Software: 319 Legitimates Filtered in 00mn 02s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/01/2014 - 12:14:06 - [12,021] ----D C:\Program Files (x86)\Special Uninstaller
O43 - CFD: 17/01/2014 - 20:35:57 - [0,073] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 24/01/2014 - 18:50:28 - [0] ----D C:\ProgramData\Cloud Plus
O43 - CFD: 10/01/2014 - 16:57:55 - [18,093] --H-D C:\ProgramData\{B21E6C95-1429-4BC6-AA4D-4219C78235A1}
O43 - CFD: 10/01/2014 - 17:00:01 - [4,826] --H-D C:\ProgramData\{CB2950A3-A919-41C2-8920-64738E7DDEE8}
O43 - CFD: 17/01/2014 - 19:13:51 - [0,021] ----D C:\Users\HmZa\AppData\Local\Slick Savings =>PUP.Dealio
O43 - CFD: 23/01/2014 - 05:12:48 - [0,001] ----D C:\Users\HmZa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Midnight Pool 3D
~ Program Folder: 191 Legitimates Filtered in 01mn 01s



---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 19 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{018ce27c-4a38-11e3-825c-001e101f2ae6}\AutoRun\command. (...) -- D:\.\Setup.exe (.not file.)
O51 - MPSK:{1517ac76-4cc9-11e3-8260-0022153a36e7}\AutoRun\command. (...) -- D:\.\Setup.exe (.not file.)
O51 - MPSK:{2bc5a56e-7965-11e3-82a2-001f3c7f1fc6}\AutoRun\command. (...) -- D:\.\Setup.exe (.not file.)
O51 - MPSK:{7f5bbc9c-4625-11e3-8250-001f3c7f1fc6}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{805ce913-462e-11e3-8254-001e101f8f34}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{922bf799-4ff7-11e3-826e-0022153a36e7}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{922bfa8c-4ff7-11e3-826e-0022153a36e7}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{922bfaea-4ff7-11e3-826e-0022153a36e7}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{966c1660-462c-11e3-8253-001e101f1ce2}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{9c9702e7-46de-11e3-825a-001e101f5987}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{9c970805-46de-11e3-825a-001e101f5987}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{ffdcd9a1-4d50-11e3-8262-0022153a36e7}\AutoRun\command. (...) -- D:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 12/08/2013 - 23:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.602FD01035B3F824F9282BF9EB0AA275] - 11/12/2013 - 21:11:50 ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [34840]
O58 - SDL:[MD5.4199113D7B588AC98575109DE363427E] - 25/09/2013 - 12:51:12 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [98504]
O58 - SDL:[MD5.AD24A96001837D222B509CD579589DAB] - 25/09/2013 - 12:51:12 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [67784]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 08:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.9BF9E809FBB2D5D0403B32B15ABE5F30] - 13/11/2013 - 15:05:12 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16640]
O58 - SDL:[MD5.929DF302F15BFE24AC66EF45D858C413] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [175480]
O58 - SDL:[MD5.8D990A44B4F2B68E2C56A3724EC3EB84] - 13/07/2010 - 03:57:08 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [69736]
O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 05/08/2010 - 23:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:[MD5.0DF53A9649073CEBBC0988D6353FED6E] - 04/06/2009 - 18:44:48 ---A- . (.No owner - PU ACPI Utility.) -- C:\Windows\System32\Drivers\PuAcpi64.sys [15880]
O58 - SDL:[MD5.F45D6E12EB99A668F52201637C67C8F5] - 03/09/2009 - 06:37:02 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmpx64.sys [67072]
O58 - SDL:[MD5.EAC02ED935A9C1F2DDD8D985C465B854] - 03/09/2009 - 06:59:28 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspx64.sys [54784]
O58 - SDL:[MD5.71E182A0DE1CECB3F912960716345405] - 24/09/2009 - 13:31:14 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsn64.sys [76288]
O58 - SDL:[MD5.931A8F843B4120DF527C3684DAF77FD9] - 03/09/2009 - 07:14:30 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [57856]
O58 - SDL:[MD5.734EAE274E1B364525EAF4AA247DFA66] - 30/11/2013 - 17:10:05 ---A- . (.Ray Hinchliffe - System Information Viewer X64 Driver.) -- C:\Windows\System32\Drivers\SIVX64.sys [145144]
O58 - SDL:[MD5.EDD1CBA305306584B61697FF6019FB1D] - 23/07/2010 - 16:50:43 ---A- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35200]
O58 - SDL:[MD5.805BBC8A3BEC790F0295505F7A9BC0AF] - 23/07/2010 - 16:50:43 ---A- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1783040]
O58 - SDL:[MD5.113212D25D0C9BB8901A9833774DA97F] - 16/02/2012 - 00:24:38 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [99384]
O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.05B2F42D53A8A089453A2B9D2406034F] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 12:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 11/01/2012 - 02:38:56 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:[MD5.8F105ADE434064ADFBBFBE198513B84F] - 15/04/2012 - 21:32:14 ---A- . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\Drivers\wcmvcam64.sys [1071032]
~ Drivers: 18 Legitimates Filtered in 00mn 07s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FD31A1EA-4C47-455E-8426-C90E56DE3C06} [DefaultScope] - (Yahoo) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\HmZa\Downloads\Compressed\Cracked amtlib.rar
C:\Users\HmZa\Downloads\Compressed\Cracked amtlib.rar
~ Files: Scanned in 02mn 21s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.7640CCFEB21ABFE23CB2D5A1BEF8E3C0] [SPRF][02/01/2014] (...) -- C:\ProgramData\patch.dll [152]
[MD5.08F187E182F75981A129C464846EB422] [SPRF][17/01/2014] (...) -- C:\Users\HmZa\AppData\Local\Temp\Uninstaller.exe [338928]
~ Files: 5 Legitimates Filtered in 00mn 02s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E16EBE74-9859-428D-A0CA-C9D50BCCF2F0}" | In - Domain - P17 - TRUE | .(...) -- C:\Users\HmZa\vmware-hostd.exe
O87 - FAEL: "{8B47EAC2-4131-477D-B83F-C670AEB38028}" | In - Private - P17 - TRUE | .(...) -- C:\Users\HmZa\vmware-hostd.exe
~ Firewall: 237 Legitimates Filtered in 00mn 03s



