cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Launched by user (18/02/2014 17:05:20)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 15.0.1 (Defaut)
GCIE: Google Chrome v32.0.1700.107
OPIE: Opera vStable 19.0.1326.63

---\\ Windows product information
~ Langage: Anglais
Windows 7 Professional, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
~ Windows Partial Key : PW487
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2013
Windows Defender W7

---\\ System optimization software
CCleaner v4.10 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3657 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 210 GB (85%) free of 244 GB

---\\ Connection to the system mode
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 210 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 94 Go of 124 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 98 Go of 98 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.96119226320B3B2A80E87FDB9D446BA0] - (.Microsoft Corporation - Microsoft Tablet PC Component.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [1536]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/12
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/9
~ Mon Bureau (My Desktop) : 1/465
~ Menu demarrer (Programs) : 1/53
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.AA6A217805FA7A873991B0848F39534D] - (.Smadsoft - Smadav USB Antivirus & Additional Protectio.) -- C:\Program Files (x86)\Smadav\SMΔRTP.exe [1609728] [PID.2496]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.2932]
[MD5.7AC622ED754E7628C97EE31BE4C72C91] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [905296] [PID.2940] =>P2P.BitTorrent
[MD5.615E58F9963734185756AEE4959BA964] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480] [PID.3024]
[MD5.98512ABDD42AD87EA4BC92C913BAAB68] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232] [PID.2132]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2152]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.2560]
[MD5.61A2DBA2126BA1425CC5AECC8E8AD055] - (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera\VM331_STI.exe [548864] [PID.2908]
[MD5.3A5D0E1BF0D7B954FD3A8BE474FCAABA] - (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera2\VM332STI.exe [548864] [PID.3032]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.1916]
[MD5.631F218518721362F1D42265F1B6BB36] - (.Broadcom Corporation. - Bluetooth Headset Helper.) -- C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe [153304] [PID.4916]
[MD5.39AD6D7BE4FBC058ADA3196D7C0D203C] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe [45198176] [PID.5080]
[MD5.25C18B505518548CB9D92E02180FD863] - (...) -- C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe [1378144] [PID.5396]
[MD5.F7DD548E75AE5AEC0B2D908AF18CC370] - (...) -- C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe [2387064] [PID.4304]
[MD5.D96D740020F51FD1CD5605784DC2D15B] - (...) -- C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2054776] [PID.4316] =>PUP.SpeedUpMyComputer
[MD5.1B30681569A1DF38E5CC2F9EA6B46942] - (...) -- C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe [1886840] [PID.6112]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8338432] [PID.5808]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1420]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1732]
[MD5.C98ACDE22458C8F46FD0503CB9E2D01F] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe [223112] [PID.2224]
[MD5.D41D8CD98F00B204E9800998ECF8427E] - (...) -- C:\Program Files (x86)\Smadav\SM?RTP.exe [1609728] [PID.0]
[MD5.34AE0DFA3EE3B5B9975042D87332D0B7] - (...) -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520] [PID.3096] =>Adware.Bandoo
[MD5.BBFCAC1C23B867AE5D7EF96DF40680C5] - (.Realtek - RtlService MFC Application.) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960] [PID.3180]
[MD5.66F39EB030F69731FD2731D83D6A3DBD] - (.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe [1118208] [PID.3208]
[MD5.BCF051E2F6907DF68F570EF8A2B17CA1] - (...) -- C:\Program Files (x86)\Jotzey\updateJotzey.exe [80152] [PID.3316]
[MD5.BCF051E2F6907DF68F570EF8A2B17CA1] - (...) -- C:\Program Files (x86)\Jotzey\bin\utilJotzey.exe [80152] [PID.3444]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.5968]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1996]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\searchplugins\search-here.xml
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\searchplugins\VenteeRo.xml
M0 - MFSP: prefs.js [user - 833bb96j.default] http://www.arabyonline.com
M2 - MFEP: prefs.js [user - 833bb96j.default\addon@Vonteera.com] [] Ad Safe v (..) =>Trojan.Trojan.Vonteera
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25



