cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Launched by TAMILLA (15/02/2014 20:08:15)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Windows product information
~ Langage: Anglais
Windows Seven Black Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Kaspersky Internet Security 2013 v13.0.1.4190

---\\ System optimization software

---\\ Sharing software PeerToPeer
µTorrent v3.1.1 =>P2P.µTorrent

---\\ Surveillance software
Adobe Flash Player 12 ActiveX
Adobe Reader X

---\\ Information on the system
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2934 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 93 GB (63%) free of 146 GB

---\\ Connection to the system mode
~ Computer Name: TAMILLA
~ User Name: TAMILLA
~ All Users Names: TAMILLA, Administrateur,
~ Unselected Option: O90,s O4
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\TAMILLA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\TAMILLA\AppData\Roaming\
~ %Desktop% : C:\Users\TAMILLA\Desktop\
~ %Favorites% : C:\Users\TAMILLA\Favorites\
~ %LocalAppData% : C:\Users\TAMILLA\AppData\Local\
~ %StartMenu% : C:\Users\TAMILLA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 93 Go of 146 Go)
D: Hard drive, Flash drive, Thumb drive (Free 36 Go of 146 Go)
E: Hard drive, Flash drive, Thumb drive (Free 40 Go of 173 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 47 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/950
~ Mes musiques (My Musics) : 1/21
~ Mes Videos (My Videos) : 1/64
~ Mes Favoris (My Favorites) : 1/554
~ Mes Documents (My Documents) : 2/55
~ Mon Bureau (My Desktop) : 1/718
~ Menu demarrer (Programs) : 1/54
~ Hidden Files: Scanned in 00mn 01s



---\\ Process running
[MD5.0A278BBB9D669E9B5871D720FB8E37B7] - (.AVG - AVG PC TuneUp.) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe [1920824] [PID.2640]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2984]
[MD5.40E472EE596A97B1A19E8AF69F23B705] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3000]
[MD5.C68AB37B122149F7181757D740956BD2] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.3096]
[MD5.F2B0DCD22396FA53E18FB7AFE8963E48] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [169496] [PID.3104]
[MD5.85129A54AC1259D23614A629E4F0B5E7] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [496184] [PID.3124]
[MD5.9A6CE36BCA19F8372614DB707163A0CA] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272] [PID.3216]
[MD5.CE0F881B2850DCF6F0A42C3EC3270189] - (.Lenovo - Lenovo Onekey Theater Application.) -- C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [665504] [PID.3228]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files\Lenovo\EnergyCut\utilty.exe [1581056] [PID.3256]
[MD5.46FC9D60D1356CCE1C57F7F235CE9D05] - (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [1167360] [PID.3276]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.1776]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3388]
[MD5.9E2B10E9FE7B55844C4CED3DDFF5491A] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [795936] [PID.3476]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.3540]
[MD5.04D27035B627C36E7CE07C7024B02589] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3724]
[MD5.A1369135F48250C3EE7FC0CF9E7230D7] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe [2360608] [PID.4004]
[MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.4280]
[MD5.D4654DB25AA847F0216DBE8BCDE238FC] - (.Yahoo! Inc. - Yahoo! Toolbar Assistant.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn5\ytbb.exe [216344] [PID.4664]
[MD5.AAC307B421DE27F6E026DF1E625BA81F] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe [840584] [PID.5172]
[MD5.A0F1DFC9E47B2524213AFF32E26BE92D] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe [164864] [PID.4380]
[MD5.523A3C924647A70F63CB865F257365F7] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [745336] [PID.12760] =>P2P.BitTorrent
[MD5.C8ADC942F4177F8B26B59837DA57E9C3] - (.AVG - AVG Automatic Program Reactivator.) -- C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe [108856] [PID.13300]
[MD5.EC64F18EDFABF683C5619E036048F066] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3821136] [PID.14124]
[MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8337920] [PID.16140]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\TAMILLA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www1.delta-search.com =>Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default][HomePage] http://home.myplaycity.com
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 20 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 15476



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Yahoo! Toolbar - [HKLM]{EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B12F2BD-D811-4CBB-9126-B66B0E4CCE96}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B12F2BD-D811-4CBB-9126-B66B0E4CCE96}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B12F2BD-D811-4CBB-9126-B66B0E4CCE96}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [4697] (...) -- C:\Users\TAMILLA\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [YourFile DownloaderUpdate] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [{2421234F-041E-41C3-9499-4B86E9B2139F}] (...) -- F:\Win7\7.Bluetooth\Setup.exe (.not file.) [0]
[MD5.174A5E62C9376C1914F6D9772509523A] [APT] [{BF4AC78D-0FD9-48A4-80A3-227DE3F7F2A1}] (...) -- C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe [630784]
[MD5.00000000000000000000000000000000] [APT] [{C0E58D8F-B36B-44D9-80C0-08665E98C048}] (...) -- C:\Program Files\ONHAND~1\MAHJON~1\UNWISE.exe (.not file.) [0]
[MD5.6BBEB5EA4381A4A60F76A4AA06238F1C] [APT] [{DEAD8230-200C-4D7F-83C0-B32EA8C461D0}] (.Bison Electronics. Inc.) -- C:\Program Files\BisonCam\BisonCap.exe [184320]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 06s