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 01/03/2013 650240 | (Mobile Partner. RunOuc) . (...) - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
SS - | Demand 15/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/01/2012 37902 | (OpenVPNService) . (...) - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
SS - | Auto 10/07/1658 0 | (Service1) . (...) - C:\Windows\syswow64\service.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (wifimansvc) . (...) - C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/11/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
SR - | Auto 03/12/2012 2571704 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
SR - | Auto 25/09/2013 818888 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 18/07/2013 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 17/12/2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 27/08/2013 86096 | (VMAuthdService) . (.VMware, Inc..) - C:\Users\HmZa\vmware-authd.exe
SR - | Auto 10/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 26/08/2013 904248 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 10/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 27/08/2013 14401104 | (VMwareHostd) . (...) - C:\Users\HmZa\vmware-hostd.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

~ Services: Scanned in 01mn 26s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by HmZa at 26/01/2014 12:19:45
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HmZa at 26/01/2014 12:19:51

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : 13027 - (24/01/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^
[HKCU\Software\AppDataLow\Software\Search Settings] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
C:\Users\HmZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^
C:\Users\HmZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^
C:\Users\HmZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^
C:\Users\HmZa\AppData\Roaming\Mozilla\Firefox\Profiles\duas6dsq.default-1388251415981\extensions\savingsslider@mybrowserbar.com =>Adware.WidgiToolbar^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\Users\HmZa\AppData\Local\Slick Savings =>PUP.Dealio^
[HKLM\Software\Wow6432Node\ValueApps] =>Toolbar.Conduit^
~ Additionnel Scan: 336056 Items scanned in 02mn 23s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/27881234-adware-widgitoolbar =>Adware.WidgiToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 3 link(s) detected in 02mn 24s



~ 1051 Legitimates filtered by white list
End of the scan (573 lines in 13mn 56s)(2)

Publicité


Signaler le contenu de ce document

Publicité