cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014)
~ Launched by Administrateur (02/03/2014 11:24:42)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v6.0.2900.2180
GCIE: Google Chrome v33.0.1750.117 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 ActiveX

---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1015 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (6%) free of 37 GB

---\\ Connection to the system mode
~ Computer Name: MOSTAFA-B775962
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 37 Go)
D: Hard drive, Flash drive, Thumb drive (Free 20 Go of 39 Go)
E: Hard drive, Flash drive, Thumb drive (Free 20 Go of 35 Go)
G: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ State of the Windows Security Center
~ Security Center: 51 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.2A7BD330924252A2FD80344FC949BB72] - (.Microsoft Corporation - Explorateur Windows.) (.19/08/2004 - 15:09:54.) -- C:\WINDOWS\Explorer.exe [1036288]
[MD5.4E958B97EFC3D801F49283D1820F48B7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/08/2004 - 15:09:48.) -- C:\WINDOWS\system32\wininet.dll [660480]
[MD5.123EEA158F74D0F67A51DCDF065D1091] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.19/08/2004 - 15:10:06.) -- C:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/08/2004 - 22:14:16.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 22:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.03/08/2004 - 22:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.03/08/2004 - 21:59:54.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.28/08/2001 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19/08/2004 - 14:56:40.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.03/08/2004 - 22:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.03/08/2004 - 22:04:52.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.03/08/2004 - 22:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/08/2004 - 22:15:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.03/08/2004 - 22:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.03/08/2004 - 22:15:10.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.19/08/2004 - 15:20:54.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.03/08/2004 - 22:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 23:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.19/08/2004 - 16:54:52.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/08/2004 - 14:59:14.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/75
~ Mon Bureau (My Desktop) : 2/4
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.E319E50243A0017BA5FCBCF87CBA64A2] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [1265664] [PID.1224]
[MD5.D481431E528545EF265C05F5C18111F7] - (...) -- C:\windows\system32\ZakariaG.jpg.exe [54272] [PID.1344]
[MD5.6C110F1EFFE93516F4F0C51FAFD3A054] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3903056] [PID.1708]
[MD5.EC80296A6B31877B436554DF7429F45D] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1741312] [PID.2040]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.120] =>Toolbar.Google
[MD5.6E6656C6618C4B0B000267D9AF9EF743] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859464] [PID.2756]
[MD5.12F5582EEEF2464F90F37D288FE8A159] - (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMGrHlp.exe [513048] [PID.3088]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.27200]
~ Processes Running: Scanned in 00mn 06s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [akpelnjfckgfiplcikojhomllgombffc] Theme Creator v.2.5 (Activé)
G2 - GCE: Preference [User Data\Default] [apdiogojbmdncjdpljocafnigiokgmci] UJAM - Make your music. v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [beobeededemalmllhkmnkinmfembdimh] ط§ظ„طھظ„ظپط²ظٹظˆظ† v.1.0.12 (Activé)
G2 - GCE: Preference [User Data\Default] [dacdieigeclacgkdlmnojihknoblpafo] ط¶ظˆط، v.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [fkhegfhnlmoegfmmnkakipmchkdoggce] Tag Quran v.1.17 (Activé)
G2 - GCE: Preference [User Data\Default] [gceeodfjmkoilhaoehbnhofdpobaohnm] Facebook One v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [googgpdhdhhlanfmfpjhmgijfmclilcp] ظ…ظ†ط¨ظ‡ ط§ظ„ط£ط°ظƒط§ط± v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [hiipoacfagkbdmldoknelbhnijblfeca] ط±ط§ط¯ظٹظˆ ط§ظ„ظ‚ط±ط¢ظ† ط§ظ„ظƒط±ظٹظ… - Quran Radio v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [hmcpdijlnobphekggmpconeehmokcpli] Quran360 v.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [jjkhefodfbgjpcmahghmfggbcpjabnag] ط¨ظ„ظٹط§ط±ط¯ظˆ ط§ظ„ظƒط±ط© ط§ظ„ط³ظˆط¯ط§ط، v.1.0.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kbgdenhobifcbckaiohandoodkepleif] Green Farm v.2.1.7.8 (Activé)
G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] Google Mail Checker v.4.4.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ofmpffnppnlgkgmbgidhhjcglloeejpg] ظƒط§ظ…ظٹط±ط§ v.3.1 (Activé)
G2 - GCE: Preference [User Data\Default] [olddbephnfagijmbdcfdbpaobepgpgck] Istikana TV v.0.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [onlgmecjpnejhfeofkgbfgnmdlipdejb] ط¨ظٹظƒط§ط³ط§ v.6.2.2 (Activé)
~ Google Browser: 40 Legitimates Filtered in 00mn 43s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 30



