cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Launched by Owner (20/02/2014 17:02:27)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 28.0 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System protection software

---\\ System optimization software
CCleaner v4.07 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Java 7 Update 21

---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2002 MB (20% free)
System Restore: Activé (Enable)
System drive C: has 13 GB (33%) free of 39 GB

---\\ Connection to the system mode
~ Computer Name: COMPUTER-4364
~ User Name: Owner
~ All Users Names: SUPPORT_388945a0, Owner, HelpAssistant, Guest, ASPNET, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Owner\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Owner\Application Data\
~ %Desktop% : C:\Documents and Settings\Owner\Desktop\
~ %Favorites% : C:\Documents and Settings\Owner\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Owner\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Owner\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 13 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 30 Go of 36 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 52 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) (.03/07/2008 - 11:38:24.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.E09551776D365BCA891BBFFB31EE4B4C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2014 - 23:26:52.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) (.02/04/2009 - 14:56:36.) -- C:\WINDOWS\system32\Winlogon.exe [509440]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 13:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 22:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 09:49:40.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 21:11:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 13:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) (.18/11/2008 - 15:02:08.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.22/05/2013 - 04:41:48.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.04/09/2009 - 21:43:46.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 21:10:28.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/14
Mes musiques (My Musics) : 2/2 (Modified)
~ Mes Videos (My Videos) : 2/447
~ Mes Favoris (My Favorites) : 1/66
~ Mes Documents (My Documents) : 1/1619
~ Mon Bureau (My Desktop) : 0/213
~ Menu demarrer (Programs) : 1/64
~ Hidden Files: Scanned in 00mn 04s



