cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.10.8 - Nicolas Coolman (10/01/2014)
~ Launched by Hp (18/01/2014 14:17:23)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control :


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16750 (Defaut)
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v31.0.1650.63
OPIE: Opera v12.16

---\\ Windows product information
~ Langage: Anglais
Windows 8 Pro, 32-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel
~ Windows Partial Key : J8CK4
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Kaspersky Internet Security 2013 v13.0.1.4190
Malwarebytes Anti-Malware النسخة 1.75.0.1300
Secunia PSI
ESET Online Scanner v3
Windows Defender W8

---\\ System optimization software
CCleaner v4.00 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 23 GB (19%) free of 116 GB

---\\ Connection to the system mode
~ Computer Name: HSN
~ User Name: Hp
~ All Users Names: Hp, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Hassan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Hassan\AppData\Roaming\
~ %Desktop% : C:\Users\Hassan\Desktop\
~ %Favorites% : C:\Users\Hassan\Favorites\
~ %LocalAppData% : C:\Users\Hassan\AppData\Local\
~ %StartMenu% : C:\Users\Hassan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 23 Go of 116 Go)
D: Hard drive, Flash drive, Thumb drive (Free 98 Go of 117 Go)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 10:24:46.) -- C:\Windows\Explorer.exe [2106176]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 03:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.3AA6FD9B534F17CBD5D311DDC077973C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 04:45:11.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.87DA6ACA9AF2F536C68471787D1B3F4A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 05:08:28.) -- C:\Windows\System32\Winlogon.exe [411648]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 03:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.F12EFEE4DD20519D0DDF8D78704EE4DE] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 03:50:41.) -- C:\Windows\system32\Drivers\AFD.sys [438272]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 03:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 02:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 02:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.B21FDAC50FCD4CE53C203F097273532A] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 02:34:25.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.4A219AB84D6936C2A61FF44D32EF378D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 05:29:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 02:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 02:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.5FAC7AC77D9ADD42579EDF678F08DF9F] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 22:30:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 02:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.99C73E3FE9B36275BD91D2009F2BA2E0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 09:53:24.) -- C:\Windows\system32\Drivers\ntfs.sys [1614568]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 02:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 02:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 02:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 04:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.C9C8573006D7A8391AFE35D99036B6A0] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 09:41:30.) -- C:\Windows\system32\Drivers\volsnap.sys [281344]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/360
~ Mes musiques (My Musics) : 1/84
~ Mes Videos (My Videos) : 2/96
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/968
~ Mon Bureau (My Desktop) : 2/1262
~ Menu demarrer (Programs) : 1/57
~ Hidden Files: Scanned in 00mn 03s



---\\ Process running
[MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [53760] [PID.2448]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.4264]
[MD5.EFBF084E2E3034AD1D2C699719ECD4B5] - (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe [766656] [PID.2576]
[MD5.D8E110B442E6F06553C0ABAC894F6A09] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe [107888] [PID.2072]
[MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.6028]
[MD5.3F98B594E5404311D464769733DF5125] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [658632] [PID.3756]
[MD5.CDB517386A26AE420CB24BDB3CD88779] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448] [PID.3532]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3188]
[MD5.96B3C4E20F02CA16AA1E3E425BFFCC8B] - (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe [648072] [PID.5248]
[MD5.F645990AEEBD0A3C596F0D5FE460A810] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3821136] [PID.2120]
[MD5.5C6F4D911C53D15A67FE8B57BA4760DE] - (.Daum Communications Corp. - DaumStation.) -- C:\Program Files\Daum\DaumStation\DaumStation.exe [1259888] [PID.4884]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.1824]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\Hassan\AppData\Local\Google\Chrome\Application\chrome.exe [863184] [PID.2936]
[MD5.29A4611EE6F24AF1EB4014088A1911C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8323072] [PID.2288]
~ Processes Running: Scanned in 00mn 02s