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 10 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Program [AllUsers]: Adobe Gamma Loader.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [TrayServer] . (.Magix - Trayserver.) -- C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [LayoutM] . (.Chicony - KLayMgr.) -- C:\WINDOWS\KLayMgr.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Run: [ZakariaG] . (...) -- c:\windows\system32\ZakariaG.jpg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Documents and Settings\Administrateur\Application Data\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKLM\..\policies\Explorer\Run: [SysAnti] . (...) -- C:\Program Files\Common Files\SysAnti.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-2025429265-2000478354-839522115-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2025429265-2000478354-839522115-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2025429265-2000478354-839522115-500\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-2025429265-2000478354-839522115-500\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2025429265-2000478354-839522115-500\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Documents and Settings\Administrateur\Application Data\newnext.me\nengine.dll =>PUP.NextLive
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9BAADDA-1D30-4579-B862-1E47F476BC0B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A9BAADDA-1D30-4579-B862-1E47F476BC0B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A9BAADDA-1D30-4579-B862-1E47F476BC0B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Administrateur914]
[HKCU\Software\Softonic] =>Toolbar.Conduit
~ Key Software: 93 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/12/2013 - 21:33:19 - [48,475] ----D C:\Program Files\GUM973.tmp
O43 - CFD: 13/02/2014 - 23:04:24 - [48,394] ----D C:\Program Files\GUMCC.tmp
O43 - CFD: 20/01/2014 - 23:40:43 - [16,295] ----D C:\Program Files\Movies Toolbar =>PUP.MoviesToolbar
O43 - CFD: 22/01/2014 - 22:06:47 - [0,016] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 02/03/2014 - 09:47:53 - [1,228] ----D C:\Documents and Settings\Administrateur\Application Data\newnext.me =>PUP.NextLive
O43 - CFD: 14/02/2014 - 10:41:24 - [1,224] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\genienext
~ Program Folder: 84 Legitimates Filtered in 00mn 11s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.DC3A91EC49E8DE9EDBAAE5A908642595] - 01/03/2014 - 21:36:22 ---A- . (...) -- C:\WINDOWS\wiadebug.log [354]
O44 - LFC:[MD5.25D0B2A6AC1083D2438488FA6C43E891] - 01/03/2014 - 21:36:23 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.1FA56C1C8CFEA0DE3A24BB3CA0D9A475] - 02/03/2014 - 09:49:07 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.9C2EDB1CB00442431B295F9F153B24DA] - 02/03/2014 - 11:25:54 RSHA- . (...) -- C:\Autorun.inf [145]
O44 - LFC:[MD5.71AD225B74E959A31252345BDA9BD717] - 16/02/2014 - 14:06:48 ---A- . (...) -- C:\WINDOWS\win.ini [486]
O44 - LFC:[MD5.500C420C9EAEC5C7FFD18C39E853C4F0] - 16/02/2014 - 14:06:49 ---A- . (...) -- C:\WINDOWS\mozver.dat [8162]
O44 - LFC:[MD5.C8F36CEB51D64F0CFB32D51E05631E65] - 16/02/2014 - 14:07:05 ---A- . (...) -- C:\WINDOWS\nsreg.dat [335]
O44 - LFC:[MD5.79D6D38AFD0838C1B7E460C67445C659] - 18/02/2014 - 19:49:27 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192]
O44 - LFC:[MD5.7F656C63C9E0AD950EA1C90FB933571C] - 21/02/2014 - 15:34:47 ---A- . (...) -- C:\WINDOWS\wmsetup.log [6783]
O44 - LFC:[MD5.61A573CEF4B73F14F95AC3469052D892] - 22/02/2014 - 11:28:51 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1642]
O44 - LFC:[MD5.D481431E528545EF265C05F5C18111F7] - 25/02/2014 - 14:28:54 RSHA- . (...) -- C:\GuelmimG.bat [54272]
O44 - LFC:[MD5.4E5AEF82A0B725198DB4441185A3A1A2] - 25/02/2014 - 15:46:28 ---A- . (...) -- C:\WINDOWS\system.ini [265]
O44 - LFC:[MD5.5CDEDBBDCF5964C1F4AFB46F2725E62B] - 28/02/2014 - 18:02:57 ---A- . (...) -- C:\WINDOWS\msmqinst.log [25434]
O44 - LFC:[MD5.D5DCC42F9906649EFD9BB0039A0972E4] - 28/02/2014 - 18:02:57 ---A- . (...) -- C:\WINDOWS\netfxocm.log [6455]
O44 - LFC:[MD5.96DCC10CD18D19F1C49735DE336765B4] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [28827]
