cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.3.2 - Nicolas Coolman (14/04/03)
~ Launched by usar (14/04/04 10:35:59 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Kaspersky Internet Security 2012 v12.0.0.445
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.5.0216.0
Windows Defender W7

---\\ System optimization software
CCleaner v4.04 =>.Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Extended Asian Language font pack for Adobe Reader XI

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3996.4 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 256 GB (74%) free of 344 GB

---\\ Connection to the system mode
~ Computer Name: USAR-VAIO
~ User Name: usar
~ All Users Names: usar, HomeGroupUser$, Guest, boinc_project, boinc_master, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\usar\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\usar\AppData\Roaming\
~ %Desktop% : C:\Users\usar\Desktop\
~ %Favorites% : C:\Users\usar\Favorites\
~ %LocalAppData% : C:\Users\usar\AppData\Local\
~ %StartMenu% : C:\Users\usar\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 256 Go of 344 Go)
D: Hard drive, Flash drive, Thumb drive (Free 301 Go of 336 Go)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.12/02/24 - 3:18:12 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.09/07/14 - 4:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions for Win32.) (.14/03/01 - 6:10:28 AM.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.10/11/21 - 6:24:29 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.10/11/21 - 6:24:16 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/28 - 4:09:10 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.09/07/14 - 4:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.09/07/14 - 2:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/11/21 - 6:23:47 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/11/21 - 6:24:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/11/21 - 6:23:47 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.09/07/14 - 2:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.09/07/14 - 3:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/02/24 - 3:19:14 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.10/11/21 - 6:23:51 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.13/04/12 - 5:45:08 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.09/07/14 - 3:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.10/11/21 - 6:24:33 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.09/07/14 - 3:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.10/11/21 - 6:24:32 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.10/11/21 - 6:23:47 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 01mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/1912
~ Mes musiques (My Musics) : 1/294
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 4/1170
~ Mon Bureau (My Desktop) : 1/91
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 09mn AMs



---\\ Process running
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2712]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2920]
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.4444]
[MD5.AFD97C5447694706A163191669C41E91] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3417496] [PID.4840]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.4968]
[MD5.5425B0E1A2FBEE08E5FE3F8A54FE487F] - (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632] [PID.3844]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\usar\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.4484]
[MD5.766AE515B1749F2141E418CC6C08515B] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4932]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4436]
[MD5.77D4E46F41422F16142141500E5B9FFB] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296] [PID.1984]
[MD5.4AD491D49890D794BFA77AAB935046C5] - (.Sony Corporation - No Comment.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552] [PID.4452]
[MD5.E8DD2FBC10895C0814FD4620AEFCF8D6] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608] [PID.4812]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.4556]