---\\ Opera, Plugins,Start,Search (P1,B0,B1)
B0 - SPO: operaprefs.ini [Hp] Home URL=http://search.softonic.com/INF00176/tb_v1?SearchSource=10&cc=&mi=a4460ce8000000000000001b784d022e&toi=16021 =>Toolbar.Conduit
B1 - OSP: search.ini [Hp] URL=http://www.yandex.ru/yandsearch?clid=9582&text=%s
B1 - OSP: search.ini [Hp] URL=http://dts.search.ask.com/sr?src=opb&gct=ds&appid=210&systemid=406&v=n8708-71&apn_uid=0430419728574839&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q=%s
B1 - OSP: search.ini [Hp] URL=http://search.softonic.com/INF00176/tb_v1?mi=a4460ce8000000000000001b784d022e&toi=16021&q=%s =>Toolbar.Conduit
~ Opera Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Hassan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
M3 - MFPP: Plugins - [Hp] -- C:\Users\Hassan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\VenteeRo.xml
M0 - MFSP: prefs.js [Hp - nahd6ha2.default] http://www.arabyonline.com
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects (O2)
O2 - BHO: maucampo - {5d7d4fb9-aca5-4013-8879-c58dcd4df9f1} . (.maucampo - maucampo.) -- C:\Program Files\maucampo\maucampobho.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Deluge.lnk . (...) -- C:\Program Files\Deluge\deluge.exe
O4 - GS\Desktop [Public]: Face Off Max.lnk . (.CoolwareMax.com - Face Off Max.) -- C:\Program Files\FaceOffMax\FaceOffMax.exe
O4 - GS\Desktop [Public]: iFunbox.lnk . (.i-Funbox.com - File & App Manager for iPhone/iPad.) -- C:\Program Files\i-Funbox DevTeam\iFunBox.exe
O4 - GS\Desktop [Public]: Kaspersky Internet Security 2013.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus Launcher.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.) -- C:\Program Files\PowerISO\PowerISO.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\opera.exe
~ Global Startup: 35 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - GS\Startup [Public]: Snagit 11.lnk . (.TechSmith Corporation - Snagit.) -- C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
O4 - GS\Startup [Public]: Telsey 802.11g Wireless Utility.lnk . (.TELSEY - TELSEY CONFIGURATION UTILITY.) -- C:\Program Files\Telsey SPA\Telsey 802.11g Wireless Utility\wlanstat.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [mobilegeni daemon] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [DaumStation] . (.Daum Communications Corp. - DaumStation.) -- C:\Program Files\Daum\DaumStation\DaumStation.exe
O4 - HKCU\..\Run: [DaumCleaner] . (.Daum Communications Corp. - Daum Cleaner.) -- C:\Program Files\Daum\Cleaner\DaumCleaner.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-1321096742-14338931-3665318461-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1321096742-14338931-3665318461-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-1321096742-14338931-3665318461-1001\..\Run: [DaumStation] . (.Daum Communications Corp. - DaumStation.) -- C:\Program Files\Daum\DaumStation\DaumStation.exe
O4 - HKUS\S-1-5-21-1321096742-14338931-3665318461-1001\..\Run: [DaumCleaner] . (.Daum Communications Corp. - Daum Cleaner.) -- C:\Program Files\Daum\Cleaner\DaumCleaner.exe
O4 - HKUS\S-1-5-21-1321096742-14338931-3665318461-1001\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Synchronisation des favoris ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{723366A8-73EA-4533-9D84-73E7B2B33F87}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{97F685B4-337D-4553-8E22-B3723192BA18}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{723366A8-73EA-4533-9D84-73E7B2B33F87}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{97F685B4-337D-4553-8E22-B3723192BA18}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Files Temporary Shim.) -- C:\Windows\System32\cscdll.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: IAM Silverstone Modem Device Helper (IAM Silverstone Modem Device Helper) . (...) - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe (.not file.)
O23 - Service: MgAssist Service (MgAssistService) . (...) - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Modem HDM EC156. OUC (Modem HDM EC156. RunOuc) . (...) - C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe
O23 - Service: Update maucampo (Update maucampo) . (...) - C:\Program Files\maucampo\updatemaucampo.exe
O23 - Service: Util maucampo (Util maucampo) . (...) - C:\Program Files\maucampo\bin\utilmaucampo.exe
~ Services: 16 Legitimates Filtered in 00mn 14s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [352] =>PUP.Software.Updater
[MD5.00000000000000000000000000000000] [APT] [AmiUpdXp] (...) -- C:\Users\Hp\AppData\Local\SwvUpdater\Updater.exe (.not file.) [0] =>PUP.Software.Updater
~ Scheduled Task: 11 Legitimates Filtered in 00mn 03s



