cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Launched by Metagle (06/01/2014 02:44:32)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v7.0.5730.11
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System optimization software
CCleaner v4.00 =>Piriform Ltd

---\\ Sharing software PeerToPeer
µTorrent v3.2.2.28595 =>P2P.µTorrent

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1783 MB (25% free)
System Restore: Activé (Enable)
System drive C: has 52 GB (69%) free of 75 GB

---\\ Connection to the system mode
~ Computer Name: PC
~ User Name: Metagle
~ All Users Names: SUPPORT_388945a0, Metagle, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Metagle\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Metagle\Application Data\
~ %Desktop% : C:\Documents and Settings\Metagle\Bureau\
~ %Favorites% : C:\Documents and Settings\Metagle\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Metagle\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Metagle\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 75 Go)
D: Hard drive, Flash drive, Thumb drive (Free 65 Go of 190 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.214D574D97E9C248E88097FF7007BECA] - (.Microsoft Corporation - Explorateur Windows.) (.23/07/2007 - 17:41:31.) -- C:\WINDOWS\Explorer.exe [1037312]
[MD5.47DDAD237F60729DEA2B9E0E2382B58F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/07/2007 - 17:46:33.) -- C:\WINDOWS\system32\wininet.dll [823808]
[MD5.123EEA158F74D0F67A51DCDF065D1091] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.19/08/2004 - 15:10:06.) -- C:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.6A0397376853E604DE8E1E7A87FC08AC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/08/2008 - 09:48:52.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138368]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 21:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.03/08/2004 - 22:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.9D5495B4F238B732B593F27C922DEB50] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.23/07/2007 - 17:41:18.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62592]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.02/10/2001 - 22:20:29.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19/08/2004 - 14:56:40.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.03/08/2004 - 22:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.472C75F85E631F8AA87D21C9FEE6238D] - (.Microsoft Corporation - IP Network Address Translator.) (.23/07/2007 - 17:41:42.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [136320]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.03/08/2004 - 22:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.3500E756812E716351F2D341AE1D5623] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/02/2010 - 12:48:23.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457216]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.03/08/2004 - 22:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.19A811EF5F1ED5C926A028CE107FF1AF] - (.Microsoft Corporation - NT File System Driver.) (.26/04/2007 - 12:19:16.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574464]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.23/07/2007 - 18:02:21.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.03/08/2004 - 22:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 23:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.19/08/2004 - 15:54:52.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/08/2004 - 14:59:14.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/61
~ Mon Bureau (My Desktop) : 1/156
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.85C2E84BC1224C75A20B5560D5A15DB9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [141848] [PID.772]
[MD5.F9D905B18752AEB78FDA90E42C5F5095] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [2077008] [PID.792]
[MD5.4965EA7CBF93542E6D20022CFCA8CD38] - (.Realtek Semiconductor Corp. - RtWLan ( For WinXP/2003) Application.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [930194] [PID.1980]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.216]
[MD5.F645990AEEBD0A3C596F0D5FE460A810] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3821136] [PID.588]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.2884]
[MD5.9B3516C1F30DA17ADD3818573047D63C] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [625152] [PID.228]
[MD5.AABDE5E8BE4D303047836C6A3198837B] - (...) -- C:\Program Files\DFX\DFX.exe [1131880] [PID.1244]
[MD5.217DC9337A0743E47FB8D31EC7D29ADB] - (.No owner - DFX.) -- C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe [129384] [PID.3084]
[MD5.907B1256EE0F0A0C7DD263A539A521BE] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe [176060] [PID.4192]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.3032]
[MD5.877B85B87727D1B30C78F7EAA92E59DB] - (...) -- C:\Program Files\Unlockroot Pro\tools\adb.exe [815104] [PID.552]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.4556]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Metagle\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bjfjckelkjhfgamlmipgdaklofacegaa] maucampo v.1.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [dbpebffoameokfhnaaedmefjncfboino] SecretSauce v.1.0.0 (Désactivé) =>Adware.SecretSauce
G2 - GCE: Preference [User Data\Default] [elhjaoldnkkbifioodjndkijecdeinld] BittorrentBar_FR v.10.16.100.4, (Désactivé) =>P2P.BitTorrent
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [jooebibmaabdachfgeeopohjbkhlkkop] OnlineHD V6.0 v.1.26.16, (Activé)
G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] uTorrentBar_FR v.10.16.100.4, (Désactivé) =>P2P.µTorrent
~ Google Browser: 22 Legitimates Filtered in 00mn 29s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Program Files\tfefwqeg\xattbehk.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Acrobat Reader 5.1.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.1.) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Program [AllUsers]: EditPlus 3.lnk . (.ES-Computing - EditPlus.) -- C:\Program Files\EditPlus 3\editplus.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [Metagle]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Global Startup: 13 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Program [AllUsers]: REALTEK RTL8187 Wireless LAN Utility.lnk . (.Realtek Semiconductor Corp. - RtWLan ( For WinXP/2003) Application.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
O4 - HKLM\..\Run: [DFX] . (...) -- C:\Program Files\DFX\DFX.exe
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKUS\S-1-5-21-583907252-179605362-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-583907252-179605362-725345543-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-583907252-179605362-725345543-1003\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-583907252-179605362-725345543-1003\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7175433-7678-4B18-A79C-BD7F5E317FDE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7175433-7678-4B18-A79C-BD7F5E317FDE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7175433-7678-4B18-A79C-BD7F5E317FDE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Metagle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Metagle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OnlineHD V6.0-codedownloader.job [1224]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OnlineHD V6.0-enabler.job [1134]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OnlineHD V6.0-updater.job [1332]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 32s



