cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.12.13 - Nicolas Coolman (12/01/2014)
~ Launched by Bouziane (14/01/2014 16:47:59)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476 (Defaut)
GCIE: Google Chrome v31.0.1650.63

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 2C9T3
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Microsoft Security Client v4.4.0304.0
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 ActiveX
Adobe Reader XI

---\\ Information on the system
~ Processor: AMD64 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1918 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 4 GB (9%) free of 37 GB

---\\ Connection to the system mode
~ Computer Name: BOUZIANE-PC
~ User Name: Bouziane
~ All Users Names: HomeGroupUser$, Guest, Bouziane, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Bouziane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Bouziane\AppData\Roaming\
~ %Desktop% : C:\Users\Bouziane\Desktop\
~ %Favorites% : C:\Users\Bouziane\Favorites\
~ %LocalAppData% : C:\Users\Bouziane\AppData\Local\
~ %StartMenu% : C:\Users\Bouziane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 4 Go of 37 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 9 Go of 12 Go)
H: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.26/11/2013 - 07:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 01:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 03:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/47
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/10
~ Mon Bureau (My Desktop) : 1/3759
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s



---\\ Process running
[MD5.13BDC29F0F44EDA16633981D281C666A] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136] [PID.3928]
[MD5.E49FE2FFF486B08D1ABAA9D3A62A4819] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168] [PID.3976]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.4060]
[MD5.214D0BA83F53D48AC6C9738798F5EBE5] - (.No owner - Viber.) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe [936456] [PID.3224]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.3824]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.4480]
[MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696] [PID.4468]
[MD5.CA4B8CE1BB551A0A89BC5BD16831D7FA] - (.Geza Kovacs - UNetbootin - Universal Netboot Installer -.) -- C:\Users\Bouziane\Downloads\Programs\unetbootin-windows-585.exe [5192704] [PID.1976]
[MD5.4C9D9C380E70FF2103E5C33EDF7599AD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8334336] [PID.3756]
[MD5.A51D90F2F9394F5EA0A3ACAE3BD2B219] - (.Igor Pavlov - 7-Zip Console.) -- C:\Users\Bouziane\AppData\Local\Temp\sevnz.exe [163840] [PID.4220]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1904]
[MD5.9F712B26EE3B0242DE997A42FD302E2C] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136] [PID.1500]
[MD5.1D283DD3AE2312EEE624E8B8C46F6ADB] - (...) -- c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe [729600] [PID.2060] =>Adware.SurfAndKeep
[MD5.119EDA9D849D4DE0F42A5BCF757D6CE0] - (.SafeIP - No Comment.) -- C:\Program Files (x86)\SafeIP\SafeIPs.exe [3860480] [PID.3016]
[MD5.5600DB8FA19CAA68EAC425CA37D2C921] - (...) -- C:\Program Files (x86)\tuEagles\eglsrv.exe [339336] [PID.4092]
[MD5.83A054402212C56716DFE4DB311A7781] - (...) -- C:\Program Files (x86)\tuEagles\img_reco.exe [1462648] [PID.1240]
~ Processes Running: Scanned in 00mn 00s