---\\ Browser Helper Objects (O2)
O2 - BHO: AdSafe [64Bits] - {598AC71E-BE58-3981-B78A-5C138F423AD6} . (...) -- C:\Users\user\AppData\Roaming\VolIE\Adsafe_32.dll
O2 - BHO: Jotzey [64Bits] - {63a20a19-b1e6-4355-ab4c-28553af40ca2} . (.Jotzey - Jotzey.) -- C:\Program Files (x86)\Jotzey\Jotzeybho.dll
O2 - BHO: DefaultTabBHO [64Bits] - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll =>Adware.Bandoo
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: My 7 Optimizer.lnk . (.My 7 Optimizer - My 7 Optimizer.) -- C:\Windows\My 7 Add-On\My 7 Optimizer\My 7 Optimizer.exe
O4 - GS\Desktop [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\Desktop [Public]: SMADΔV.lnk . (.Smadsoft - Smadav USB Antivirus & Additional Protectio.) -- C:\Program Files (x86)\Smadav\SMΔRTP.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [user]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [user]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [user]: Google Chrome.lnk - Orphan key
O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [user]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\Program [user]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [user]: FixMyRegistry.lnk . (...) -- C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe
O4 - GS\Desktop [user]: Free Pascal IDE.lnk . (...) -- C:\FPC\2.6.2\bin\i386-win32\fp.exe
O4 - GS\Desktop [user]: Sync Folder.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - GS\Desktop [user]: UpdateMyDrivers.lnk . (...) -- C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe
~ Global Startup: 80 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Bluetooth.lnk . (...) -- C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe (.not file.)
O4 - GS\Startup [user]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [AdobeBridge] Orphan key
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\user\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - HKCU\..\Run: [UpdateMyDrivers] . (...) -- C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe
O4 - HKCU\..\Run: [SpeedUpMyComputer] . (...) -- C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe =>PUP.SpeedUpMyComputer
O4 - HKCU\..\Run: [FixMyRegistry] . (...) -- C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe
O4 - HKLM\..\Wow6432Node\Run: [331BigDog] . (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera\VM331_STI.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [332BigDog] . (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera2\VM332STI.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [smarttweak] Orphan key
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [AdobeBridge] Orphan key
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\user\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [UpdateMyDrivers] . (...) -- C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [SpeedUpMyComputer] . (...) -- C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe =>PUP.SpeedUpMyComputer
O4 - HKUS\S-1-5-21-2987189789-363487284-179772914-1000\..\Run: [FixMyRegistry] . (...) -- C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C527192-8CD9-4684-A81A-A691D74E944F}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3DFEFC-817E-4BAA-9127-CA07C3892B5F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68B4898-8A52-4EDF-B08B-432163A21A58}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C527192-8CD9-4684-A81A-A691D74E944F}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A3DFEFC-817E-4BAA-9127-CA07C3892B5F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A68B4898-8A52-4EDF-B08B-432163A21A58}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C527192-8CD9-4684-A81A-A691D74E944F}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{8A3DFEFC-817E-4BAA-9127-CA07C3892B5F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A68B4898-8A52-4EDF-B08B-432163A21A58}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: DefaultTabSearch (DefaultTabSearch) . (...) - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe =>Adware.Bandoo
O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe =>Adware.Bandoo
O23 - Service: Update Jotzey (Update Jotzey) . (...) - C:\Program Files (x86)\Jotzey\updateJotzey.exe
O23 - Service: Util Jotzey (Util Jotzey) . (...) - C:\Program Files (x86)\Jotzey\bin\utilJotzey.exe
~ Services: 14 Legitimates Filtered in 00mn 03s