---\\ Software installed (O42)
O42 - Logiciel: PopGameBox - (.PopGameBox Soft, Inc..) [HKLM] -- {B5FE5F5A-94DB-44DA-964E-FC2A06A0FB58}_is1
O42 - Logiciel: USB Virus Scan 2.4 - (.USB Virus Scan.) [HKLM] -- USB Virus Scan_is1
O42 - Logiciel: abylon EXIF-CLEANER 2013.2 - (.abylonsoft.) [HKLM] -- abylonprotectionmanager-exif-cleaner_is1
O42 - Logiciel: مشغل الفلاش العربي - (...) [HKLM] -- مشغل الفلاش العربي
~ Logic: 28 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\PlayFreeBrowser]
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\facemoods.com] =>Adware.Facemoods
[HKCU\Software\softonic.com4] =>Toolbar.Conduit
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\PIP]
[HKLM\Software\ValueApps] =>Toolbar.Conduit
[HKLM\Software\facemoods.com] =>Adware.Facemoods
~ Key Software: 297 Legitimates Filtered in 00mn 02s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 31/10/2013 - 00:39:36 - [103,107] ----D C:\Program Files\abylonsoft
O43 - CFD: 31/12/2013 - 13:06:15 - [0] ----D C:\Program Files\SecretSauce =>Adware.SecretSauce
O43 - CFD: 28/12/2013 - 15:15:08 - [0,104] ----D C:\Program Files\tfefwqeg
O43 - CFD: 19/12/2013 - 21:53:28 - [10,615] ----D C:\Program Files\USBScan
O43 - CFD: 30/12/2013 - 20:58:37 - [1,208] ----D C:\Program Files\مشغل الفلاش العربي
O43 - CFD: 19/12/2013 - 20:42:04 - [0] ----D C:\Documents and Settings\All Users\Application Data\Conduit
O43 - CFD: 22/12/2013 - 21:20:54 - [1,335] ----D C:\Documents and Settings\Metagle\Application Data\newnext.me
O43 - CFD: 20/11/2013 - 00:26:02 - [0] ----D C:\Documents and Settings\Metagle\Local Settings\Application Data\Conduit
O43 - CFD: 22/12/2013 - 22:57:16 - [1,331] ----D C:\Documents and Settings\Metagle\Local Settings\Application Data\genienext
O43 - CFD: 07/12/2013 - 15:49:37 - [0] ----D C:\Documents and Settings\Metagle\Local Settings\Application Data\ValueApps =>Toolbar.Conduit
O43 - CFD: 22/12/2013 - 13:45:05 - [0,001] ----D C:\Documents and Settings\Metagle\Menu Démarrer\Programmes\مشغل الفلاش العربي
~ Program Folder: 190 Legitimates Filtered in 01mn 11s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.B628BEC383E1EC3F5DE14B48BE1F9C5D] - 05/01/2014 - 16:08:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.B19863C795A779EAD192FD603E71D912] - 05/01/2014 - 16:08:27 ---A- . (...) -- C:\WINDOWS\RTacDbg.txt [33724]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 05/01/2014 - 18:03:34 ---A- . (...) -- C:\WINDOWS\system32\Drivers\einiwfap.sys [54016]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 05/01/2014 - 20:18:45 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hvjjt.sys [54016]
O44 - LFC:[MD5.A64711C9CF690718EADA750370EC5EB2] - 05/01/2014 - 20:26:10 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\WINDOWS\system32\Redemption.dll [4659712]
O44 - LFC:[MD5.C7E631DC3F153D0221F2C098F410E6A2] - 05/01/2014 - 21:15:22 ---A- . (...) -- C:\WINDOWS\wmsetup.log [778]
O44 - LFC:[MD5.54722B924EED218A52377AFF988E52EB] - 05/01/2014 - 21:21:32 ---A- . (...) -- C:\WINDOWS\Wdf01007Inst.log [13663]
O44 - LFC:[MD5.161B1A05E8A9F5BB7692200EE806B3F2] - 05/01/2014 - 21:21:33 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.CFFC951DE2EE54E9F2ACD7E558BF2F6D] - 05/01/2014 - 21:29:03 ---A- . (...) -- C:\WINDOWS\msmqinst.log [3768]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 05/01/2014 - 21:29:16 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.C84495C1F4D5BECA5B16295651AEBE86] - 05/01/2014 - 21:29:37 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [12367]
O44 - LFC:[MD5.A7A3D1898BA388EB1CD33A1213B9D931] - 05/01/2014 - 21:29:39 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [850]
O44 - LFC:[MD5.DC7809801CEE0EAC1956F5E1C8746298] - 05/01/2014 - 21:29:39 ---A- . (...) -- C:\WINDOWS\msgsocm.log [618]
O44 - LFC:[MD5.FA19A13C52324EE1C50C412C90DFE7AD] - 05/01/2014 - 21:29:39 ---A- . (...) -- C:\WINDOWS\netfxocm.log [2166]
O44 - LFC:[MD5.0C5FB90E7EDCB6A80E03BB38A7C57AD7] - 05/01/2014 - 21:29:39 ---A- . (...) -- C:\WINDOWS\ocgen.log [8422]
O44 - LFC:[MD5.C44A7E0673F641D19D63A98976989A1D] - 05/01/2014 - 21:29:41 ---A- . (...) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.24A55F56AC3D67BD0FD08371A088A51E] - 05/01/2014 - 21:29:41 ---A- . (...) -- C:\WINDOWS\ocmsn.log [684]