---\\ Drivers launched at startup (O41)
O41 - Driver: (cnnctfy3) . (.Connectify - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\cnnctfy3.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Allok Video to 3GP Converter 5.1.0626 - (.Allok Soft .Inc.) [HKLM] -- Allok Video to 3GP Converter_is1
O42 - Logiciel: Butterfly Escape 1.0 - (.Genimo Interactive LLC.) [HKLM] -- Butterfly Escape_is1
O42 - Logiciel: Cool Screen Capture 7.0.1.377 - (.Cool Screen Capture Inc..) [HKLM] -- Cool Screen Capture_is1
O42 - Logiciel: Depth Hunter - (.Biart Company LLC.) [HKLM] -- Depth Hunter_is1
O42 - Logiciel: Yahoo! Toolbar - (.Yahoo! Inc..) [HKLM] -- Yahoo! Companion
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5e53d6dbe13cbd45] =>Hijacker.Hijacker.Eazel
[HKCU\Software\Alexa Internet]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Dee Mon]
[HKCU\Software\IwantSoft]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\YourFileDownloader] =>PUP.YourFileDownloader
[HKLM\Software\5e53d6dbe13cbd45] =>Hijacker.Hijacker.Eazel
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\YourFileDownloader] =>PUP.YourFileDownloader
[HKLM\Software\uSeesoft]
~ Key Software: 340 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 31/08/2011 - 20:34:03 - [15,356] ----D C:\Program Files\Allok Video to 3GP Converter
O43 - CFD: 17/05/2012 - 23:22:02 - [932,838] ----D C:\Program Files\Biart
O43 - CFD: 29/07/2013 - 11:34:32 - [31,415] ----D C:\Program Files\Butterfly Escape
O43 - CFD: 12/11/2012 - 11:53:12 - [20,302] ----D C:\Program Files\Cool Screen Capture
O43 - CFD: 28/02/2012 - 14:44:37 - [306,536] ----D C:\Program Files\Fortune Summoners - Secret of the Elemental Stone
O43 - CFD: 29/07/2013 - 23:49:57 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 14/09/2013 - 16:37:58 - [0,052] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 26/04/2012 - 11:34:07 - [0] ----D C:\ProgramData\Braintonik
O43 - CFD: 20/11/2012 - 13:27:32 - [0,001] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 23/05/2012 - 22:51:55 - [0,936] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 23/05/2012 - 22:51:55 - [0] ----D C:\ProgramData\Premium
O43 - CFD: 07/08/2013 - 04:43:59 - [1,044] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 13/12/2011 - 21:45:17 - [12,683] ----D C:\ProgramData\Vogue Tales
O43 - CFD: 17/09/2013 - 14:44:45 - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 17/09/2013 - 14:44:45 - [0] --H-D C:\ProgramData\{5EB42881-1E29-48E3-9E86-E4B71E83A651}
O43 - CFD: 16/02/2013 - 15:46:15 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 29/07/2013 - 23:56:17 - [0,497] ----D C:\Users\TAMILLA\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 29/07/2013 - 23:49:56 - [0,003] ----D C:\Users\TAMILLA\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 26/04/2012 - 11:34:07 - [0,096] ----D C:\Users\TAMILLA\AppData\Roaming\Braintonik
O43 - CFD: 10/01/2012 - 21:10:22 - [0,047] ----D C:\Users\TAMILLA\AppData\Roaming\IwantSoft
O43 - CFD: 29/07/2013 - 23:48:23 - [0] ----D C:\Users\TAMILLA\AppData\Roaming\YourFileDownloader =>PUP.YourFileDownloader
O43 - CFD: 28/02/2012 - 14:44:39 - [0,004] ----D C:\Users\TAMILLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fortune Summoners
~ 78 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 334 Legitimates Filtered in 00mn 03s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.ED4EEE543E37AB9553D8CD1CFF4FF108] - 15/02/2014 - 19:42:15 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_15.02.2014_19.39.36_log.txt [142362]
~ Files: 18 Legitimates Filtered in 00mn 01s