O44 - LFC:[MD5.438900ACCD5C5C45924DA4B9D1B34B3F] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [3375]
O44 - LFC:[MD5.5051E440D4028898E5F40138FF55FB49] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\comsetup.log [25475]
O44 - LFC:[MD5.4A652BDF63EF70697EB32BF79A755479] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\iis6.log [94558]
O44 - LFC:[MD5.39D3B53676F68D537CE0635E3C94AC17] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\imsins.log [4566]
O44 - LFC:[MD5.20FC9CCDCF87CD357419DDA039C435F6] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\msgsocm.log [2193]
O44 - LFC:[MD5.93539718436ED1472E23AEED21E37DE2] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [16568]
O44 - LFC:[MD5.D00E168DE8FB46288E399A2FD1F1E6C8] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\ocgen.log [34458]
O44 - LFC:[MD5.2C7F1F952EB7B2ED01CCF933710825BC] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\ocmsn.log [2114]
O44 - LFC:[MD5.2D949029778DAE3B7FAC467A97902C36] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1835]
O44 - LFC:[MD5.A31918726E10D0FAB0CC74ABE4E8E085] - 28/02/2014 - 18:03:01 ---A- . (...) -- C:\WINDOWS\tsoc.log [22894]
~ Files: 41 Legitimates Filtered in 00mn 08s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "E:\majmo3a .scr" [Enabled] .(...) -- E:\majmo3a .scr (.not file.)
O47 - AAKE:Key Export SP - "C:\windows\system32\ZakariaG.jpg.exe" [Enabled] .(.No owner.) -- C:\windows\system32\ZakariaG.jpg.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Athan\Athan.exe" [Enabled] .(.www.IslamicFinder.org.) -- C:\Program Files\Athan\Athan.exe
~ Keys Export: 15 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - 360hotfix.exe - ntsd -d
O50 - IFEO:Image File Execution Options - 360rpt.exe - ntsd -d
O50 - IFEO:Image File Execution Options - 360Safe.exe - ntsd -d =>Trojan.Trojan.Lozavita
O50 - IFEO:Image File Execution Options - 360safebox.exe - ntsd -d =>Trojan.Trojan.Lozavita
O50 - IFEO:Image File Execution Options - 360tray.exe - ntsd -d
O50 - IFEO:Image File Execution Options - adam.exe - ntsd -d
O50 - IFEO:Image File Execution Options - AgentSvr.exe - ntsd -d
O50 - IFEO:Image File Execution Options - AntiArp.exe - ntsd -d
O50 - IFEO:Image File Execution Options - AppSvc32.exe - ntsd -d
O50 - IFEO:Image File Execution Options - arvmon.exe - ntsd -d
O50 - IFEO:Image File Execution Options - AutoGuarder.exe - ntsd -d
O50 - IFEO:Image File Execution Options - autoruns.exe - ntsd -d
O50 - IFEO:Image File Execution Options - avgrssvc.exe - ntsd -d
O50 - IFEO:Image File Execution Options - AvMonitor.exe - ntsd -d
O50 - IFEO:Image File Execution Options - avp.com - ntsd -d
O50 - IFEO:Image File Execution Options - avp.exe - ntsd -d
O50 - IFEO:Image File Execution Options - CCenter.exe - ntsd -d
O50 - IFEO:Image File Execution Options - ccSvcHst.exe - ntsd -d
O50 - IFEO:Image File Execution Options - FileDsty.exe - ntsd -d
O50 - IFEO:Image File Execution Options - findt2005.exe - ntsd -d
O50 - IFEO:Image File Execution Options - FTCleanerShell.exe - ntsd -d
O50 - IFEO:Image File Execution Options - HijackThis.exe - ntsd -d
O50 - IFEO:Image File Execution Options - IceSword.exe - ntsd -d
O50 - IFEO:Image File Execution Options - iparmo.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Iparmor.exe - ntsd -d
O50 - IFEO:Image File Execution Options - IsHelp.exe - ntsd -d
O50 - IFEO:Image File Execution Options - isPwdSvc.exe - ntsd -d
O50 - IFEO:Image File Execution Options - kabaload.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KaScrScn.SCR - ntsd -d
O50 - IFEO:Image File Execution Options - KASMain.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KASTask.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KAV32.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KAVDX.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KAVPFW.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KAVSetup.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KAVStart.exe - ntsd -d