O44 - LFC:[MD5.50ED08821F701736E3FC5A620DD64D5B] - 05/01/2014 - 21:29:41 ---A- . (...) -- C:\WINDOWS\tabletoc.log [622]
O44 - LFC:[MD5.45D35DD4F4BDC98D6B2E6F45BEA0061F] - 05/01/2014 - 21:29:41 ---A- . (...) -- C:\WINDOWS\tsoc.log [5640]
O44 - LFC:[MD5.4C53C24FB3E1D3AE123B305F9FAC0B26] - 05/01/2014 - 21:29:42 ---A- . (...) -- C:\WINDOWS\comsetup.log [4119]
O44 - LFC:[MD5.D4A687F0F29293D5D4CADA92180EFBA2] - 05/01/2014 - 21:29:42 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [2490]
O44 - LFC:[MD5.E2426527D839836AF5BA22D5B1EB50D3] - 05/01/2014 - 21:29:43 ---A- . (...) -- C:\WINDOWS\iis6.log [13300]
O44 - LFC:[MD5.CD1383288D37A5FE781CB6D1D10D5C8D] - 05/01/2014 - 21:30:16 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [648530]
O44 - LFC:[MD5.B5EA117ACDE05FA5F55F5EE11BF94D43] - 05/01/2014 - 23:27:27 ---A- . (...) -- C:\WINDOWS\wiadebug.log [3124]
O44 - LFC:[MD5.E0076399351F188F0835FA789CAE8EAD] - 05/01/2014 - 23:28:28 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.log [35594]
O44 - LFC:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 06/01/2014 - 02:02:41 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys.bak [262528]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 06/01/2014 - 02:02:43 ---A- . (...) -- C:\WINDOWS\system32\Drivers\einiwfap.sys.bak [54016]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 06/01/2014 - 02:02:44 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hvjjt.sys.bak [54016]
O44 - LFC:[MD5.406B1D186F75B4B4832D6237859E1B00] - 06/01/2014 - 02:02:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys.bak [25624]
O44 - LFC:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/01/2014 - 02:02:54 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\system32\Drivers\ptilink.sys.bak [17792]
O44 - LFC:[MD5.432D9D823C4C26B6070C41BAD4404CE4] - 06/01/2014 - 02:03:00 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\tap0901.sys.bak [35288]
O44 - LFC:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 06/01/2014 - 02:03:02 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys.bak [58112]
O44 - LFC:[MD5.221494C29E9F4B6D02514CA29F2A3A4E] - 22/12/2013 - 23:27:57 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.dat [14119]
O44 - LFC:[MD5.6303211B1886FB33708EFAD133849F20] - 22/12/2013 - 23:28:21 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.log [2768]
O44 - LFC:[MD5.DED4C49C39D6CEFC00FDA0C4D7D59407] - 27/12/2013 - 12:50:17 ---A- . (...) -- C:\WINDOWS\system32\ff_vfw.dll.manifest [714]
O44 - LFC:[MD5.AF6DCAB42A9758D83AA5F252E81CB512] - 27/12/2013 - 12:50:17 ---A- . (.No owner - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll [112640]
O44 - LFC:[MD5.C26B7B8CA40C627B9DE399F9F8FACC69] - 27/12/2013 - 12:50:22 ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [650752]
O44 - LFC:[MD5.56552C7C36B6237704CE3BA9DF49FECF] - 27/12/2013 - 12:50:22 ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [243200]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 27/12/2013 - 12:50:22 ---A- . (.No owner - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll [216064]
O44 - LFC:[MD5.71F91A3E77BC995AC74A7F2CE2622E23] - 27/12/2013 - 12:50:22 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\WINDOWS\system32\x264vfw.dll [4102656]
O44 - LFC:[MD5.9F55F2EA47021EB688DB7370BC52F700] - 29/12/2013 - 02:35:02 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]
~ Files: 299 Legitimates Filtered in 00mn 44s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\XBMC\XBMC.exe" [Disabled] .(...) -- C:\Program Files\XBMC\XBMC.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Mes images\Mr Rachid-Law\popgamebox_fsetup\Call.Of.Duty.2-KaOs\CoD2MP_s.exe" [Disabled] .(.No owner.) -- D:\Mes images\Mr Rachid-Law\popgamebox_fsetup\Call.Of.Duty.2-KaOs\CoD2MP_s.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Metagle\Mes documents\Downloads\Call.of.Duty.United.Offensive\mo-cdufa\Setup\Data\CoDUOMP.exe" [Disabled] .(...) -- C:\Documents and Settings\Metagle\Mes documents\Downloads\Call.of.Duty.United.Offensive\mo-cdufa\Setup\Data\CoDUOMP.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Ralink\Common\RaUI.exe" [Enabled] .(...) -- C:\Program Files\Ralink\Common\RaUI.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Unified Remote\RemoteServer.exe" [Enabled] .(...) -- C:\Program Files\Unified Remote\RemoteServer.exe (.not file.)