---\\ Software installed (O42)
O42 - Logiciel: ARHome - (.NoVooIT.) [HKCU] -- ARHome
O42 - Logiciel: Asistente de Configuraciَn - (...) [HKLM] -- KitAim20AmperBHS
O42 - Logiciel: Face Off Max - (...) [HKLM] -- FaceOffMax
O42 - Logiciel: Free FLV to 3GP Converter - (...) [HKLM] -- Free FLV to 3GP Converter_is1
O42 - Logiciel: LG 2-3G Tool v2.4 build 010F - (.z3x-team.) [HKLM] -- LG 2-3G Tool_is1
O42 - Logiciel: ROCKEY200 Driver (Remove only) - (...) [HKLM] -- B3DE3DBF-7F64-47b5-B25B-9842D2B1A045_Rockey200std
O42 - Logiciel: Yandex - (.ООО "ЯНДЕКС".) [HKCU] -- YandexBrowser
O42 - Logiciel: la Conexiَn a TELE2 ADSL - (.Comunitel Global, S.A..) [HKLM] -- la Conexiَn a TELE2 ADSL
O42 - Logiciel: maucampo - (.maucampo.) [HKLM] -- maucampo
O42 - Logiciel: mobileEx - (.Alim Hape.) [HKLM] -- mobileEx
~ Logic: 39 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AEK_KM2004@Yahoo.fr]
[HKCU\Software\NoVooITSet]
[HKCU\Software\OpenSub]
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\Teiron]
[HKCU\Software\Telsey]
[HKCU\Software\Virtual]
[HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera
[HKCU\Software\Yandex]
[HKCU\Software\maucampo]
[HKCU\Software\mobileEx]
[HKLM\Software\FMD]
[HKLM\Software\FTDriver]
[HKLM\Software\TELE2]
[HKLM\Software\Telsey SPA]
[HKLM\Software\Telsey]
[HKLM\Software\ValueApps] =>Toolbar.Conduit
[HKLM\Software\dreAd]
~ Key Software: 381 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 09/01/2014 - 21:58:11 - [2,376] ----D C:\Program Files\maucampo
O43 - CFD: 09/01/2014 - 22:32:15 - [0] ----D C:\Program Files\PPضْتض
O43 - CFD: 21/08/2013 - 13:44:28 - [0,151] ----D C:\Program Files\TELE2
O43 - CFD: 21/08/2013 - 13:42:31 - [2,474] ----D C:\Program Files\Telsey SPA
O43 - CFD: 29/10/2013 - 13:47:12 - [0,154] ----D C:\Program Files\winhotspot
O43 - CFD: 05/01/2014 - 10:01:26 - [0,001] --H-D C:\Program Files\Common Files\SarasSoft
O43 - CFD: 18/01/2014 - 14:18:02 - [4,066] ----D C:\Users\Hassan\AppData\Roaming\ARHome
O43 - CFD: 18/01/2014 - 14:01:56 - [0,004] ----D C:\Users\Hassan\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 09/01/2014 - 22:07:30 - [0] ----D C:\Users\Hassan\AppData\Roaming\PotPlayer
O43 - CFD: 04/04/2013 - 15:36:56 - [0] ----D C:\Users\Hassan\AppData\Roaming\Yandex
O43 - CFD: 18/01/2014 - 14:00:58 - [0] ----D C:\Users\Hassan\AppData\Local\genienext
O43 - CFD: 09/01/2014 - 22:08:01 - [0,281] ----D C:\Users\Hassan\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 04/04/2013 - 15:30:50 - [0,077] ----D C:\Users\Hassan\AppData\Local\Xpom
O43 - CFD: 04/04/2013 - 15:36:47 - [244,138] ----D C:\Users\Hassan\AppData\Local\Yandex
O43 - CFD: 30/07/2013 - 14:27:24 - [0] ----D C:\Users\Hassan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROCKEY200 Driver
O43 - CFD: 21/08/2013 - 13:44:28 - [0] ----D C:\Users\Hassan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TELE2
O43 - CFD: 04/04/2013 - 15:33:06 - [0,005] ----D C:\Users\Hassan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
~ 3 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 255 Legitimates Filtered in 00mn 48s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.DD0B3DD89FC2840A6BC00E7A68EBA40E] - 05/01/2014 - 10:01:25 ---A- . (...) -- C:\Windows\DPINST.LOG [6252]
O44 - LFC:[MD5.C48B27B81E3002C34CB1DF424E43D695] - 05/01/2014 - 10:17:28 ----- . (...) -- C:\UsbFix [Scan 4] HSN.txt [6664]
O44 - LFC:[MD5.7BD4674627BAE139F74322C8105661A7] - 09/01/2014 - 21:44:48 ----- . (...) -- C:\UsbFix [Scan 5] HSN.txt [7115]
O44 - LFC:[MD5.CA8DBCEC633A319D8367659B098442A0] - 09/01/2014 - 21:46:05 ---A- . (...) -- C:\UsbFix [Clean 6] HSN.txt [8117]
O44 - LFC:[MD5.28DA8A8FF11DBD48D5AE84A70EF16977] - 09/01/2014 - 22:00:59 ---A- . (...) -- C:\Windows\msxml4-KB2758694-enu.LOG [262392]