---\\ Opera, Plugins,Start,Search (P1,B0,B1)
B0 - SPO: operaprefs.ini [Bouziane] Home URL=http://www.yandex.ru/?win=107&clid=2060561
B1 - OSP: search.ini [Bouziane] URL=http://yandex.ru/yandsearch?win=107&clid=2060562&text=%s
~ Opera Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Bouziane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [acfoobbgoakpihljnfedbcfaipcdlfhk] Buenosearch Toolbar v.1.6.3 (Désactivé) =>PUP.BuenoSearch
G2 - GCE: Preference [User Data\Default] [akjbfncbadcmnkopckegnmjgihagponf] HD for YouTube v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [bijcilgmpgmllbihfhofoobmbjbbkenl] CS Portable v.1.3 (Activé)
G2 - GCE: Preference [User Data\Default] [jljheddigenhleadfofeccneimcmlefp] Speed Test 127 v.3.0.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [kfgpjgdjakbijoinbmgphglalgldhhok] Cliff Diving 3D v.1.3 (Activé)
G2 - GCE: Preference [User Data\Default] [loaciifbegkjbeddmolhfdmpmicbkadm] 3D Action Games v.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nplcackcabdefgfcombapmcdgoogkmmo] Aller moutons! v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [okehlnjpihomkdokiiafpejniofjaoom] Destroyer bombe 3D v.1.0.6 (Activé)
G2 - GCE: Preference [User Data\Default] [onhpbpcgnoglkojnigjlpjcblljfkakc] Where's My Water? v.1.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] uTorrentBar_FR v.10.22.3.518, (Désactivé) =>P2P.µTorrent
~ Google Browser: 25 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Bouziane\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
M3 - MFPP: Plugins - [Bouziane] -- C:\Users\Bouziane\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-193829.xml
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchguru.info
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects (O2)
O2 - BHO: ExstraeSavings [64Bits] - {72F003B6-A8CB-ECD0-D9E0-C4D9364FDDAD} . (...) -- C:\ProgramData\ExstraeSavings\7AbuAvpg.dll
O2 - BHO: (no name) [64Bits] - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} Orphan key
~ BHO: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{32099AAC-C132-4136-9E9A-4E364A424E17} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Driver Robot.lnk . (...) -- C:\Program Files (x86)\Driver Robot\2.5.4.2\DriverRobot.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Bouziane]: Cisco Packet Tracer.lnk . (...) -- C:\Program Files (x86)\Cisco Packet Tracer 6.0.1\bin\PacketTracer6.exe
O4 - GS\QuickLaunch [Bouziane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Bouziane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bouziane]: SafeIP.lnk . (...) -- C:\Program Files (x86)\SafeIP\SafeIP.exe (.not file.)
O4 - GS\QuickLaunch [Bouziane]: Viber.lnk . (...) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [Bouziane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Bouziane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Bouziane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Bouziane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Bouziane]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Bouziane]: Viber.lnk . (...) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe
O4 - GS\Program [Bouziane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Bouziane]: Viber.lnk . (...) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Bouziane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Bouziane]: Cisco Packet Tracer.lnk . (...) -- C:\Program Files (x86)\Cisco Packet Tracer 6.0.1\bin\PacketTracer6.exe
O4 - GS\Desktop [Bouziane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Bouziane]: Run Anti-Porn.lnk . (...) -- C:\Windows\NFCHS.exe
O4 - GS\Desktop [Bouziane]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\Desktop [Bouziane]: Unіnstall Tool.lnk . (.CrystalIDEA Software - Uninstall Tool.) -- C:\Program Files\Uninstall Tool\UninstallTool.exe
O4 - GS\Desktop [Bouziane]: Viber.lnk . (...) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe
O4 - GS\Desktop [Bouziane]: Zuma's Revenge!.lnk . (.PopCap Games, Inc. - Zuma's Revenge!.) -- C:\Program Files (x86)\Zuma's Revenge!\ZumasRevenge.exe =>Adware.PopCap
~ Global Startup: 69 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Bouziane\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKCU\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1754156593-2969352025-564603777-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1754156593-2969352025-564603777-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1754156593-2969352025-564603777-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Bouziane\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKUS\S-1-5-21-1754156593-2969352025-564603777-1000\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\Bouziane\AppData\Local\Viber\Viber.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- Orphan key
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF8091E4-EDA9-4C95-AD78-9E5F0E5EE200}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{AF8091E4-EDA9-4C95-AD78-9E5F0E5EE200}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{AF8091E4-EDA9-4C95-AD78-9E5F0E5EE200}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: tuEagles Service (tuEaglesService) . (...) - C:\Program Files (x86)\tuEagles\eglsrv.exe
~ Services: 7 Legitimates Filtered in 00mn 04s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SK.Enhancer-S-161304646.job [454] =>Adware.SurfAndKeep
[MD5.1D283DD3AE2312EEE624E8B8C46F6ADB] [APT] [SK.Enhancer-S-161304646] (...) -- c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe [729600] =>Adware.SurfAndKeep
~ Scheduled Task: 14 Legitimates Filtered in 00mn 02s