~ Keys Export: 17 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent [Key] . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NextLive [Key] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Documents and Settings\Metagle\Application Data\newnext.me\nengine.dll
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 23/07/2007 - 18:02:21 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 06/01/2014 - 02:02:41 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys.bak [262528]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 30/10/2013 - 12:06:42 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 06/01/2014 - 02:02:41 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys.bak [20032]
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 05/01/2014 - 18:03:34 ---A- . (...) -- C:\WINDOWS\system32\Drivers\einiwfap.sys [54016]
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 06/01/2014 - 02:02:43 ---A- . (...) -- C:\WINDOWS\system32\Drivers\einiwfap.sys.bak [54016]
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 05/01/2014 - 20:18:45 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hvjjt.sys [54016]
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 06/01/2014 - 02:02:44 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hvjjt.sys.bak [54016]
O58 - SDL:[MD5.AACD48039C4BB5930EC145B456CB791E] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121184]
O58 - SDL:[MD5.AACD48039C4BB5930EC145B456CB791E] - 06/01/2014 - 02:02:45 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys.bak [121184]
O58 - SDL:[MD5.406B1D186F75B4B4832D6237859E1B00] - 11/10/2007 - 18:59:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [25624]
O58 - SDL:[MD5.406B1D186F75B4B4832D6237859E1B00] - 06/01/2014 - 02:02:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys.bak [25624]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 02/10/2001 - 22:21:12 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/01/2014 - 02:02:54 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys.bak [17792]
O58 - SDL:[MD5.F1771926A47A18BD3A3EDAC334FC78E0] - 08/04/2003 - 11:30:48 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\WINDOWS\system32\Drivers\smsens.sys [3744]
O58 - SDL:[MD5.F1771926A47A18BD3A3EDAC334FC78E0] - 06/01/2014 - 02:02:58 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\WINDOWS\system32\Drivers\smsens.sys.bak [3744]
O58 - SDL:[MD5.5AC51DBA9B3A75D6CA79583EDBF23001] - 13/06/2003 - 16:13:16 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys [578752]
O58 - SDL:[MD5.5AC51DBA9B3A75D6CA79583EDBF23001] - 06/01/2014 - 02:02:58 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys.bak [578752]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/1747 - 20:43:41 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [691696]
O58 - SDL:[MD5.CDDDEC541BC3C96F91ECB48759673505] - 06/01/2014 - 02:02:58 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\WINDOWS\system32\Drivers\sptd.sys.bak [691696]
O58 - SDL:[MD5.6CC6C4B9D7B906A151AA094CA087B9F0] - 20/09/2012 - 04:35:36 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [83168]
O58 - SDL:[MD5.6CC6C4B9D7B906A151AA094CA087B9F0] - 06/01/2014 - 02:02:59 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys.bak [83168]
O58 - SDL:[MD5.359FEE084F1173FFFFD7F9CCBD43D47F] - 20/09/2012 - 04:35:36 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [181344]
O58 - SDL:[MD5.359FEE084F1173FFFFD7F9CCBD43D47F] - 06/01/2014 - 02:02:59 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys.bak [181344]
O58 - SDL:[MD5.D74ED4825E554148E8DD684E16D8D239] - 20/09/2012 - 04:35:36 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudserd.sys [181344]
O58 - SDL:[MD5.D74ED4825E554148E8DD684E16D8D239] - 06/01/2014 - 02:02:59 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudserd.sys.bak [181344]
O58 - SDL:[MD5.432D9D823C4C26B6070C41BAD4404CE4] - 22/08/2013 - 14:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\tap0901.sys [35288]