[MD5.70A557DA33B3A02FDBC79DC346C7DE5E] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAB8SWK.exe [1121488] [PID.4964]
[MD5.6A0ECAE50765D6F586D8ADAEFDFA0ABC] - (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400] [PID.4856]
[MD5.AA3004465D20683EBD3B375FD29E338B] - (.FastLink - FastLink.) -- C:\Program Files (x86)\FastLink\fastlink.exe [199680] [PID.4184]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.5396]
[MD5.1BB5FF1FBB115602250440D4D03524A8] - (.No owner - Keyboard Shortcuts.) -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [477816] [PID.5288]
[MD5.7AD788C1A3F8F7C2C87E903BA01C16A1] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [148888] [PID.4852]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [263600] [PID.6584]
[MD5.ED561B00BA0DB6F4A51D711A8720395C] - (.Digital Delivery Networks, Inc. - VAIO Messenger.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [1498024] [PID.3644]
[MD5.EC302A12B14F31BD4DA7AA448C1ABF73] - (.Sony of America Corporation - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [82592] [PID.3736]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.5516]
[MD5.E75DA1FAAFC9B69CCD0940F95C9D1CF7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8182272] [PID.7588]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1828]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1860]
[MD5.F2E8CEFC8CF4D6454F4121C5FF93136A] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [193696] [PID.2488]
[MD5.BE531939BB6D153DB63DBBFBD398A713] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584] [PID.2544]
[MD5.33E9F08F675EF94633C8EF8A7C4EADF3] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608] [PID.2576]
[MD5.9571D8BDB56EBC52280E8020574508E6] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.2788]
[MD5.DBD76BC1D498FE368F2C8CB76C3E00A4] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2816]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2844]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2864]
[MD5.9C4D0DE187CBC24F658C52EFC93B1C73] - (.Sony Corporation - Device Information Provider.) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960] [PID.2896]
[MD5.9EA47AA97D15BCC50A0F0B78CBD8E768] - (...) -- C:\ProgramData\reber Quick\OnlineUpdate\ouc.exe [655712] [PID.2944]
[MD5.203FD19D70549A2939E1AE3A36608151] - (.Sony Corporation - VAIO Control Center (Service Module).) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe [65464] [PID.2092]
[MD5.F9EC5EFA299862FF3AED3EF5D17E4174] - (.Sony Corporation - VAIO Control Center (Service Sub Module).) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe [183432] [PID.2384]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.3128]
[MD5.A5B25E310678175F4779499FFF7D0994] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880] [PID.3136]
[MD5.C3BB6CF8F9EE199005A2AAE2815AD756] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [724376] [PID.5988]
[MD5.CE565CA700A87863DC792163E2942628] - (.Nokia - Serial Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe [126872] [PID.5108]
[MD5.7D4B9A48430ED57ACA6373B71D5904CA] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6412]
[MD5.86E4CC39C953D11EF57CF54C4DC78238] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.6060]
[MD5.5B4E5D841B029EDF5FFB71E50C2D2C02] - (.Digital Delivery Networks, Inc. - Oasis2Service.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440] [PID.3068]
[MD5.D076011ECD0D1310E879F32EBF3B4886] - (.Sony Corporation - VAIOCare.) -- C:\Program Files\Sony\VAIO Care\VCService.exe [54432] [PID.2832]
[MD5.1FE69F3C1CA1CF4B7EC7E2E9090FFFDC] - (.ArcSoft, Inc. - MgiSvr.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024] [PID.2984]
[MD5.D80B1075B69B57A3AB78F750CE463ECE] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.6512]
~ Processes Running: Scanned in 03mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\usar\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.12.0.0.445 (Désactivé)
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.12.0.0.445 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.12.0.0.445 (Désactivé)