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.F9F0045E5E3656D967D01432633708D3] - 11/02/2014 - 06:43:02 ---A- - C:\Windows\Prefetch\32.0.1700.107_31.0.1650.63_CH-79F53620.pf
O45 - LFCP:[MD5.32A2410CD1E1A421FD9CE396E1FE170E] - 13/02/2014 - 15:00:49 ---A- - C:\Windows\Prefetch\POWERMODEMANAGER.EXE-E9A5A553.pf
O45 - LFCP:[MD5.D4EA468E63C330842909BC362323F4B6] - 14/02/2014 - 14:28:47 ---A- - C:\Windows\Prefetch\IMSDKENC.EXE-BF8DFCCE.pf
O45 - LFCP:[MD5.1EA7A9E0E801F1969BABB6A7C3DC9E08] - 14/02/2014 - 14:29:28 ---A- - C:\Windows\Prefetch\LAME.EXE-0580C133.pf
O45 - LFCP:[MD5.ACC08B3FC69126AD58EBD253819E0877] - 14/02/2014 - 14:29:35 ---A- - C:\Windows\Prefetch\FFMPEG_MUXER.EXE-5CDE7CB1.pf
O45 - LFCP:[MD5.CAAB712AB13D126D3A77DCDCA6C3F4B5] - 14/02/2014 - 15:12:42 ---A- - C:\Windows\Prefetch\NS2561.TMP-F8463A30.pf
O45 - LFCP:[MD5.622DAD9B72537EAEF4560341994ECA41] - 15/02/2014 - 17:00:55 ---A- - C:\Windows\Prefetch\YTBB.EXE-9F6FA3E8.pf
~ Prefetcher: 134 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - connectify.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - connectifyshutdown.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - connectifystartup.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - connectifysupportcenter.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - dispatchui.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{bd71eee5-0e4a-11e3-9d41-70f3954cd53d}\AutoRun\command. (...) -- H:\iLinker.exe (.not file.)
O51 - MPSK:{ebd7093b-d2ec-11e0-8776-806e6f6e6963}\AutoRun\command. (...) -- F:\AutoLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.161CA922BA376F945E62262258767B9F] - 07/08/2010 - 07:06:58 ---A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\BisonC07.sys [1316304]
O58 - SDL:[MD5.CB98B2A1C836F2FAD0DA5E3EE5539A81] - 01/11/2013 - 13:50:31 ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [29672]
O58 - SDL:[MD5.687AF6BB383885FF6A64071B189A7F3E] - 22/03/2012 - 20:41:08 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.2AA2C79B9E39C2FCBE0670AECC5B4361] - 27/06/2013 - 10:57:42 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [104928]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] - 18/07/2013 - 06:34:28 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [37344]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Last modified or created user files (O61)
O61 - LFC: 14/02/2014 - 20:08:55 ---A- . (...) -- C:\Users\TAMILLA\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272038]
O61 - LFC: 14/02/2014 - 20:08:55 ---A- . (...) -- C:\Users\TAMILLA\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 14/02/2014 - 20:08:56 ---A- . (...) -- C:\Users\TAMILLA\AppData\Local\Google\Chrome\User Data\Local State [59580]
O61 - LFC: 14/02/2014 - 20:08:56 ---A- . (...) -- C:\Users\TAMILLA\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.fingerprint [66]
O61 - LFC: 14/02/2014 - 20:08:56 ---A- . (...) -- C:\Users\TAMILLA\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.json [845]
O61 - LFC: 14/02/2014 - 20:08:57 ---A- . (...) -- C:\Users\TAMILLA\AppData\Roaming\Broad Intelligence\MediaCoder\prefs.xml [860]
O61 - LFC: 14/02/2014 - 20:08:57 ---A- . (...) -- C:\Users\TAMILLA\AppData\Roaming\Broad Intelligence\MediaCoder\queue.xml [902]
O61 - LFC: 15/02/2014 - 20:08:58 ---A- . (...) -- C:\Users\TAMILLA\AppData\Roaming\ZHP\Log.txt [45489] =>.Nicolas Coolman
O61 - LFC: 15/02/2014 - 20:08:58 ---A- . (...) -- C:\Users\TAMILLA\AppData\Roaming\ZHP\TestsZHPDiag.txt [2853] =>.Nicolas Coolman
O61 - LFC: 15/02/2014 - 20:08:58 ---A- . (...) -- C:\Users\TAMILLA\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 15/02/2014 - 20:08:58 ---A- . (...) -- C:\Users\TAMILLA\AppData\Roaming\ZHP\ZHPDiag.txt [41996] =>.Nicolas Coolman
~ 33 Fichiers temporaires (Temporary files)
~ 7 Fichiers cookies (Cookies files)
~ Files: 184 Legitimates Filtered in 00mn 03s