---\\ Process running
[MD5.12461829627C6ED75DC2D7AF94097F70] - (.Cucusoft, Inc. - Cucusoft Auto Update Service.) -- C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696] [PID.1704]
[MD5.B3EF92DAAF1E89AB5B90E2D42F096B1C] - (.Cucusoft, Inc. - Cucusoft Net Guard Service 2012-04-21.) -- C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys [223392] [PID.1728]
[MD5.9ECEDAFC30F999B25B4F58500C93855B] - (.Cucusoft, Inc. - Cucusoft SysMsg Proxy and Data Log Service.) -- C:\Program Files\Cucusoft\NetGuard\sysMsgProxySrvc.sys [255136] [PID.1752]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.1788]
[MD5.36D93CB80FDFFEA45866671881DBBC08] - (...) -- C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe [49752] [PID.1908]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1960]
[MD5.88F371FB88107E8CC1F137ACF339F83A] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600] [PID.2036]
[MD5.FEC1275B31F6DC210AE9B9C2EBE46E8D] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [473600] [PID.192]
[MD5.E9E0D33D5C7CEB817663C174111CA3E8] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe [1942328] [PID.1392]
[MD5.F52833AABFC2E072FC6E4E920B1CF9FE] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1126400] [PID.472]
[MD5.1DF9FDB92C04E76AF451304EC1E93C12] - (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [958464] [PID.476]
[MD5.A79FF3C1334690A5942AF761F7E3311B] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [211480] [PID.584]
[MD5.A7B1527EB15F3AB0D4D4CB861C639015] - (...) -- C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe [176128] [PID.588]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe [295512] [PID.2024]
[MD5.A5EBC1C41FD27D1169BA48B87C9A9A82] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3735120] [PID.576]
[MD5.B8A9B4BDD01297C4A84EE8BA6F9FD130] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.848]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2592]
[MD5.AA9639ABF08BF11CBEBA90014E9B0531] - (...) -- C:\Program Files\Internet Mobile+\Internet Mobile+.exe [188416] [PID.2624]
[MD5.CE62819517A8C9E23A413ECA8B640E56] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [580472] [PID.3124]
[MD5.36D426B9DBE7966AD675E9E332AF5814] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [277616] [PID.3432]
[MD5.0E91D179CE2C7333A8CF62AD9E902ADF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.444]
[MD5.B0A03C244209A8A4EDA4D93AC0D43089] - (.AnVir Software - AnVir Task Manager Free.) -- C:\Program Files\AnVir Task Manager Free\anvir.exe [3031672] [PID.3456]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.4872]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.6112]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Owner - q3qjlx9b.default\jpxkkv3euou@iaa-sbrf.net] [] websavue v3.7 (..)
P2 - FPN: [HKLM] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon Bünzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
P2 - FPN: [HKCU] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon Bünzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: AutorunRemover.lnk . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe
O4 - GS\Desktop [AllUsers]: Cucusoft Net Guard.lnk . (.Cucusoft, Inc. - Cucusoft Net Guard.) -- C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
O4 - GS\Desktop [AllUsers]: Firefox Booster.lnk . (.5ecret4dmirer - No Comment.) -- C:\Program Files\Firefox Booster\FirefoxBooster.exe
O4 - GS\Desktop [AllUsers]: FXCC - MetaTrader 4.lnk . (.MetaQuotes Software Corp. - MetaTrader.) -- C:\Program Files\FXCC - MetaTrader 4\terminal.exe
O4 - GS\Desktop [AllUsers]: HSPA USB MODEM.lnk . (...) -- C:\Program Files\HSPA USB MODEM\ModemApplication.exe
O4 - GS\Desktop [AllUsers]: Internet Mobile+.lnk . (...) -- C:\Program Files\Internet Mobile+\Internet Mobile+.exe
O4 - GS\Desktop [AllUsers]: MetaTrader - Alpari UK.lnk . (.MetaQuotes Software Corp. - MetaTrader.) -- C:\Program Files\MetaTrader - Alpari UK\terminal.exe
O4 - GS\Desktop [AllUsers]: Mobi-Fire Creator.lnk . (...) -- C:\Program Files\Mobi-Fire Creator Suite\mfcreatormain.exe
O4 - GS\Desktop [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [AllUsers]: Tickstory Lite.lnk . (.Tickstory - Tickstory.) -- C:\Program Files\Tickstory Lite\Tickstory.exe
O4 - GS\Desktop [AllUsers]: Tube Increaser.lnk . (.Tube Increaser - Tube Increaser.) -- C:\Program Files\Tube Increaser\Tube Increaser.exe
O4 - GS\Desktop [AllUsers]: Tube Traffic.lnk . (...) -- C:\Program Files\Tube Traffic\Tube Traffic.exe
O4 - GS\Desktop [Owner]: AnVir Task Manager Free.lnk . (.AnVir Software - AnVir Task Manager Free.) -- C:\Program Files\AnVir Task Manager Free\AnVir.exe
O4 - GS\Desktop [Owner]: BotRevolt Free.lnk . (.BotRevolt.COM - BotRevolt Executable.) -- C:\Program Files\BotRevoltFree\BotRevoltFree.exe