O50 - IFEO:Image File Execution Options - killhidepid.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KISLnchr.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KMailMon.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KMFilter.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KPFW32.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KPFW32X.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KPFWSvc.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KRepair.COM - ntsd -d
O50 - IFEO:Image File Execution Options - KsLoader.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KVCenter.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - KvDetect.exe - ntsd -d
O50 - IFEO:Image File Execution Options - kvfw.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KvfwMcl.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KVMonXP.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - KVMonXP_1.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - kvol.exe - ntsd -d
O50 - IFEO:Image File Execution Options - kvolself.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KvReport.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - KVScan.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - KVSrvXP.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KVStub.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - kvupload.exe - ntsd -d
O50 - IFEO:Image File Execution Options - kvwsc.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KvXP.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - KvXP_1.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - KWatch.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KWatch9x.exe - ntsd -d
O50 - IFEO:Image File Execution Options - KWatchX.exe - ntsd -d
O50 - IFEO:Image File Execution Options - LiveUpdate360.exe - ntsd -d
O50 - IFEO:Image File Execution Options - loaddll.exe - ntsd -d
O50 - IFEO:Image File Execution Options - MagicSet.exe - ntsd -d
O50 - IFEO:Image File Execution Options - mcconsol.exe - ntsd -d
O50 - IFEO:Image File Execution Options - mmqczj.exe - ntsd -d
O50 - IFEO:Image File Execution Options - mmsk.exe - ntsd -d
O50 - IFEO:Image File Execution Options - NAVSetup.exe - ntsd -d
O50 - IFEO:Image File Execution Options - nod32krn.exe - ntsd -d
O50 - IFEO:Image File Execution Options - nod32kui.exe - ntsd -d
O50 - IFEO:Image File Execution Options - PFW.exe - ntsd -d
O50 - IFEO:Image File Execution Options - PFWLiveUpdate.exe - ntsd -d
O50 - IFEO:Image File Execution Options - QHSET.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Ras.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Rav.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RavCopy.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RavMon.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RavMonD.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RavStore.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RavStub.exe - ntsd -d
O50 - IFEO:Image File Execution Options - ravt08.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RavTask.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RegClean.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RegEx.exe - ntsd -d
O50 - IFEO:Image File Execution Options - rfwcfg.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RfwMain.exe - ntsd -d
O50 - IFEO:Image File Execution Options - rfwolusr.exe - ntsd -d
O50 - IFEO:Image File Execution Options - rfwProxy.exe - ntsd -d
O50 - IFEO:Image File Execution Options - rfwsrv.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RsAgent.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Rsaupd.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RsMain.exe - ntsd -d
O50 - IFEO:Image File Execution Options - rsnetsvr.exe - ntsd -d
O50 - IFEO:Image File Execution Options - RSTray.exe - ntsd -d
O50 - IFEO:Image File Execution Options - runiep.exe - ntsd -d
O50 - IFEO:Image File Execution Options - safebank.exe - ntsd -d
O50 - IFEO:Image File Execution Options - safeboxTray.exe - ntsd -d
O50 - IFEO:Image File Execution Options - safelive.exe - ntsd -d
O50 - IFEO:Image File Execution Options - scan32.exe - ntsd -d
O50 - IFEO:Image File Execution Options - ScanFrm.exe - ntsd -d
O50 - IFEO:Image File Execution Options - shcfg32.exe - ntsd -d
O50 - IFEO:Image File Execution Options - smartassistant.exe - ntsd -d