---\\ Google Chrome Extension Folder

~ Google Lines Browser: 15 Legitimates Filtered in 02mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Curro's World.lnk . (.Auralog - Kids application.) -- C:\tell me more kids\kids_cd3\bin\kids.exe
O4 - GS\Desktop [Public]: DOSBox 0.74.lnk . (.DOSBox Team - DOSBox DOS Emulator.) -- C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe
O4 - GS\Desktop [Public]: MobileWiFi.lnk - Orphan key
O4 - GS\Desktop [Public]: Reader for PC.lnk . (.Sony Corporation - Reader for PC.) -- C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe
O4 - GS\Desktop [Public]: reber Quick.lnk . (...) -- C:\Program Files (x86)\reber Quick\reber Quick.exe
O4 - GS\Program [Public]: Keyboard Shortcuts.lnk . (...) -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
O4 - GS\QuickLaunch [usar]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [usar]: FastLink.lnk . (.FastLink - FastLink.) -- C:\Program Files (x86)\FastLink\fastlink.exe
O4 - GS\TaskBar [usar]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [usar]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [usar]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [usar]: 4 Elements.lnk . (...) -- C:\Program Files (x86)\Puzzle-1\4 Elements\4 Elements.exe
O4 - GS\Desktop [usar]: 7 Wonders II.lnk . (...) -- C:\Program Files (x86)\Puzzle-1\7 Wonders II\7 Wonders II.exe
O4 - GS\Desktop [usar]: Any Video Converter Professional.lnk . (.Any-Video-Converter.com - Any Video Converter.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\VideoConvPro.exe
O4 - GS\Desktop [usar]: Azkend.lnk . (...) -- C:\Program Files (x86)\Puzzle-1\Azkend\Azkend.exe
O4 - GS\Desktop [usar]: Azteca.lnk . (.INTENIUM GmbH - Azteca.) -- C:\Program Files (x86)\Puzzle-1\Azteca\Azteca.exe
O4 - GS\Desktop [usar]: BitLord.lnk . (...) -- C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe (.not file.) =>Adware.WhenUSave
O4 - GS\Desktop [usar]: Director 11.lnk . (.Adobe Systems, Inc. - Adobe Projector.) -- C:\Program Files (x86)\Puzzle-1\Adventure Chronicles\AdventureChronicles.exe
O4 - GS\Desktop [usar]: FairyTale.lnk . (...) -- C:\Program Files (x86)\Puzzle-1\A Fairy Tale\FairyTale.exe
O4 - GS\Desktop [usar]: FBReader.lnk . (...) -- C:\Program Files (x86)\FBReader\FBReader.exe
O4 - GS\Desktop [usar]: games - Shortcut.lnk - Orphan key
O4 - GS\Desktop [usar]: ThreeDays.lnk . (...) -- C:\Program Files (x86)\Puzzle-1\3 Days Zoo Mystery\ThreeDays.exe
O4 - GS\Desktop [usar]: xndjAliceGameWin32.lnk . (...) -- C:\Program Files (x86)\Puzzle-1\Alice Greenfingers\AliceGreenfingers.exe
O4 - GS\Desktop [boinc_master]: FBReader.lnk . (...) -- C:\Program Files (x86)\FBReader\FBReader.exe
~ Global Startup: 104 Legitimates Filtered in 09mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [usar]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\usar\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\usar\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [Mobile Partner] Orphan key
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - No Comment.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NSU_agent] . (...) -- C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe =>.Nokia
O4 - HKLM\..\Wow6432Node\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [FastLink] . (.FastLink - FastLink.) -- C:\Program Files (x86)\FastLink\fastlink.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2802129352-2640948802-1884021771-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2802129352-2640948802-1884021771-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2802129352-2640948802-1884021771-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\usar\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-2802129352-2640948802-1884021771-1000\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-2802129352-2640948802-1884021771-1000\..\Run: [Mobile Partner] Orphan key
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Virtual Keyboard [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: URLs c&heck [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{02129B8B-BC3E-4606-8FF7-BBF7D74B20E6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A88B289-0DE9-49D6-AA7B-C2553154B9FF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7394FF7D-57BE-4914-A463-D37AC7437830}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE8514A-6471-4164-B844-B18CC0E34BF7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{02129B8B-BC3E-4606-8FF7-BBF7D74B20E6}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A88B289-0DE9-49D6-AA7B-C2553154B9FF}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7394FF7D-57BE-4914-A463-D37AC7437830}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE8514A-6471-4164-B844-B18CC0E34BF7}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{02129B8B-BC3E-4606-8FF7-BBF7D74B20E6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A88B289-0DE9-49D6-AA7B-C2553154B9FF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7394FF7D-57BE-4914-A463-D37AC7437830}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE8514A-6471-4164-B844-B18CC0E34BF7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02129B8B-BC3E-4606-8FF7-BBF7D74B20E6}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A88B289-0DE9-49D6-AA7B-C2553154B9FF}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{7394FF7D-57BE-4914-A463-D37AC7437830}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE8514A-6471-4164-B844-B18CC0E34BF7}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{02129B8B-BC3E-4606-8FF7-BBF7D74B20E6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A88B289-0DE9-49D6-AA7B-C2553154B9FF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7394FF7D-57BE-4914-A463-D37AC7437830}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7DE8514A-6471-4164-B844-B18CC0E34BF7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02129B8B-BC3E-4606-8FF7-BBF7D74B20E6}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A88B289-0DE9-49D6-AA7B-C2553154B9FF}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{7394FF7D-57BE-4914-A463-D37AC7437830}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{7DE8514A-6471-4164-B844-B18CC0E34BF7}: DhcpDomain = www.huaweimobilewifi.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Energy Server Service (ESRV_SVC) . (...) - C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: (Oasis2Service) . (.Digital Delivery Networks, Inc. - Oasis2Service.) - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: reber Quick. OUC (reber Quick. RunOuc) . (...) - C:\Program Files (x86)\reber Quick\UpdateDog\ouc.exe
O23 - Service: Microsoft Ms (Service1) . (...) - C:\Windows\syswow64\service.exe (.not file.)
~ Services: 26 Legitimates Filtered in 08mn AMs