---\\ Software installed (O42)
O42 - Logiciel: ExstraeSavings - (.ExstraiSaViinagss.) [HKLM][64Bits] -- {C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
O42 - Logiciel: SK.Enhancer - (...) [HKLM][64Bits] -- S-161304646 =>Adware.SurfAndKeep
~ Logic: 27 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\LiveSupport]
[HKCU\Software\SafeIP]
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKCU\Software\Yandex]
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SK.Enhancer] =>Adware.SurfAndKeep
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Tencent] =>Adware.TencentAddressBar
~ Key Software: 218 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 13/01/2014 - 19:24:33 - [0] ----D C:\Program Files (x86)\Babylon =>PUP.Babylon
O43 - CFD: 09/12/2013 - 14:42:25 - [0,892] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 13/01/2014 - 20:31:01 - [0,015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 26/12/2013 - 14:05:52 - [3,682] ----D C:\Program Files (x86)\SafeIP
O43 - CFD: 13/01/2014 - 23:05:34 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 13/01/2014 - 23:05:33 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 13/01/2014 - 23:05:34 - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 13/01/2014 - 22:36:27 - [0,104] ----D C:\ProgramData\c1ebcab18c4cd5cb
O43 - CFD: 09/12/2013 - 14:41:50 - [1,637] ----D C:\ProgramData\Conduit
O43 - CFD: 13/01/2014 - 22:05:27 - [0] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 14/01/2014 - 10:26:05 - [0] ----D C:\ProgramData\DDiiscOuntExetenSi
O43 - CFD: 01/01/2014 - 12:03:20 - [1,338] ----D C:\ProgramData\ExstraeSavings
O43 - CFD: 01/01/2014 - 12:03:44 - [0,007] ----D C:\ProgramData\ffihocndakpiacgnijbaphibbcebjbig
O43 - CFD: 07/12/2013 - 17:39:26 - [2,239] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 08/12/2013 - 12:47:50 - [0] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
O43 - CFD: 08/12/2013 - 12:47:50 - [0] ----D C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 14/01/2014 - 14:08:53 - [1,228] ----D C:\Users\Bouziane\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 07/12/2013 - 16:18:39 - [0,011] ----D C:\Users\Bouziane\AppData\Roaming\Peace Craft
O43 - CFD: 13/01/2014 - 19:34:50 - [1,132] ----D C:\Users\Bouziane\AppData\Roaming\speedtest4354
O43 - CFD: 13/01/2014 - 22:38:39 - [0] ----D C:\Users\Bouziane\AppData\Roaming\Tencent =>Adware.TencentAddressBar
O43 - CFD: 13/01/2014 - 22:37:31 - [0] ----D C:\Users\Bouziane\AppData\Roaming\Yandex
O43 - CFD: 09/12/2013 - 18:24:35 - [2,824] ----D C:\Users\Bouziane\AppData\Local\Conduit
O43 - CFD: 19/12/2013 - 23:11:16 - [1,224] ----D C:\Users\Bouziane\AppData\Local\genienext
O43 - CFD: 09/12/2013 - 14:43:04 - [0,185] ----D C:\Users\Bouziane\AppData\Local\WhiteListing
O43 - CFD: 13/01/2014 - 19:53:29 - [9,955] ----D C:\Users\Bouziane\AppData\Local\Yandex
O43 - CFD: 14/01/2014 - 12:00:33 - [0,005] ----D C:\Users\Bouziane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 162 Legitimates Filtered in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.52E8A46E1C7DBCAF4E53FB12C0DFB34D] - 06/01/2014 - 15:55:55 ---A- . (...) -- C:\Windows\DPINST.LOG [334738]
O44 - LFC:[MD5.2A48B93FF373D181B5CE4F576B60CA1A] - 07/01/2014 - 13:47:02 ---A- . (...) -- C:\Windows\msxml4-KB954430-enu.LOG [288050]
O44 - LFC:[MD5.7E4CED701044C613DAECEE3E6698963F] - 07/01/2014 - 13:47:09 ---A- . (...) -- C:\Windows\msxml4-KB973688-enu.LOG [283092]
O44 - LFC:[MD5.C4226D9022C4870ED4A4A50C3DBC889D] - 13/01/2014 - 22:24:29 ---A- . (...) -- C:\Windows\Zuma's Revenge! Setup Log.txt [83953]
O44 - LFC:[MD5.EE0DF911EA295B3A2A199EFD10C11393] - 13/01/2014 - 22:38:38 ---A- . (...) -- C:\Windows\QQPlayer.INI [30]
O44 - LFC:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 14/01/2014 - 12:00:37 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/01/2014 - 12:01:08 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.7C8F3D7CFC2B0CE9AE00C4658406EFBD] - 14/01/2014 - 13:56:22 ---A- . (...) -- C:\Windows\Retafte.bmp [9522]