---\\ Alternate Data Stream File (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
~ ADS: Scanned in 00mn 01s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 01/11/2013 - C:\Windows\System32\DRIVERS\cnnctfy3.sys (cnnctfy3) .(.Connectify - NDISRD helper driver.) - LEGACY_CNNCTFY3
~ Legacy: 88 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (MyPlayCity Search) - http://home.myplaycity.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Program Files\Sony\Sound Forge Pro 10.0\Keygen.exe
C:\Program Files\Sony\Sound Forge Pro 10.0\Keygen.exe
D:\Nouveau dossier\jeux\PopcapBookwormFr\keygen.exe =>Adware.PopCap
D:\Nouveau dossier\jeux\Zumas Revenge v1.0.4.9495 + keygen\Keygen.exe
D:\Sound Forge pro 10\Keygen.exe
~ Files: Scanned in 00mn 08s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.7B7761D6B38CEA5F0C19748AB63B1B39] [SPRF][17/02/2012] (...) -- C:\Users\TAMILLA\AppData\Roaming\kujytuo.exe [391520] =>Virus.Kujytuo
[MD5.9AFE1A9AD804BA4F36803AA5D773DA1F] [SPRF][14/06/2012] (...) -- C:\Users\TAMILLA\AppData\Roaming\Setup_WebGameAR.exe [1049600]
~ Files: 3 Legitimates Filtered in 00mn 01s



---\\ Random Export Key (REK) (O91)
[HKCU\Software\5e53d6dbe13cbd45\2.6.1673.238\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5e53d6dbe13cbd45]:version="2.6.1673.238" =>Hijacker.Hijacker.Eazel
[HKLM\Software\5e53d6dbe13cbd45]:version="2.6.1673.238" =>Hijacker.Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: Window Switcher - {3080F90E-D7AD-11D9-BD98-0000947B0257}
~ MNS: 9 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.58245A69416FAA248A735E7AB0867CAD] [WIS][17/09/2013] (.AVG - AVG PC TuneUp 2014 (fr-FR).) -- C:\Windows\Installer\c375ab.msi [2560000]
[MD5.37ACDEB1072EAB4AD608DAC7CA80CC4B] [WIS][17/09/2013] (.AVG - AVG PC TuneUp 2014.) -- C:\Windows\Installer\c375af.msi [34971648]
~ WIS: 67 Legitimates Filtered in 00mn 06s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 24/09/2013 487936 | (Connectify) . (.Connectify.) - C:\Program Files\Connectify\ConnectifyService.exe
SS - | Auto 27/01/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/01/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/01/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Disabled 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Disabled 26/02/2013 3560800 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 11/08/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SR - | Auto 18/07/2013 233472 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 14/12/2010 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 09/09/2013 1740088 | (TuneUp.UtilitiesSvc) . (.AVG.) - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
SR - | Auto 14/12/2010 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.AVG.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

~ Services: Scanned in 00mn 06s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by TAMILLA at 15/02/2014 20:09:23

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver
1 ntkrnlpa!IofCallDriver[0x83050718] >> \Device\Harddisk0\DR0[0x889797B8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by TAMILLA at 15/02/2014 20:09:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 41
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 7

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Microsoft\Tracing\Babylon_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\Babylon_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{7131C082-F3C6-404D-B8CC-8AF9CFB6209D}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{5C731C2A-6ADF-487E-99A2-7291BF794A14}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\osmax.ocx] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Kujytuo =>Virus.kujytuo
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\TAMILLA\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\TAMILLA\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\TAMILLA\AppData\Roaming\YourFileDownloader =>PUP.YourFileDownloader^
C:\Users\TAMILLA\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKCU\Software\YourFileDownloader] =>PUP.YourFileDownloader^
[HKLM\Software\YourFileDownloader] =>PUP.YourFileDownloader^
C:\Users\TAMILLA\AppData\Roaming\kujytuo.exe =>Virus.Kujytuo^
[HKCU\Software\5e53d6dbe13cbd45\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel^
~ Additionnel Scan: 269645 Items scanned in 00mn 15s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap =>Adware.PopCap
~ http://nicolascoolman.webs.com/apps/blog/show/28358602-virus-kujytuo =>Virus.Kujytuo
~ http://nicolascoolman.webs.com/apps/blog/show/35127313-pua-browserdefendert =>PUA.BrowserDefendert
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 18 link(s) detected in 00mn 15s



~ 1583 Legitimates filtered by white list
End of the scan (623 lines in 01mn 26s)(5)

Publicité


Signaler le contenu de ce document

Publicité