---\\ Task Planned Automatically (039)
[MD5.DE54B81B68132B3716EAF95DBF66A59F] [APT] [DDNi Startup] (.Digital Delivery Networks, Inc..) -- C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [12200]
[MD5.ED561B00BA0DB6F4A51D711A8720395C] [APT] [VAIOr Messenger (Administrator)] (.Digital Delivery Networks, Inc..) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [1498024]
[MD5.ED561B00BA0DB6F4A51D711A8720395C] [APT] [VAIOr Messenger (usar)] (.Digital Delivery Networks, Inc..) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [1498024]
~ Scheduled Task: 31 Legitimates Filtered in 07mn AMs



---\\ Drivers launched at startup (O41)
O41 - Driver: (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys =>PUP.LinkiDoo
~ Drivers: 72 Legitimates Filtered in 10mn AMs



---\\ Software installed (O42)
O42 - Logiciel: BitLord 2.3 - (.House of Life.) [HKLM][64Bits] -- BitLord =>Adware.WhenUSave
O42 - Logiciel: Curro's World - (...) [HKLM][64Bits] -- TellmeMoreKids_CM
O42 - Logiciel: Mega Browse - (.Mega Browse.) [HKLM][64Bits] -- Mega Browse =>PUP.MegaBrowse
O42 - Logiciel: Oasis2Service - (.DDNi.) [HKLM][64Bits] -- {E50FC5DB-7CBD-407D-A46E-0C13E45BC386}
O42 - Logiciel: Puzzle-1 - (.shamfuture.) [HKLM][64Bits] -- Puzzle-11.0
~ Logic: 32 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\FastLink]
[HKCU\Software\FreewareFiles]
[HKCU\Software\Mega Browse] =>PUP.MegaBrowse
[HKLM\Software\Wow6432Node\DDNi]
[HKLM\Software\Wow6432Node\Mega Browse] =>PUP.MegaBrowse
~ Key Software: 369 Legitimates Filtered in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 13/07/05 - 1:58:46 PM - [12.240] ----D C:\Program Files (x86)\DDNi
O43 - CFD: 14/03/14 - 2:26:18 AM - [0.251] ----D C:\Program Files (x86)\FastLink
O43 - CFD: 14/04/04 - 10:21:47 PM - [1.212] ----D C:\Program Files (x86)\Mega Browse =>PUP.MegaBrowse
O43 - CFD: 14/03/14 - 10:04:20 PM - [13.849] ----D C:\Program Files (x86)\MobileWiFi
O43 - CFD: 13/07/02 - 6:53:21 PM - [1066.185] ----D C:\Program Files (x86)\Puzzle-1
O43 - CFD: 12/10/24 - 8:08:30 AM - [80.020] ----D C:\Program Files (x86)\reber Quick
O43 - CFD: 12/04/27 - 5:02:30 PM - [104.820] ----D C:\ProgramData\DDNi
O43 - CFD: 13/09/07 - 10:52:14 PM - [11.386] ----D C:\ProgramData\Promote Installer
O43 - CFD: 12/10/24 - 8:08:30 AM - [26.944] ----D C:\ProgramData\reber Quick
O43 - CFD: 12/04/27 - 3:34:24 PM - [8.668] ----D C:\ProgramData\wcg
O43 - CFD: 13/07/05 - 1:59:59 PM - [13.755] --H-D C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
O43 - CFD: 13/11/04 - 5:05:37 PM - [27.641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 14/03/10 - 7:29:34 PM - [0.000] ----D C:\Users\usar\AppData\Roaming\(1C-AF-05-75-96-BC)
O43 - CFD: 12/11/12 - 11:08:22 PM - [0.059] ----D C:\Users\usar\AppData\Roaming\(D4-5D-42-FC-DC-C6)
O43 - CFD: 14/03/16 - 2:43:01 PM - [0.001] ----D C:\Users\usar\AppData\Roaming\FairyTale
O43 - CFD: 13/07/08 - 11:21:08 PM - [0.001] ----D C:\Users\usar\AppData\Roaming\Reflexive 3 Days Zoo Mystery
O43 - CFD: 13/07/02 - 6:53:41 PM - [0.012] ----D C:\Users\usar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puzzle-1
~ 5 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 217 Legitimates Filtered in 30mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.9119E153CB40416D630A904804E05EDC] - 14/03/27 - 2:17:08 PM ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.71B94510A996199A75660C47D013F3F1] - 14/04/04 - 10:22:39 PM ---A- . (...) -- C:\Windows\win.ini [580]
~ Files: 11 Legitimates Filtered in 05mn AMs