O44 - LFC:[MD5.20F0853195A7DF29A3131FF6B541EFBF] - 14/01/2014 - 14:08:13 ---A- . (...) -- C:\Windows\NFCHS.exe [123320]
~ Files: 25 Legitimates Filtered in 00mn 02s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{927e4ec9-68e7-11e3-b178-001cc490f3bf}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 01mn 10s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 22/06/2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.929DF302F15BFE24AC66EF45D858C413] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [175480]
O58 - SDL:[MD5.DE7FCC77F4A503AF4CA6A47D49B3713D] - 01/03/2013 - 01:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:[MD5.37D91C6385BB1104D67925FC43800ED0] - 27/03/2007 - 18:18:58 ---A- . (.No owner - PC Camera driver.) -- C:\Windows\System32\Drivers\snpstd3.sys [10550272]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/04/1747 - 05:25:09 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.FD251614B74FB381FF4B5B018495CDB6] - 07/11/2005 - 18:40:06 ---A- . (.No owner - PC Camera driver.) -- C:\Windows\SysWOW64\drivers\snpstd3.sys [788480]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 02/03/2011 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
~ Legacy: 74 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 16035F1B52E147A8A82F3A69399F5209 - (DAEMON Search) - http://www.daemon-search.com
O69 - SBI: SearchScopes [HKCU] 53A1A66005AB160B14BB5CBF2A55324B [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Yandex) - http://yandex.ru
O69 - SBI: SearchScopes [HKCU] {0BDCC370-E6D0-4648-B411-6E252725F56B} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Bueno Search) - http://www.buenosearch.com =>PUP.BuenoSearch
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.searchguru.info
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.2F5252E50745E47DB355B005725DAE05] [SPRF][19/12/2013] (.Somoto Ltd. - AppsHat Mobile Apps.) -- C:\Users\Bouziane\AppData\Local\Temp\appshat-distribution.exe [327880] =>Adware.MegaSearch
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][13/01/2014] (...) -- C:\Users\Bouziane\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/01/1601] (...) -- C:\Users\Bouziane\AppData\Local\Temp\BundleSweetIMSetup.exe [9] =>PUP.SweetIM
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/01/1601] (...) -- C:\Users\Bouziane\AppData\Local\Temp\Delta.exe [9]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/01/1601] (...) -- C:\Users\Bouziane\AppData\Local\Temp\DeltaTB.exe [9] =>Toolbar.DeltaSearch
[MD5.2DB37E59AEDE4276E45B3D1C383B6D0F] [SPRF][28/11/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\DETemp384Gd78Sjke78Jks75.dat [14313748]
[MD5.B4F4F49CF51187C8D8C6771BE362653F] [SPRF][20/11/2012] (.Conduit - No Comment.) -- C:\Users\Bouziane\AppData\Local\Temp\dlLogic.exe [203704] =>Toolbar.Conduit
[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (...) -- C:\Users\Bouziane\AppData\Local\Temp\ESGScanner.sys [22704]
[MD5.48967067AAB17A4D17023FA42B1F7F4D] [SPRF][24/10/2013] (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\Bouziane\AppData\Local\Temp\GCVerifier.dll [287520] =>Toolbar.Conduit
[MD5.BF8FF3E27CF48D69ED558AD0980E5652] [SPRF][27/12/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\install_helper.exe [903680]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/01/1601] (...) -- C:\Users\Bouziane\AppData\Local\Temp\MybabylonTB.exe [11] =>PUP.Babylon
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][06/01/2014] (...) -- C:\Users\Bouziane\AppData\Local\Temp\NOSEventMessages.dll [1536]