O4 - GS\Desktop [Owner]: EximiousSoft Logo Designer v3.60.lnk . (.EximiousSoft - Logo Designer.) -- C:\Program Files\Logo Designer\LogoDesigner.exe
O4 - GS\Desktop [Owner]: Freedom Fighters.lnk . (...) -- C:\Games\Freedom Fighters\Freedom.exe
O4 - GS\Desktop [Owner]: IrfanView.lnk . (.Irfan Skiljan - IrfanView.) -- C:\Program Files\IrfanView\i_view32.exe
O4 - GS\Desktop [Owner]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Desktop [Owner]: PresenterSoft PowerVideoMaker.lnk . (.Presentersoft Inc. - Convert PowerPoint to Video.) -- C:\Program Files\Presentersoft PowerVideoMaker\PowerVideoMaker.exe
O4 - GS\Desktop [Owner]: RemoveIT Pro v4 - SE.lnk . (.InCode Solutions - RemoveIT Pro Free Edition.) -- C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
O4 - GS\Desktop [Owner]: VirusTotal Uploader 2.0.lnk . (...) -- C:\Program Files\VirusTotalUploader2\VirusTotalUpload2.exe
O4 - GS\Desktop [Owner]: VPNium.lnk . (.VPNium - vpnium.) -- C:\Program Files\VPNium\vpnium.exe
O4 - GS\Desktop [Owner]: You2bApp.lnk . (...) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{B1B6431C-E07C-4DA0-8006-1C55490C360C}\_022CF67087B5CBF322A8DA.exe
~ Global Startup: 31 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] . (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Meditel Imola ModemListener] . (...) -- C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AutorunRemover.exe] . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1757981266-484061587-1417001333-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1757981266-484061587-1417001333-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{653B16E1-C9FC-4948-8042-623AF312E212}: NameServer = 41.214.140.5 41.214.140.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{653B16E1-C9FC-4948-8042-623AF312E212}: NameServer = 41.214.140.5 41.214.140.4
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (CS_AutoUpdate) . (.Cucusoft, Inc. - Cucusoft Auto Update Service.) - C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 6 Legitimates Filtered in 00mn 10s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: 3D Kit Builder (F22 Raptor) - (...) [HKLM] -- 3D Kit Builder (F22 Raptor)
O42 - Logiciel: Autorun Virus Remover 3.2 - (.Autorun Remover.) [HKLM] -- Autorun Virus Remover_is1
O42 - Logiciel: BotRevolt Free 1.4.3 - (.BotRevolt.) [HKLM] -- {41BB8B6E-3337-4655-8FBB-2295A460619C}_is1
O42 - Logiciel: Firefox Booster 1.1.2 - (.beginnerpage.wordpress.com.) [HKLM] -- Firefox Booster_is1
O42 - Logiciel: Forex Lines 7 + Forex Lines EA - (...) [HKLM] -- Forex Lines 7 + Forex Lines EA
O42 - Logiciel: FxPro cTrader - (.FxPro cTrader.) [HKCU] -- c9d15723b8b6d9d0
O42 - Logiciel: PowerVideoMaker Professional 5.0 - (.Presentersoft.) [HKLM] -- PowerVideoMaker Professional_is1
O42 - Logiciel: RemoveIT Pro v4 - SE - (.InCode Solutions TM 2006..) [HKLM] -- RemoveIT Pro v4 - SE
O42 - Logiciel: River Raider 1.0.10 Demo - (...) [HKLM] -- RiverRaiderDemo_is1
O42 - Logiciel: SetupYou2bApp - (.Default Company Name.) [HKLM] -- {B1B6431C-E07C-4DA0-8006-1C55490C360C}
O42 - Logiciel: Tickstory Lite version 1.0.0 - (.Tickstory.) [HKLM] -- {DD677DA4-6AA6-435F-A78A-B28452584048}_is1
O42 - Logiciel: Tube Increaser version 5.0.0 - (...) [HKLM] -- Tube Increaser_is1
O42 - Logiciel: Tube Traffic - (.UNKNOWN.) [HKLM] -- com.tube-traffic.tube-traffic
O42 - Logiciel: Tube Traffic - (.UNKNOWN.) [HKLM] -- {FB6937FE-89B1-FEF6-E9B4-7B3047FC1EC6}
O42 - Logiciel: VPNium - (...) [HKLM] -- VPNium
~ Logic: 18 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]
[HKCU\Software\Atudg]
[HKCU\Software\Cable Gridder]
[HKCU\Software\EX4Guardian]
[HKCU\Software\EximiousSoft]
[HKCU\Software\Fx1]
[HKCU\Software\Popajar]
[HKLM\Software\Greater Living Enterprises]
~ Key Software: 239 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/01/2014 - 01:07:49 - [4,926] ----D C:\Program Files\3D Kit Builder
O43 - CFD: 03/01/2014 - 00:20:58 - [6,119] ----D C:\Program Files\BotRevoltFree
O43 - CFD: 13/11/2013 - 03:22:42 - [3,674] ----D C:\Program Files\Default Company Name
O43 - CFD: 25/01/2014 - 18:04:45 - [0,871] ----D C:\Program Files\Firefox Booster
O43 - CFD: 02/09/2013 - 14:37:07 - [5,534] ----D C:\Program Files\InCode Solutions
O43 - CFD: 05/01/2014 - 18:22:09 - [1,369] ----D C:\Program Files\RAMRush
O43 - CFD: 26/01/2014 - 18:01:44 - [0,118] ----D C:\Program Files\Shmehao.com
O43 - CFD: 05/01/2014 - 18:22:10 - [60,794] ----D C:\Program Files\Subway surfers
O43 - CFD: 07/01/2014 - 02:39:08 - [5,237] ----D C:\Program Files\Tickstory Lite
O43 - CFD: 05/01/2014 - 18:22:09 - [10,500] ----D C:\Program Files\Tube Increaser
O43 - CFD: 29/01/2014 - 06:35:09 - [4,288] ----D C:\Program Files\Tube Traffic
O43 - CFD: 14/12/2013 - 03:51:17 - [5,699] ----D C:\Program Files\VPNium