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.9CF65FEE39937B2D562BA1D4268C70F3] - 14/03/30 - 6:32:15 PM ---A- - C:\Windows\Prefetch\FASTLINK.EXE-50B72406.pf
O45 - LFCP:[MD5.1018567924775843BA2CCEFE5CA0DF52] - 14/03/31 - 10:03:05 AM ---A- - C:\Windows\Prefetch\UTILMEGABROWSE.EXE-74319255.pf
O45 - LFCP:[MD5.767DC12EE5C2CA4E51C7092024E13225] - 14/04/01 - 10:18:08 AM ---A- - C:\Windows\Prefetch\VCRT_CHECK.EXE-B02CE7A4.pf
O45 - LFCP:[MD5.AFE4572099F9FCD64F7D08EF06B201A1] - 14/04/01 - 10:18:09 AM ---A- - C:\Windows\Prefetch\MATLAB.EXE-ACF8DFE1.pf
O45 - LFCP:[MD5.5D538FB77EE65F329A9227327BAFAD58] - 14/04/01 - 10:18:09 AM ---A- - C:\Windows\Prefetch\VCRT_CHECK.EXE-BB130782.pf
O45 - LFCP:[MD5.28E3417B9A097AA1D3946F54EF13CFB1] - 14/04/01 - 10:18:57 AM ---A- - C:\Windows\Prefetch\MATLAB.EXE-5151639D.pf
O45 - LFCP:[MD5.1E69425D23CEAC8E476E5C4B2B6006AA] - 14/04/03 - 11:37:24 PM ---A- - C:\Windows\Prefetch\UPDATEMEGABROWSE.EXE-77C1757D.pf
O45 - LFCP:[MD5.E62CDAEED420524F36E516FE294086A5] - 14/04/04 - 10:07:40 PM ---A- - C:\Windows\Prefetch\VCSYSTEMTRAY.EXE-9E70A9A4.pf
O45 - LFCP:[MD5.BEA5A259B334A615D258FC996636BD61] - 14/04/04 - 10:22:10 PM ---A- - C:\Windows\Prefetch\XTLSAPP.EXE-F9E066AF.pf
O45 - LFCP:[MD5.D34B42B5EAFBC20F434463831960A1AF] - 14/04/04 - 10:26:29 PM ---A- - C:\Windows\Prefetch\ESRV_SVC.EXE-C8357239.pf
O45 - LFCP:[MD5.1D728D167A6875CE1ED9398F9E83E36E] - 14/04/04 - 10:26:39 PM ---A- - C:\Windows\Prefetch\OASIS2SERVICE.EXE-D7323A19.pf
O45 - LFCP:[MD5.6063975B94E265B5BCB35C229AB90F9F] - 14/04/04 - 10:27:49 PM ---A- - C:\Windows\Prefetch\VCADMIN.EXE-AE617BE8.pf
O45 - LFCP:[MD5.67454EF193AAB11276BAAB2A8C51D60E] - 14/04/04 - 10:27:50 PM ---A- - C:\Windows\Prefetch\UCAMMONITOR.EXE-C92C4283.pf
O45 - LFCP:[MD5.FB830C1668B51F0D41695D57A6E266A8] - 14/04/04 - 10:28:50 PM ---A- - C:\Windows\Prefetch\VIM.EXE-D4892AE9.pf
O45 - LFCP:[MD5.3BBC4D826403482AE16CD2C6E4B68E7B] - 14/04/04 - 10:29:44 PM ---A- - C:\Windows\Prefetch\VPMLM.EXE-0A0DD004.pf
O45 - LFCP:[MD5.1B30DBB29E7ED5AACAEB6B0BA825D27D] - 14/04/04 - 10:36:47 PM ---A- - C:\Windows\Prefetch\RUNLIVEUPD.EXE-830536CA.pf
O45 - LFCP:[MD5.C34A1B5EB8313EE5A70E3AAEE5FDB55F] - 14/04/04 - 10:36:48 PM ---A- - C:\Windows\Prefetch\LIVEUPD.EXE-F026F441.pf
O45 - LFCP:[MD5.24B4A895F352D3BC0106822035DCECF1] - 14/04/04 - 10:36:49 PM ---A- - C:\Windows\Prefetch\LIVEUPD.EXE-9C885DA8.pf
O45 - LFCP:[MD5.F864F897DD8C9CA3A524CEB1AB050439] - 14/04/04 - 1:54:22 PM ---A- - C:\Windows\Prefetch\NCLINSTALLER64.EXE-051AE42A.pf
O45 - LFCP:[MD5.541593E9A4E6D1B4E66DB27841201D7B] - 14/04/04 - 1:54:30 PM ---A- - C:\Windows\Prefetch\ESRV.EXE-D99C9F8A.pf
O45 - LFCP:[MD5.DDD953FB0E28711F267A800C30A840D3] - 14/04/04 - 2:02:35 PM ---A- - C:\Windows\Prefetch\VAIO MESSENGER.EXE-267B2BD8.pf
O45 - LFCP:[MD5.4C9931421A5CD889C692D9EFCB2665BF] - 14/04/04 - 4:29:49 PM ---A- - C:\Windows\Prefetch\FILTERAPP_C64.EXE-D1381D1A.pf
O45 - LFCP:[MD5.CB20FFBC44B38BF62F37E72599BC44D0] - 14/04/04 - 5:41:31 PM ---A- - C:\Windows\Prefetch\VCGU.EXE-868BBCBF.pf
O45 - LFCP:[MD5.5E0339C71137CFE39E85711CCEA27B32] - 14/04/04 - 5:41:31 PM ---A- - C:\Windows\Prefetch\VESSHELLEXEPROXY.EXE-44BF3926.pf
O45 - LFCP:[MD5.44B039C89E8B9827A0D4A58CB6892171] - 14/04/04 - 6:12:32 PM ---A- - C:\Windows\Prefetch\VIUPLOADER.EXE-61B0405C.pf
O45 - LFCP:[MD5.4BC1906D436083C7077DBD396BED17B8] - 14/04/04 - 9:26:40 PM ---A- - C:\Windows\Prefetch\GLOBALATOMTABLE.EXE-7FD9462A.pf
~ Prefetcher: 26 Legitimates Filtered in 00mn AMs