O58 - SDL:[MD5.432D9D823C4C26B6070C41BAD4404CE4] - 06/01/2014 - 02:03:00 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\tap0901.sys.bak [35288]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 23/07/2007 - 18:02:21 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 06/01/2014 - 02:03:02 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys.bak [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 02/10/2001 - 22:20:02 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/10/2001 - 22:20:09 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 02/10/2001 - 22:20:32 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 02/10/2001 - 22:20:38 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 02/10/2001 - 22:21:02 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/10/2001 - 22:21:02 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/10/2001 - 22:21:02 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/10/2001 - 22:21:02 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/10/2001 - 22:21:02 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 6 Legitimates Filtered in 00mn 02s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} - () - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {1F096B29-E9DA-4D64-8D63-936BE7762CC5} - () - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {4CA7A89B-B509-4CBF-AB97-6307132C0EF3} - () - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {4FC1B895-E129-4345-B101-CF4EF5EF80C8} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} - () - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (BittorrentBar_FR Customized Web Search) - http://www.google.com =>P2P.BitTorrent
O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} - () - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {D0196D2A-1578-4CC2-8692-9F617C64D184} - () - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - () - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\WINDOWS\Prefetch\KEYGEN.EXE-20163530.pf
C:\WINDOWS\Prefetch\KEYGEN.EXE-20163530.pf
D:\Logiciels\Activation Windows XP\ACTIVATION DEFINITIVE XP\CRACK ACTIVATION DEFINITIVE XP\Windows XP Keygen.exe
D:\Logiciels\Cinema 4D R13.016 iso + Keygen + Dorosse\Free_Rassam.rar
D:\Logiciels\Cinema 4D R13.016 iso + Keygen + Dorosse\Vray 1.2.6 C4D R12 & R13.Mr Pakora .rar
D:\Logiciels\Microsoft Office\EditPlus 3.41.966 + Keygen\EditPlus 3.41.966 + Keygen.rar
D:\Logiciels\Photoshop effect\FILTRE\All.AKVIS.Software.February.2011_KEYGEN-FFF.zip
D:\Logiciels\Photoshop effect\FILTRE\PortraiturePlugin.2006\PortraiturePlugin.2006\PortraiturePlugin 2006\keygen.exe
D:\Logiciels\UltraISO + keygen\daemon-tools_daemon_tools_4.35.6_francais_10729.exe
D:\Logiciels\UltraISO + keygen\UltraISO + keygen.rar
D:\RECYCLER\S-1-5-21-583907252-179605362-725345543-1003\Dd222.109\Patch & Keygen\dfx v10xx patch.exe
D:\RECYCLER\S-1-5-21-583907252-179605362-725345543-1003\Dd222.109\Patch & Keygen\keygen.exe
D:\RECYCLER\S-1-5-21-583907252-179605362-725345543-1003\Dd222.109\Patch & Keygen\zhonreturn.blogspot.com.url
~ Files: Scanned in 01mn 58s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.3E8ACEEBB6B5AB516C8BBE16F3C5DA4C] [SPRF][27/11/2009] (...) -- C:\Documents and Settings\Metagle\Bureau\arreter l'ordinateur.bat [16]
[MD5.066578C0ABF37BA7852727685476C37B] [SPRF][06/01/2014] (...) -- C:\Documents and Settings\Metagle\Bureau\RogueKiller.exe [3810304]
[MD5.DB74286295D0E5A2C01192D26C36FC12] [SPRF][05/01/2014] (.No owner - Powered by BetterInstaller.) -- C:\Documents and Settings\Metagle\Bureau\UnlockRoot_downloader_by_UnlockRoot.exe [163344] =>Adware.MegaSearch
[MD5.E0F009AD9087217A49927712A449EFE1] [SPRF][13/12/2006] (...) -- C:\Documents and Settings\Metagle\Bureau\Windows License Original.reg [2364]
~ Files: 7 Legitimates Filtered in 00mn 02s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "A574C93B7A77D6444B3208159E679D01" . (.USB to Serial Bridge Controller.) -- C:\WINDOWS\Installer\{B39C475A-77A7-446D-B423-8051E976D910}\ARPPRODUCTICON.exe
~ Update Products: 50 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 30/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 19/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 25/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 19/10/2007 186904 | (LVCOMSer) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
SS - | Disabled 19/10/2007 141848 | (LVSrvLauncher) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 19/10/2007 141848 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
SR - | Auto 25/10/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