O44 - LFC:[MD5.F26E4C3005965F7AB21DAC95B47489B4] - 18/01/2014 - 14:02:06 ---A- . (.No owner - USB Smart Card Driver.) -- C:\Windows\System32\Drivers\eps2kt1.sys.bak [31744]
O44 - LFC:[MD5.68B57D7C11277EA89F78255480376B4D] - 18/01/2014 - 14:02:42 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_x86.sys.bak [16024]
O44 - LFC:[MD5.96FCED4CC0A1CCE9198CCD3243E098CA] - 18/01/2014 - 14:02:51 ---A- . (.OEM - This is used by SCR 2000 Readers.) -- C:\Windows\System32\Drivers\smccard.sys.bak [14592]
O44 - LFC:[MD5.CC17B7A7C4DD72BE2B10DAF254147A2B] - 18/01/2014 - 14:02:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [26352]
O44 - LFC:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 18/01/2014 - 14:03:02 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys.bak [45056]
~ Files: 430 Legitimates Filtered in 00mn 32s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKCU\...\Policies\System] - "NoConfigPage"=0
O55 - MWPS:[HKCU\...\Policies\System] - "NoDevMgrPage"=0
O55 - MWPS:[HKCU\...\Policies\System] - "NoFileSysPage"=0
O55 - MWPS:[HKCU\...\Policies\System] - "NoVirtMemPage"=0
~ MWPS: 5 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.4EE8678C85DC237FFDE695AB357F5477] - 09/01/2014 - 21:50:00 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\AlcatelUsb.sys.bak [19968]
O58 - SDL:[MD5.F26E4C3005965F7AB21DAC95B47489B4] - 30/07/2013 - 14:27:24 ---A- . (.No owner - USB Smart Card Driver.) -- C:\Windows\System32\Drivers\eps2kt1.sys [31744]
O58 - SDL:[MD5.F26E4C3005965F7AB21DAC95B47489B4] - 18/01/2014 - 14:02:06 ---A- . (.No owner - USB Smart Card Driver.) -- C:\Windows\System32\Drivers\eps2kt1.sys.bak [31744]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 08/10/2010 - 08:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 18/01/2014 - 14:02:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys.bak [25856]
O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 18/01/2014 - 14:02:15 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys.bak [108000]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 05/08/2010 - 23:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 18/01/2014 - 14:02:22 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys.bak [861696]
O58 - SDL:[MD5.68B57D7C11277EA89F78255480376B4D] - 06/12/2013 - 14:47:12 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_x86.sys [16024]
O58 - SDL:[MD5.68B57D7C11277EA89F78255480376B4D] - 18/01/2014 - 14:02:42 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_x86.sys.bak [16024]
O58 - SDL:[MD5.96FCED4CC0A1CCE9198CCD3243E098CA] - 30/07/2013 - 14:27:24 ---A- . (.OEM - This is used by SCR 2000 Readers.) -- C:\Windows\System32\Drivers\smccard.sys [14592]
O58 - SDL:[MD5.96FCED4CC0A1CCE9198CCD3243E098CA] - 18/01/2014 - 14:02:51 ---A- . (.OEM - This is used by SCR 2000 Readers.) -- C:\Windows\System32\Drivers\smccard.sys.bak [14592]
O58 - SDL:[MD5.D720E872772D004E304FCE0CE54E1F8A] - 09/01/2014 - 21:48:20 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys.bak [84248]
O58 - SDL:[MD5.A1CC726323FB41FFD29F436A77237E41] - 09/01/2014 - 21:48:21 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys.bak [182680]
O58 - SDL:[MD5.F4BE1C58B05BEA30A9A60D4398EB0058] - 09/01/2014 - 21:48:21 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile OBEX Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudobex.sys.bak [182680]
O58 - SDL:[MD5.CC17B7A7C4DD72BE2B10DAF254147A2B] - 26/07/2012 - 03:42:15 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26352]