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][01/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\Bouziane\AppData\Local\Temp\nsa8457.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][01/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\Bouziane\AppData\Local\Temp\nsaEAC5.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][01/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\Bouziane\AppData\Local\Temp\nsfB321.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][01/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\Bouziane\AppData\Local\Temp\nsfE567.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][01/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\Bouziane\AppData\Local\Temp\nsl7F67.exe [167812] =>Toolbar.Conduit
[MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [SPRF][14/01/2014] (...) -- C:\Users\Bouziane\AppData\Local\Temp\SHSetup.exe [46777424] =>Crapware.SpyHunter
[MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [SPRF][02/01/2014] (.Conduit - Search Protect by conduit.) -- C:\Users\Bouziane\AppData\Local\Temp\spstub.exe [66368] =>Toolbar.Conduit
[MD5.975993043E355206A1FBA5A702044F0C] [SPRF][06/11/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Bouziane\AppData\Local\Temp\tbuTor.dll [5178144] =>Toolbar.Conduit
[MD5.EF7D1863F4980AB0C8BDA142FEE67F92] [SPRF][19/12/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\Bouziane\AppData\Local\Temp\UpdateCheckerSetup.exe [200072] =>Adware.MegaSearch
[MD5.80181864032DDC1EBC475C79FCC8D77B] [SPRF][15/12/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\utt19C9.tmp.bat [104]
[MD5.B7AAE01AE7F5F133B04DB19CAD634FCF] [SPRF][09/12/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\utt1D26.tmp.exe [9720320]
[MD5.B7AAE01AE7F5F133B04DB19CAD634FCF] [SPRF][09/12/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\utt5C37.tmp.exe [9720320]
[MD5.C82AB54C276A1734876D911EC622A7C2] [SPRF][09/12/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\utt737A.tmp.bat [53]
[MD5.B7AAE01AE7F5F133B04DB19CAD634FCF] [SPRF][09/12/2013] (...) -- C:\Users\Bouziane\AppData\Local\Temp\utt9946.tmp.exe [9720320]
[MD5.86F98BA4F4DD2317F660E13F12708459] [SPRF][26/12/2013] (.No owner - custominstaller.) -- C:\Users\Bouziane\AppData\Local\Temp\verifier.exe [143448]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/01/1601] (...) -- C:\Users\Bouziane\AppData\Local\Temp\WSSetup.exe [9]
[MD5.BE2C836BECF428440D5AA56A8177E88A] [SPRF][01/01/2014] (...) -- C:\Users\Bouziane\Desktop\bat.bat [11]
[MD5.C68E186D2F1C55556F07C83870AE07F7] [SPRF][01/05/2010] (.No owner - Setup Application.) -- C:\Users\Bouziane\Desktop\Zuma's Revenge!.exe [99969166]
~ Files: 39 Legitimates Filtered in 00mn 05s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{83F0C803-063A-4953-A24C-7457A7C2D080}C:\games\tom.clancys.splinter.cell.double.agent-kaos\scda-offline\system\splintercell4.exe" |In - Private - P6 - TRUE | .(...) -- C:\games\tom.clancys.splinter.cell.double.agent-kaos\scda-offline\system\splintercell4.exe (.not file.)
O87 - FAEL: "UDP Query User{ED663355-8EB5-409D-B3EA-B11709C368D0}C:\games\tom.clancys.splinter.cell.double.agent-kaos\scda-offline\system\splintercell4.exe" |In - Private - P17 - TRUE | .(...) -- C:\games\tom.clancys.splinter.cell.double.agent-kaos\scda-offline\system\splintercell4.exe (.not file.)
~ Firewall: 209 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 06/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/03/2008 851456 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 28/06/2013 3860480 | (SafeIPS) . (.SafeIP.) - C:\Program Files (x86)\SafeIP\SafeIPs.exe
SR - | Auto 09/10/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 18/10/2013 1025408 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 14/01/2014 339336 | (tuEaglesService) . (...) - C:\Program Files (x86)\tuEagles\eglsrv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 20s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Bouziane at 14/01/2014 16:50:28
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Bouziane at 14/01/2014 16:50:30