O43 - CFD: 09/02/2014 - 15:05:25 - [0,047] ----D C:\Documents and Settings\All Users\Application Data\edd72e26382e2997
O43 - CFD: 09/02/2014 - 16:31:44 - [5,240] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 09/02/2014 - 16:31:29 - [0] ----D C:\Documents and Settings\All Users\Application Data\SetApp
O43 - CFD: 23/10/2013 - 03:13:26 - [0,001] ----D C:\Documents and Settings\All Users\Application Data\Tickstory
O43 - CFD: 20/11/2013 - 01:27:06 - [0] -SH-D C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 13/11/2013 - 03:23:06 - [0] ----D C:\Documents and Settings\Owner\Application Data\Azon complete
O43 - CFD: 21/12/2013 - 13:11:07 - [0] ----D C:\Documents and Settings\Owner\Application Data\BinaryPowerSystem
O43 - CFD: 16/11/2013 - 00:51:11 - [0,031] ----D C:\Documents and Settings\Owner\Application Data\com.tube-traffic.tube-traffic
O43 - CFD: 04/12/2013 - 00:45:30 - [0,004] ----D C:\Documents and Settings\Owner\Application Data\cTrader
O43 - CFD: 05/12/2013 - 01:24:53 - [14,047] ----D C:\Documents and Settings\Owner\Application Data\FxPro-cTrader
O43 - CFD: 04/12/2013 - 00:43:21 - [0] ----D C:\Documents and Settings\Owner\Application Data\FxPro-cTraderCommon
O43 - CFD: 04/12/2013 - 00:45:12 - [0,005] ----D C:\Documents and Settings\Owner\Application Data\FxPro-cTraderUsers
O43 - CFD: 09/02/2014 - 19:39:00 - [0,284] ----D C:\Documents and Settings\Owner\Application Data\OpenCandy =>Adware.OpenCandy
O43 - CFD: 20/10/2013 - 04:03:05 - [1,168] ----D C:\Documents and Settings\Owner\Application Data\teknikforce
O43 - CFD: 04/09/2013 - 01:48:36 - [0,004] ----D C:\Documents and Settings\Owner\Application Data\TubeBacklinkCommando
O43 - CFD: 09/11/2013 - 01:41:19 - [0] ----D C:\Documents and Settings\Owner\Application Data\ubot
O43 - CFD: 20/01/2014 - 02:14:46 - [0] ----D C:\Documents and Settings\Owner\Application Data\Video Shadow
O43 - CFD: 18/11/2013 - 01:54:45 - [0] ----D C:\Documents and Settings\Owner\Application Data\You2bApp
O43 - CFD: 17/11/2013 - 01:17:43 - [0] ----D C:\Documents and Settings\Owner\Application Data\ZiggyTV
O43 - CFD: 31/10/2013 - 02:11:39 - [0,011] ----D C:\Documents and Settings\Owner\Local Settings\Application Data\IM_Buster
O43 - CFD: 21/10/2013 - 23:16:18 - [0,001] ----D C:\Documents and Settings\Owner\Local Settings\Application Data\TrafficJeet
O43 - CFD: 02/11/2013 - 00:13:14 - [0,007] ----D C:\Documents and Settings\Owner\Local Settings\Application Data\TubeBacklinkCommando
O43 - CFD: 04/09/2013 - 01:48:32 - [0] ----D C:\Documents and Settings\Owner\Local Settings\Application Data\vdomcox
O43 - CFD: 21/10/2013 - 23:17:03 - [0,002] ----D C:\Documents and Settings\Owner\Local Settings\Application Data\VidWords_Jeet
O43 - CFD: 04/12/2013 - 15:42:19 - [0,015] ----D C:\Documents and Settings\Owner\Local Settings\Application Data\VPNium
O43 - CFD: 14/01/2014 - 01:07:53 - [0,002] ----D C:\Documents and Settings\Owner\Start Menu\Programs\3D Kit Builder
O43 - CFD: 04/12/2013 - 00:43:06 - [0] ----D C:\Documents and Settings\Owner\Start Menu\Programs\FxPro cTrader
O43 - CFD: 02/09/2013 - 14:37:07 - [0,003] ----D C:\Documents and Settings\Owner\Start Menu\Programs\RemoveIT Pro v4 - SE
O43 - CFD: 04/12/2013 - 15:42:09 - [0,001] ----D C:\Documents and Settings\Owner\Start Menu\Programs\VPNium
~ Program Folder: 186 Legitimates Filtered in 00mn 18s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.FC12F92F264BBF3E22C0C9821B327BB0] - 13/02/2014 - 23:11:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\1e209d6f78816e2c.sys [61824]
O44 - LFC:[MD5.A1B6A69AE4ABF40A07D1EE642F5F786C] - 20/02/2014 - 16:49:35 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]
~ Files: 35 Legitimates Filtered in 00mn 02s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "D:\caiup.pif" [Enabled] .(.No owner.) -- D:\caiup.pif
O47 - AAKE:Key Export SP - "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [Enabled] .(.Analog Devices, Inc..) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] Orphan key
O47 - AAKE:Key Export SP - "C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe" [Enabled] .(.No owner.) -- C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [Enabled] .(.Analog Devices, Inc..) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Mobile+\Internet Mobile+.exe" [Enabled] .(.No owner.) -- C:\Program Files\Internet Mobile+\Internet Mobile+.exe