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{103f7725-ab43-11e3-a9f4-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{103f779b-ab43-11e3-a9f4-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{148208e1-2215-11e2-bb9f-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{148208e3-2215-11e2-bb9f-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{148208e5-2215-11e2-bb9f-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{279bec6d-2414-11e2-ad8e-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{2b1b34ca-20ef-11e2-ab0d-806e6f6e6963}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{618ae34c-ad13-11e2-b144-001e101f1ed9}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6925ccc4-3091-11e2-ae53-001e101f4e71}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6c6e043d-1d98-11e2-81cc-30f9edadce7e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{6c6e0441-1d98-11e2-81cc-001e101faa49}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{8ec8c895-a939-11e3-a958-001e101fe70e}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{db040774-b340-11e3-ad27-642737b4d08c}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.4119870B90E1B5E7797D6433D21F9216] - 12/02/24 - 2:57:58 AM ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [51872]
O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 14/01/30 - 8:52:33 PM ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:[MD5.A59EF07C958A58E797DC0101B3498EC1] - 14/03/21 - 12:57:20 AM ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [35352]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 09/07/14 - 4:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 10/10/08 - 11:59:40 AM ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 09/06/10 - 11:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.71359FC89451BF54FA06F049D3A87ADF] - 11/07/06 - 6:14:42 PM ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [145008]
O58 - SDL:[MD5.1ED7A8574A28357097A5CB4063C96B00] - 12/11/07 - 2:28:46 AM ---A- . (...) -- C:\Windows\System32\Drivers\semav6thermal64ro.sys [13792]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 09/07/14 - 4:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.43228F8EDD1B0BCDD3145AD246E63D39] - 12/09/28 - 10:32:56 AM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [53760]
O58 - SDL:[MD5.9119E153CB40416D630A904804E05EDC] - 14/03/27 - 2:17:08 PM ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 18 Legitimates Filtered in 06mn AMs