O58 - SDL:[MD5.CC17B7A7C4DD72BE2B10DAF254147A2B] - 18/01/2014 - 14:02:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [26352]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 18/01/2014 - 14:03:02 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys.bak [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 25/07/2012 - 22:52:52 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 25/07/2012 - 22:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.CB4EE86C87F4C03FAC7E14F30D57153E] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:[MD5.30A64B24DABF0483DDF6759D4F58A180] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:[MD5.112BFAEA0B8AD1AAB4484BBBE1DA9B40] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.BE6FE759FC5B154243914AA330BAADE6] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:[MD5.37BA9F0CB578362516C64344ECEC8ADC] - 25/07/2012 - 22:52:51 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
O58 - SDL:[MD5.846FE8CBB31ECB1E8333FF395BAF5D5F] - 01/07/2013 - 10:25:04 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [15576]
O58 - SDL:[MD5.3EB52E853F2F74178AC0034CA0719FB1] - 01/07/2013 - 10:25:02 ----- . (...) -- C:\Windows\System32\pwdspio.sys [10200]
~ Drivers: 5 Legitimates Filtered in 00mn 03s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3A40E547-20FD-44a2-94D0-1C98342D1507} - (Daum) - http://search.daum.net
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} [DefaultScope] - (VenteeRo) - http://www.arabyonline.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\Hassan\Downloads\Compressed\Connectify 6 Keygen _By_عاشق كازا.rar
C:\Users\Hassan\Downloads\Compressed\Connectify 6 Keygen _By_عاشق كازا.rar
~ Files: Scanned in 00mn 21s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.56B49B2354D41848D69E24DB401F6378] [SPRF][18/01/2014] (...) -- C:\Users\Hassan\AppData\Local\Temp\arbol.exe [1828800]
[MD5.1A4C98D98218E5182944A95673ACCDEB] [SPRF][09/01/2014] (...) -- C:\Users\Hassan\AppData\Local\Temp\maucampoSetup.exe [233112]
[MD5.503F53F79C302F9A6587997AD6E470A5] [SPRF][09/11/2012] (...) -- C:\Users\Hassan\AppData\Local\Temp\OSU.exe [281584]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/01/1601] (...) -- C:\Users\Hassan\AppData\Local\Temp\SetupSomoto.exe [1584856] =>Adware.MegaSearch
[MD5.08F187E182F75981A129C464846EB422] [SPRF][09/01/2014] (...) -- C:\Users\Hassan\AppData\Local\Temp\Uninstaller.exe [338928]
[MD5.EF7D1863F4980AB0C8BDA142FEE67F92] [SPRF][09/01/2014] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\Hassan\AppData\Local\Temp\UpdateCheckerSetup.exe [200072] =>Adware.MegaSearch
[MD5.69D2894206516657B7A06EEEA5B917E5] [SPRF][18/01/2014] (...) -- C:\Users\Hassan\AppData\Local\Temp\vlc-2.0.2-win32.exe [22630361]
[MD5.1D318A0AC06FC9778EB942A9283BECE2] [SPRF][09/11/2012] (.No owner - WebToGo Driver InstallX.) -- C:\Users\Hassan\AppData\Local\Temp\WtgDriverInstallX.dll [12800]
[MD5.9BFB244986FB45225BD7332C8FDF7EFE] [SPRF][09/11/2012] (...) -- C:\Users\Hassan\AppData\Local\Temp\WTGXMLUtil.dll [602112]
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][25/05/2013] (...) -- C:\Users\Hassan\AppData\Roaming\SetValue.bat [35]
[MD5.93FE182D441E5A8084673957815C0C87] [SPRF][19/07/2011] (...) -- C:\Users\Hassan\Desktop\ali_dvbs_29C_ carte jsc plus viaccess.bin [2031616]
[MD5.4FB72D41FD4D3833C695BF2F05CCF83B] [SPRF][30/11/2008] (...) -- C:\Users\Hassan\Desktop\ali_dvbs_29C_113008.bin [2031616]
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][02/06/2009] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Hassan\Desktop\ATF-Cleaner.exe [50688]
[MD5.0C396C0E21D5D576910C6ECCF5885B7E] [SPRF][27/05/2011] (.Acresso Software Inc. - Setup.exe.) -- C:\Users\Hassan\Desktop\HWK_Support_Suite_Setup_v02.02.000.exe [5322774]
[MD5.FC02786840D5204A23E920223FF95948] [SPRF][21/12/2013] (...) -- C:\Users\Hassan\Desktop\RogueKiller.exe [3770368]
[MD5.D162430AE482A0ED21266E0F5DDD8378] [SPRF][12/03/2013] (.z3x-team - Z3X Samsung Tool Setup.) -- C:\Users\Hassan\Desktop\SamsungTool_14.1.exe [46263368]
[MD5.83CC1E00FAE8296B4E91CE5DB0D2B100] [SPRF][21/12/2013] (.Bleeping Computer, LLC - Windows shortcut cleaner..) -- C:\Users\Hassan\Desktop\sc-cleaner.exe [406264]