~ Keys Export: 26 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{0593c184-27ce-11e3-a5db-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{0b3a672e-2836-11e3-a5df-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{0b3a6731-2836-11e3-a5df-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{15b17ef4-22a0-11e3-a5bf-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{1a546e82-224e-11e3-a5be-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{1c4a902e-27c4-11e3-a5d9-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{1c4a9031-27c4-11e3-a5d9-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{4116eed6-1016-11e3-9bc7-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{4fa6f9fd-8361-11e3-a74d-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{561ced50-631b-11e3-a6db-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{56f3fc1a-22a1-11e3-a5c0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{5c7b69f8-2228-11e3-a5bd-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{5dd2ab9a-1cb0-11e3-a594-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{5dd2ab9b-1cb0-11e3-a594-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{6a1480bc-27d0-11e3-a5dc-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{6a1480bd-27d0-11e3-a5dc-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{6a1480c0-27d0-11e3-a5dc-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{9106999e-212a-11e3-a5ae-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\autorun.exe
O51 - MPSK:{abddf4f4-10a6-11e3-a55f-806d6172696f}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{adbd929a-13d3-11e3-a569-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{c9c56296-1f64-11e3-a5a0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{c9c56297-1f64-11e3-a5a0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{c9c5629a-1f64-11e3-a5a0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{cc97ece7-0e34-11e3-9bb8-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{cc97ecea-0e34-11e3-9bb8-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{cd75060e-1f63-11e3-a59f-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{cd75060f-1f63-11e3-a59f-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{cebf2744-3cb7-11e3-a63f-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{e1e4d666-0f2d-11e3-9bc3-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\Autorun.exe
O51 - MPSK:{e87628a0-1c86-11e3-a592-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{e8bd46ba-65a9-11e3-a6e0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{e8bd46bb-65a9-11e3-a6e0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{e8bd46bc-65a9-11e3-a6e0-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{e90fd350-2939-11e3-a5e2-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{e90fd351-2939-11e3-a5e2-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{eaf83fac-2828-11e3-a5dd-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{f1b7d839-0e4d-11e3-9bbc-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{f1b7d83d-0e4d-11e3-9bbc-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{f266957e-1c87-11e3-a593-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
O51 - MPSK:{faf8640e-282d-11e3-a5de-0022641c43ec}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- E:\AutoRun.exe
~ Keys: Scanned in 00mn 01s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\5cd8f17f4086744065eb0992a09e05a2 [Key] . (...) -- C:\Documents and Settings\Owner\Local Settings\Temp\Trojan.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BotRevoltFree [Key] . (.BotRevolt.COM - BotRevolt Executable.) -- C:\Program Files\BotRevoltFree\botrevoltfree.exe
O53 - SMSR:HKLM\...\startupreg\VPNium [Key] . (.VPNium - vpnium.) -- C:\Program Files\VPNium\vpnium.exe
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 7 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoSharedDocuments"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "MaxRecentDocs"=18
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsNetHood"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1
~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.FC12F92F264BBF3E22C0C9821B327BB0] - 13/02/2014 - 23:11:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\1e209d6f78816e2c.sys [61824]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/1601 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\803f26c7da9ffcb0.sys [60032]
O58 - SDL:[MD5.2DC6FF5DA4EA7CA1D4128A7541734B9F] - 11/12/2008 - 12:11:34 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\Drivers\ADIHdAud.sys [338944]
O58 - SDL:[MD5.A2ECECE11639FEA1CCB66D853451F7E2] - 08/08/2011 - 18:13:10 ---A- . (.SysProgs.org - WinCDEmu virtual CDROM bus.) -- C:\WINDOWS\system32\Drivers\BazisVirtualCDBus.sys [117584]
O58 - SDL:[MD5.4183BE439981BBC77EF2C1D66629F124] - 26/09/2008 - 18:00:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ewdcsc.sys [24448]
O58 - SDL:[MD5.483924F92E55A5F9423201EC635E2CED] - 17/09/2013 - 17:12:20 ---A- . (.GFI Software - GFI Boot Time Operations Driver.) -- C:\WINDOWS\system32\Drivers\gfibto.sys [13560]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 12:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.BD202018AF54CB476B847CAF6161AC2B] - 27/06/2013 - 09:57:42 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [118344]