---\\ Last modified or created user files (O61)
O61 - LFC: 14/04/01 - 10:41:11 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\MATLABDesktop.xml [12245]
O61 - LFC: 14/04/01 - 10:41:11 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\cwdhistory.m [92]
O61 - LFC: 14/04/01 - 10:41:11 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\history.m [14554]
O61 - LFC: 14/04/01 - 10:41:11 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\matlab.settings [6256]
O61 - LFC: 14/04/01 - 10:41:12 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\MATLAB_Editor_State.xml [490]
O61 - LFC: 14/04/01 - 10:41:12 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\publish_configurations.m [1291]
O61 - LFC: 14/04/01 - 10:41:12 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\run_commands.m [220]
O61 - LFC: 14/04/01 - 10:41:12 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\MathWorks\MATLAB\R2013a\toolbox_cache-8.1.0-1491995710-win64.xml [2359279]
O61 - LFC: 14/04/03 - 10:41:35 PM ---A- . (...) -- C:\Users\usar\Downloads\Compressed\ECDLICDLWordProcessing-Syllabus-V5.0-SamplePart-Tests-MS2013-V1-01.zip [205765]
O61 - LFC: 14/04/03 - 10:41:50 PM ---A- . (...) -- C:\Users\usar\Downloads\Documents\Module-3-Sample-Test-Questions.pdf [274446]
O61 - LFC: 14/04/03 - 10:42:13 PM ---A- . (...) -- C:\Users\usar\Downloads\sample_tests (1).doc [600576]
O61 - LFC: 14/04/03 - 10:42:13 PM ---A- . (...) -- C:\Users\usar\Downloads\sample_tests.doc [600576]
O61 - LFC: 14/04/04 - 10:38:56 PM ---A- . (...) -- C:\Users\usar\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [270423]
O61 - LFC: 14/04/04 - 10:39:02 PM ---A- . (...) -- C:\Users\usar\AppData\Local\Google\Chrome\User Data\Local State [65576]
O61 - LFC: 14/04/04 - 10:41:23 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\ZHP\Log.txt [21425] =>.Nicolas Coolman
O61 - LFC: 14/04/04 - 10:41:23 PM ---A- . (...) -- C:\Users\usar\AppData\Roaming\ZHP\TestsZHPDiag.txt [2822] =>.Nicolas Coolman
O61 - LFC: 14/04/04 - 10:41:38 PM ---A- . (...) -- C:\Users\usar\Downloads\Documents\1100Doc2.pdf [1920664]
O61 - LFC: 14/04/04 - 10:41:50 PM ---A- . (...) -- C:\Users\usar\Downloads\Documents\mod3.2.pdf [45112]
O61 - LFC: 14/04/04 - 10:42:09 PM ---A- . (...) -- C:\Users\usar\Downloads\Programs\AdwCleaner_2.exe [1426178]
O61 - LFC: 14/04/04 - 10:42:15 PM ---A- . (...) -- C:\Users\usar\Downloads\Talkative_wife.mp4 [3652379]
~ 46 Fichiers temporaires (Temporary files)
~ Files: 263 Legitimates Filtered in 03mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 12/11/07 - C:\Windows\system32\drivers\semav6thermal64ro.sys (semav6thermal64ro) .(...) - LEGACY_SEMAV6THERMAL64RO
O64 - Services: CurCS - 14/03/27 - C:\Windows\System32\drivers\wStLibG64.sys (wStLibG64) .(.StdLib - StdLib.) - LEGACY_WSTLIBG64 =>PUP.LinkiDoo
~ Legacy: 75 Legitimates Filtered in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 71213E3BA6144B92B5FE432DC638313F - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.F38E92C1AA2BBC3B8D8EABDD1BBA4F09] [SPRF][14/01/30] (...) -- C:\ProgramData\patch.dll [152]
[MD5.9DEEDEB94FC5CB2203C5D907405AFA89] [SPRF][13/01/10] (.ThinkSky - One-stop ios device manager.) -- C:\Users\usar\Desktop\iTools.exe [6863200]
~ Files: 3 Legitimates Filtered in 00mn AMs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{83DB2897-2E9C-4D10-A698-11A5E06AEFCA}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe (.not file.) =>Adware.WhenUSave
O87 - FAEL: "{C4EFFE4E-8629-4C8E-9647-49C19679D427}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe (.not file.) =>Adware.WhenUSave
~ Firewall: 214 Legitimates Filtered in 01mn AMs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "1E4E2D20F1760A94380E03157F9FFF2E" . (.FastLink Launcher.) -- C:\Windows\Installer\{02D2E4E1-671F-49A0-83E0-3051F7F9FFE2}\_853F67D554F05449430E7E.exe
O90 - PUC: "1FD60E97EF421E1119F30FD42AA3C585" . (.DVD Architect Studio 5.0.) -- C:\Windows\Installer\{79E06DF1-24FE-11E1-913F-F04DA23A5C58}\dvdarchst.ico
O90 - PUC: "4B4798EFC974ABD45844E93524BA2BA6" . (.Keyboard_Shortcuts.) -- C:\Windows\Installer\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}\ARPPRODUCTICON.exe
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 160 Legitimates Filtered in 00mn AMs