~ Files: 28 Legitimates Filtered in 00mn 09s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{B5B05834-7D45-4AE5-B15E-48D525C8C9D1}" | In - None - P17 - TRUE | .(.No owner - Aplicación MFC awcbrwsr.) -- C:\Program Files\Movistar\AsistCfg96\awcbrwsr.exe
O87 - FAEL: "TCP Query User{DF1698E7-A54F-4E62-849D-1D62AA95836D}C:\program files\ppضْتض\ihelper.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\ppضْتض\ihelper.exe (.not file.)
O87 - FAEL: "UDP Query User{BB706D9C-010E-47C1-B888-B3E2ADD3D1D5}C:\program files\ppضْتض\ihelper.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\ppضْتض\ihelper.exe (.not file.)
~ Firewall: 530 Legitimates Filtered in 00mn 06s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/04/2013 121200 | (DaumStationService) . (.Daum Communications Corp..) - C:\Program Files\Daum\DaumStation\DaumStationService.exe
SS - | Demand 21/03/2013 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 10/07/1658 0 | (IAM Silverstone Modem Device Helper) . (...) - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 16/03/2013 230240 | (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SS - | Auto 12/11/2012 657504 | (Modem HDM EC156. RunOuc) . (...) - C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 04/03/2011 621632 | (RaMediaServer) . (...) - C:\Program Files\Ralink\Common\RaMediaServer.exe
SS - | Demand 06/12/2013 1229528 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe
SS - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 19/07/2012 2568120 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
SR - | Demand 29/08/2013 162152 | (DaumCleanerService) . (.Daum Communications Corp..) - C:\Program Files\Daum\Cleaner\DaumCleanerService.exe
SR - | Auto 14/03/2011 271712 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 25/10/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 09/01/2014 63168 | (MgAssistService) . (...) - C:\Program Files\Mobogenie\MgAssist.exe
SR - | Auto 18/07/2013 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 31/03/2011 375872 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe
SR - | Auto 06/12/2013 662232 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\sua.exe
SR - | Auto 16/01/2014 97048 | (Update maucampo) . (...) - C:\Program Files\maucampo\updatemaucampo.exe
SR - | Auto 09/01/2014 97048 | (Util maucampo) . (...) - C:\Program Files\maucampo\bin\utilmaucampo.exe
SR - | Demand 01/07/2013 14480 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe

~ Services: Scanned in 00mn 21s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 03s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Hp at 18/01/2014 14:22:17

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 07s



---\\ Scan Additionnel (O88)
Database Version : 13019 - (10/01/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 6

[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
C:\Users\Hassan\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\Hassan\AppData\Local\SwvUpdater =>PUP.Software.Updater^
C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^
[HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera^
[HKLM\Software\ValueApps] =>Toolbar.Conduit^
C:\Users\Hassan\AppData\Local\Temp\SetupSomoto.exe =>Adware.MegaSearch^
C:\Users\Hassan\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch^
~ Additionnel Scan: 348360 Items scanned in 00mn 32s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater =>PUP.Software.Updater
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera =>Trojan.Vonteera
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
~ MSI: 6 link(s) detected in 00mn 32s



~ 1851 Legitimates filtered by white list
End of the scan (577 lines in 05mn 27s)(2)

Publicité


Signaler le contenu de ce document

Publicité