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/04/1747 - 05:25:09 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13022 - (12/01/2014)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 20
Fichiers trouvés (Files found) : 35

[HKLM\Software\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk] =>PUP.BuenoSearch^
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>P2P.µTorrent^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-161304646] =>Adware.SurfAndKeep^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Zuma's Revenge!1.0] =>Adware.PopCap
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\BabylonHelper.EXE] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NextLive =>PUP.NextLive^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
C:\Users\Bouziane\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk =>PUP.BuenoSearch^
C:\Users\Bouziane\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib =>P2P.µTorrent^
C:\Program Files (x86)\Babylon =>PUP.Babylon^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\BrowserProtect =>Hijacker.Eazel^
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\SearchNewTab =>Adware.FastSaveApp^
C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug^
C:\Users\Bouziane\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\Bouziane\AppData\Roaming\Tencent =>Adware.TencentAddressBar^
C:\Users\Bouziane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files (x86)\Zuma's Revenge! =>Adware.PopCap
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\ProgramData\Conduit =>Toolbar.Conduit
C:\Users\Bouziane\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Bouziane\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Bouziane\AppData\LocalLow\PriceGong =>Adware.PriceGong
c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe =>Adware.SurfAndKeep^
C:\Windows\Tasks\SK.Enhancer-S-161304646.job =>Adware.SurfAndKeep^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\SK.Enhancer] =>Adware.SurfAndKeep^
[HKLM\Software\Wow6432Node\Tencent] =>Adware.TencentAddressBar^
C:\Users\Bouziane\AppData\Local\Temp\appshat-distribution.exe =>Adware.MegaSearch^
C:\Users\Bouziane\AppData\Local\Temp\BundleSweetIMSetup.exe =>PUP.SweetIM^
C:\Users\Bouziane\AppData\Local\Temp\DeltaTB.exe =>Toolbar.DeltaSearch^
C:\Users\Bouziane\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\GCVerifier.dll =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\MybabylonTB.exe =>PUP.Babylon^
C:\Users\Bouziane\AppData\Local\Temp\nsa8457.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\nsaEAC5.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\nsfB321.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\nsfE567.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\nsl7F67.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^
C:\Users\Bouziane\AppData\Local\Temp\spstub.exe =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\tbuTor.dll =>Toolbar.Conduit^
C:\Users\Bouziane\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch^
C:\Users\Bouziane\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 219664 Items scanned in 00mn 27s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep
~ http://nicolascoolman.webs.com/apps/blog/show/34153565-pup-buenosearch =>PUP.BuenoSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap =>Adware.PopCap
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27668065-adware-tencentaddressbar =>Adware.TencentAddressBar
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26801402-adware-fastsaveapp =>Adware.FastSaveApp
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26630554-spyware-soft2pc =>Spyware.Soft2PC
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
~ MSI: 25 link(s) detected in 00mn 27s



~ 998 Legitimates filtered by white list
End of the scan (646 lines in 03mn 00s)(0)

Publicité


Signaler le contenu de ce document

Publicité