~ Services: Scanned in 00mn 12s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Metagle at 06/01/2014 02:50:21

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89A1B1F8]<<
1 nt!IofCallDriver[0x804E37D5] >> \Device\Harddisk0\DR0[0x899E8AB8]
\Driver\atapi[0x89A57F38] >> IRP_MJ_CREATE >> 0x89A1B1F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi >> 0x89a1b1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !

~ MBR: 18 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Metagle at 06/01/2014 02:50:23

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/1747 - 20:43:41 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [691696]
O58 - SDL:[MD5.CDDDEC541BC3C96F91ECB48759673505] - 06/01/2014 - 02:02:58 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\WINDOWS\system32\Drivers\sptd.sys.bak [691696]
~ Emulateurs: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino] =>Adware.SecretSauce^
[HKLM\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld] =>P2P.BitTorrent^
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>P2P.µTorrent^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}] =>Adware.Facemoods
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}] =>Adware.Facemoods
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\facemoods.com] =>Adware.Facemoods
[HKLM\Software\facemoods.com] =>Adware.Facemoods
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\CrossriderApp0048260.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048260.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048260.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048260.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411821160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411821160}] =>PUP.CrossRider
C:\Documents and Settings\Metagle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino =>Adware.SecretSauce^
C:\Documents and Settings\Metagle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elhjaoldnkkbifioodjndkijecdeinld =>P2P.BitTorrent^
C:\Documents and Settings\Metagle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib =>P2P.µTorrent^
C:\Program Files\SecretSauce =>Adware.SecretSauce^
C:\Documents and Settings\Metagle\Local Settings\Application Data\ValueApps =>Toolbar.Conduit^
C:\Documents and Settings\All Users\Application Data\Conduit =>Toolbar.Conduit
C:\Documents and Settings\Metagle\Local Settings\Application Data\Conduit =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\softonic.com4] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\ValueApps] =>Toolbar.Conduit^
C:\Documents and Settings\Metagle\Bureau\UnlockRoot_downloader_by_UnlockRoot.exe =>Adware.MegaSearch^
~ Additionnel Scan: 198873 Items scanned in 00mn 35s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/37825424-adware-secretsauce =>Adware.SecretSauce
~ http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26764465-adware-facemoods =>Adware.Facemoods
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
~ MSI: 13 link(s) detected in 00mn 35s



~ 1261 Legitimates filtered by white list
End of the scan (617 lines in 06mn 27s)(13)

Publicité


Signaler le contenu de ce document

Publicité