---\\ Task Planned Automatically (039)
[MD5.7A6743646EB873BBE6389A0B963AEAA9] [APT] [4CEFD9B73D6C-1CRMOI2] (...) -- C:\users\user\AppData\Roaming\ARHome\Updater.exe [80896]
[MD5.7A6743646EB873BBE6389A0B963AEAA9] [APT] [5FOFD9B73D6C-2CRMOI6] (...) -- C:\users\user\AppData\Roaming\ARHome\Updater.exe [80896]
[MD5.841BCE010989C93A44AC168A5052370B] [APT] [LaunchApp] (.MyPCBackup.com.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2919976] =>PUP.MyPCBackup
[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [smadav] (...) -- C:\Program Files (x86)\Smadav\SM?RTP.exe [1609728]
[MD5.00000000000000000000000000000000] [APT] [{D8BF4CFA-6D5C-4012-8A7B-6083FE88A295}] (...) -- C:\users\user\Downloads\Programs\l1egc02us24_2.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 03s



---\\ Software installed (O42)
O42 - Logiciel: ARHome - (.NoVooIT.) [HKCU][64Bits] -- ARHome
O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM][64Bits] -- DefaultTab =>Adware.Bandoo
O42 - Logiciel: Jotzey - (.Jotzey.) [HKLM][64Bits] -- Jotzey
O42 - Logiciel: MyPC Backup - (.JDi Backup Ltd.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Default Tab] =>Adware.Bandoo
[HKCU\Software\IceTeam]
[HKCU\Software\Jotzey]
[HKCU\Software\NoVooITSet]
[HKCU\Software\OB]
[HKCU\Software\SMADΔV]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Vonteera Safe ads] =>Trojan.Trojan.Vonteera
[HKLM\Software\Wow6432Node\Default Tab] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Jotzey]
~ Key Software: 235 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 17/02/2014 - 23:15:23 - [0,982] ----D C:\Program Files (x86)\DefaultTab =>Adware.Bandoo
O43 - CFD: 18/02/2014 - 01:32:49 - [1,471] ----D C:\Program Files (x86)\Jotzey
O43 - CFD: 18/02/2014 - 00:32:08 - [27,368] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 17/02/2014 - 21:39:38 - [0] ----D C:\ProgramData\APN
O43 - CFD: 18/02/2014 - 15:54:18 - [0] ----D C:\ProgramData\RegClean
O43 - CFD: 18/02/2014 - 15:50:57 - [1,261] ----D C:\Users\user\AppData\Roaming\ARHome
O43 - CFD: 17/02/2014 - 23:14:49 - [2,284] ----D C:\Users\user\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 18/02/2014 - 15:39:07 - [1,228] ----D C:\Users\user\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 18/02/2014 - 15:50:58 - [0,519] ----D C:\Users\user\AppData\Roaming\VolIE
O43 - CFD: 09/02/2014 - 10:08:50 - [0] ----D C:\Users\user\AppData\Local\FreePascal
O43 - CFD: 17/02/2014 - 22:51:05 - [1,224] ----D C:\Users\user\AppData\Local\genienext
O43 - CFD: 18/02/2014 - 00:31:57 - [0,002] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ Program Folder: 150 Legitimates Filtered in 00mn 11s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.678C7EA24776534FF6DDF491A4F86005] - 06/02/2014 - 23:51:30 ---A- . (...) -- C:\Windows\RtlUI2.exe.manifest [901]
O44 - LFC:[MD5.E13F489F0B1E52319A86BDD996263F4B] - 07/02/2014 - 13:54:01 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.5662191B61C165D9BCA2D118FAC60172] - 18/02/2014 - 14:02:18 ---A- . (...) -- C:\Windows\Uninstal.exe [95110]
~ Files: 28 Legitimates Filtered in 00mn 04s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 16/02/2014 - 23:39:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 16/02/2014 - 23:39:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.929DF302F15BFE24AC66EF45D858C413] - 28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [175480]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 02s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 28/11/2013 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 123 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} [DefaultScope] - (VenteeRo) - http://www.arabyonline.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.5447D3DFBF32D9940C135A327456C3C8] [SPRF][07/02/2014] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.CD302FC76F99B52A0EAA6B98EFB8FD6A] [SPRF][16/02/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.28FBD6D56407A17BB6D9645AD6908CFF] [SPRF][04/09/2011] (...) -- C:\Users\user\Desktop\LES_JOURNAUX__dz__.exe [2728960]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{0F2536C4-43E5-4FF8-9C1A-8DB5299891A9}C:\program files (x86)\smadav\smδrtp.exe" | In - Public - P6 - TRUE | .(.Smadsoft - Smadav USB Antivirus & Additional Protection.) -- C:\program files (x86)\smadav\smδrtp.exe
O87 - FAEL: "UDP Query User{7DBF3CD8-B0C5-40F2-AD0A-CA421EC21769}C:\program files (x86)\smadav\smδrtp.exe" | In - Public - P17 - TRUE | .(.Smadsoft - Smadav USB Antivirus & Additional Protection.) -- C:\program files (x86)\smadav\smδrtp.exe
~ Firewall: 183 Legitimates Filtered in 00mn 00s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "11C6590D06F0EF3499DA25E4384317BB" . (.Energy Management.) -- C:\Windows\Installer\{D0956C11-0F60-43FE-99AD-524E833471BB}\ARPPRODUCTICON.exe
O90 - PUC: "421D4F645E0221D4EB25CE71A7A7B424" . (.OneKey Recovery.) -- C:\Windows\Installer\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\ARPPRODUCTICON.exe
~ Update Products: 47 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
~ WIS: 47 Legitimates Filtered in 00mn 03s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 06/02/2014 36392 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SS - | Demand 13/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/02/2013 572928 | (DefaultTabSearch) . (...) - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe =>Adware.Bandoo
SS - | Auto 07/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/02/2013 1008344 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SR - | Auto 17/02/2014 107520 | (DefaultTabUpdate) . (...) - C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe =>Adware.Bandoo
SR - | Auto 05/12/2012 60272 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 21/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 07/12/2009 40960 | (Realtek87B) . (.Realtek.) - C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
SR - | Auto 21/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/02/2014 80152 | (Update Jotzey) . (...) - C:\Program Files (x86)\Jotzey\updateJotzey.exe
SR - | Auto 18/02/2014 80152 | (Util Jotzey) . (...) - C:\Program Files (x86)\Jotzey\bin\utilJotzey.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 05s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by user at 18/02/2014 17:06:35
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by user at 18/02/2014 17:06:37