O58 - SDL:[MD5.082EA07B461D1D184A82FDCB8B38A753] - 02/03/2011 - 16:12:46 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\WINDOWS\system32\Drivers\massfilter.sys [9216]
O58 - SDL:[MD5.62C212678CA063DA233ED4B0B6FC9162] - 26/09/2008 - 18:01:30 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\WINDOWS\system32\Drivers\mod7700.sys [621056]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.8CF6E2AE1707D82E904ECCA68CEF8B87] - 15/12/2011 - 17:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\tap0901.sys [26624]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.4FE09F868CE65B334B42862C372C69CC] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 7 Legitimates Filtered in 00mn 06s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 01/01/1601 - C:\WINDOWS\system32\drivers\ssmgn.sys (amsint32) .(...) - LEGACY_AMSINT32
O64 - Services: CurCS - 17/07/2012 - C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe (CS_AutoUpdate) .(.Cucusoft, Inc. - Cucusoft Auto Update Service.) - LEGACY_CS_AUTOUPDATE
O64 - Services: CurCS - 24/03/2013 - C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys (CS_BandwidthGuard) .(.Cucusoft, Inc. - Cucusoft Net Guard Service 2012-04-21.) - LEGACY_CS_BANDWIDTHGUARD
O64 - Services: CurCS - 24/03/2013 - C:\Program Files\Cucusoft\NetGuard\sysMsgProxySrvc.sys (CS_SysMsgProxy) .(.Cucusoft, Inc. - Cucusoft SysMsg Proxy and Data Log Service.) - LEGACY_CS_SYSMSGPROXY
O64 - Services: CurCS - 20/06/2011 - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe (Meditel Imola Modem Device Helper) .(...) - LEGACY_MEDITEL_IMOLA_MODEM_DEVICE_HELPER
O64 - Services: CurCS - 14/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
~ Legacy: 129 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {66C68655-D58D-409E-846F-296E7366BAA4} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} - (Yahoo!) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\TubeBacklinkCommando_crackedby_Imcool.rar
C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\TubeBacklinkCommando_portable_crackedby_Imcool.rar
C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\TubeBacklinkCommando_crackedby_Imcool.rar
C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\TubeBacklinkCommando_portable_crackedby_Imcool.rar
~ Files: Scanned in 00mn 18s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.778E278669CEF813B39A5EE8221F412D] [SPRF][30/10/2013] (...) -- C:\Documents and Settings\All Users\Application Data\1383102590.bdinstall.bin [50053]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Random Export Key (REK) (O91)
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:2b3328e57676df442688f81f9824276a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:f8c065f4e758233f0d12dc9b8cf7a2ce="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI
~ Export Key Software: Scanned in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.4C3D8EA871678A3062A344828263065F] [WIS][12/11/2013] (.UNKNOWN - Tube Traffic.) -- C:\Windows\Installer\19e91d.msi [26624]
[MD5.71DFC3A6563D454C2E07AFDDF04436DB] [WIS][10/11/2013] (.Trend Micro Inc. - Trend Micro's HiJackThis.) -- C:\Windows\Installer\28cea.msi [1094656]
~ WIS: 30 Legitimates Filtered in 00mn 02s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 15/02/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 17/07/2012 44696 | (CS_AutoUpdate) . (.Cucusoft, Inc..) - C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
SR - | Auto 26/08/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 20/06/2011 49752 | (Meditel Imola Modem Device Helper) . (...) - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 29/08/2013 1740600 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
SR - | Auto 14/09/2010 473600 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe

~ Services: Scanned in 00mn 02s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Owner at 20/02/2014 17:03:55

device: opened successfully
user: error reading MBR

Disk trace:
error: Read The handle is invalid.
kernel: error reading MBR

~ MBR: 9 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Owner at 20/02/2014 17:03:57

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

C:\Documents and Settings\Owner\Application Data\OpenCandy =>Adware.OpenCandy^
C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma
~ Additionnel Scan: 136952 Items scanned in 00mn 21s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 2 link(s) detected in 00mn 21s



~ 865 Legitimates filtered by white list
End of the scan (618 lines in 01mn 52s)(4)

Publicité


Signaler le contenu de ce document

Publicité