O50 - IFEO:Image File Execution Options - SmartUp.exe - ntsd -d
O50 - IFEO:Image File Execution Options - SREng.exe - ntsd -d
O50 - IFEO:Image File Execution Options - SREngPS.exe - ntsd -d
O50 - IFEO:Image File Execution Options - symlcsvc.exe - ntsd -d
O50 - IFEO:Image File Execution Options - syscheck.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Syscheck2.exe - ntsd -d
O50 - IFEO:Image File Execution Options - SysSafe.exe - ntsd -d
O50 - IFEO:Image File Execution Options - ToolsUp.exe - ntsd -d
O50 - IFEO:Image File Execution Options - TrojanDetector.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Trojanwall.exe - ntsd -d
O50 - IFEO:Image File Execution Options - TrojDie.kxp - ntsd -d
O50 - IFEO:Image File Execution Options - UIHost.exe - ntsd -d
O50 - IFEO:Image File Execution Options - UmxAgent.exe - ntsd -d
O50 - IFEO:Image File Execution Options - UmxAttachment.exe - ntsd -d
O50 - IFEO:Image File Execution Options - UmxCfg.exe - ntsd -d
O50 - IFEO:Image File Execution Options - UmxFwHlp.exe - ntsd -d
O50 - IFEO:Image File Execution Options - UmxPol.exe - ntsd -d
O50 - IFEO:Image File Execution Options - UpLive.exe - ntsd -d
O50 - IFEO:Image File Execution Options - WoptiClean.exe - ntsd -d
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
O50 - IFEO:Image File Execution Options - zxsweep.exe - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{03bd8356-94d9-11e3-b90f-000ffe0c03e0}\AutoRun\command. (...) -- E:\SysAnti.exe
O51 - MPSK:{17e2489e-9423-11e3-b90c-000ffe0c03e0}\AutoRun\command. (...) -- F:\GuelmimG.bat (.not file.)
O51 - MPSK:{1b0f78ab-9b23-11e3-b937-000ffe0c03e0}\AutoRun\command. (...) -- G:\SysAnti.exe
O51 - MPSK:{70fcf93a-9e2b-11e3-94d5-806d6172696f}\AutoRun\command. (...) -- D:\SysAnti.exe
O51 - MPSK:{70fcf93b-9e2b-11e3-94d5-806d6172696f}\AutoRun\command. (...) -- E:\SysAnti.exe
O51 - MPSK:{df5b66b7-64d0-11e3-a1a3-806d6172696f}\AutoRun\command. (...) -- C:\SysAnti.exe
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 8 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.0245919463D54A8E20043030BAA9A36F] - 08/11/2013 - 00:41:38 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121184]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.D26E26EA516450AF9D072635C60387F4] - 17/07/2004 - 10:36:38 ---A- . (...) -- C:\WINDOWS\system32\Drivers\secdrv.sys [27440]
O58 - SDL:[MD5.F1771926A47A18BD3A3EDAC334FC78E0] - 15/08/2006 - 16:48:18 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\WINDOWS\system32\Drivers\smsens.sys [3744]
O58 - SDL:[MD5.86D17B6760DD2B09E932FF101714E0DC] - 15/08/2006 - 16:48:20 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys [612416]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 8 Legitimates Filtered in 00mn 05s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 02/03/2014 - C:\WINDOWS\system32\drivers\tolln.sys (abp470n5) .(...) - LEGACY_ABP470N5
~ Legacy: 104 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- Bad: (%1) Good: ("%1" /S) =>Broken.OpenCommand
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 02/03/2014 11:28:02

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E19BC] >> \Device\Harddisk0\DR0[0x8635BAB8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 02/03/2014 11:28:04

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 2

[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\Movies Toolbar =>PUP.MoviesToolbar^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Documents and Settings\Administrateur\Application Data\newnext.me =>PUP.NextLive^
C:\Program Files\OneStopSoft.com =>PUP.Dealio
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
Bad: (%1) Good: ("%1" /S) =>Broken.OpenCommand^
~ Additionnel Scan: 79739 Items scanned in 00mn 39s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/28274469-trojan-lozavita =>Trojan.Lozavita
~ http://nicolascoolman.webs.com/apps/blog/show/34922153-broken-opencommand =>Broken.OpenCommand
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ MSI: 9 link(s) detected in 00mn 39s



~ 600 Legitimates filtered by white list
End of the scan (589 lines in 04mn 04s)(0)

Publicité


Signaler le contenu de ce document

Publicité