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 9

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent
[HKCU\Software\default tab] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\default tab] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\defaulttab] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\defaulttab] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc] =>Adware.Bandoo
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\extensions\addon@Vonteera.com =>Trojan.Trojan.Vonteera^
C:\Program Files (x86)\DefaultTab =>Adware.Bandoo^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Users\user\AppData\Roaming\DefaultTab =>Adware.Bandoo^
C:\Users\user\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^
C:\ProgramData\RegClean =>Rogue.RegistryPowerCleaner
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc =>Adware.Bandoo
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\833bb96j.default\Extensions\addon@defaulttab.com.xpi =>Adware.Bandoo
C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe =>PUP.SpeedUpMyComputer^
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe =>Adware.Bandoo^
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup^
[HKCU\Software\Default Tab] =>Adware.Bandoo^
[HKCU\Software\Vonteera Safe ads] =>Trojan.Trojan.Vonteera^
[HKLM\Software\Wow6432Node\Default Tab] =>Adware.Bandoo^
C:\Users\user\AppData\Local\Temp\SomotoNew.exe =>Adware.MegaSearch
~ Additionnel Scan: 193596 Items scanned in 00mn 13s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/35322258-pup-speedupmycomputer =>PUP.SpeedUpMyComputer
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera =>Trojan.Vonteera
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ MSI: 11 link(s) detected in 00mn 13s



~ 1026 Legitimates filtered by white list
End of the scan (603 lines in 01mn 30s)(0)

Publicité


Signaler le contenu de ce document

Publicité