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: Safe Run shared folder - {047DDC7E-F9C2-11DD-A093-79D855D89593}
O92 - MNS: iCloud Photos - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 3 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.50B328755F8A4B5BEF7635306CA94D38] [WIS][14/03/14] (.FastLink - FastLink.) -- C:\Windows\Installer\182be.msi [753152]
[MD5.2A462F2C9C5DDD2D7949F9B19CB693CA] [WIS][14/03/15] (.Google - Google Talk Plugin Installer.) -- C:\Windows\Installer\365d053.msi [5429760]
~ WIS: 165 Legitimates Filtered in 07mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/03/18 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 14/03/14 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/03/14 274200 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/03/22 112256 | (DCDhcpService) . (.Atheros Communication Inc..) - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
SS - | Auto 12/10/23 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/10/23 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 11/12/23 655712 | (reber Quick. RunOuc) . (...) - C:\Program Files (x86)\reber Quick\UpdateDog\ouc.exe
SS - | Auto 58/07/11 0 | (Service1) . (...) - C:\Windows\syswow64\service.exe
SS - | Auto 13/09/05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 12/01/07 138392 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
SS - | Demand 12/01/07 74904 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
SS - | Demand 13/11/26 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SS - | Demand 11/12/01 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
SS - | Demand 13/02/22 427432 | (USER_ESRV_SVC) . (...) - C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
SS - | Demand 12/01/10 535688 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SS - | Demand 11/12/30 960160 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
SS - | Demand 11/12/21 550128 | (VcmIAlzMgr) . (.Sony Corporation.) - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
SS - | Demand 11/12/21 382720 | (VcmINSMgr) . (.Sony Corporation.) - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
SS - | Demand 11/08/27 101600 | (VcmXmlIfHelper) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
SS - | Demand 09/07/14 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/12/21 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/02/12 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 12/02/24 106144 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 11/12/23 202296 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
SR - | Auto 13/12/16 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SR - | Demand 13/12/16 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 11/08/30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 13/02/22 427432 | (ESRV_SVC) . (...) - C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
SR - | Auto 13/10/28 351824 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/11/30 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 12/02/08 2429544 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 12/02/03 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 12/03/13 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 14/02/21 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 12/03/13 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 12/03/13 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 13/04/04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 13/04/04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/03/11 23808 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 13/07/02 61440 | (Oasis2Service) . (.Digital Delivery Networks, Inc..) - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
SR - | Auto 12/02/21 473960 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 13/03/05 258048 | (SampleCollector) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
SR - | Demand 12/06/11 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 11/02/24 105024 | (uCamMonitor) . (.ArcSoft, Inc..) - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
SR - | Auto 12/03/13 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/03/08 65464 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Demand 12/01/21 54432 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe
SR - | Auto 12/03/26 978056 | (VSNService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
SR - | Demand 12/01/13 1256040 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
SR - | Auto 58/07/11 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 09/07/14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/02/24 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

~ Services: Scanned in 09mn AMs



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by usar at 14/04/04 10:44:43 PM
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn AMs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by usar at 14/04/04 10:44:45 PM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 02mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13036 - (14/04/03)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitLord] =>Adware.WhenUSave^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mega Browse] =>PUP.MegaBrowse^
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bitlord] =>Adware.WhenUSave
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
C:\Program Files (x86)\Mega Browse =>PUP.MegaBrowse^
[HKCU\Software\Mega Browse] =>PUP.MegaBrowse^
[HKLM\Software\Wow6432Node\Mega Browse] =>PUP.MegaBrowse^
~ Additionnel Scan: 437626 Items scanned in 36mn AMs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/41917380-pup-megabrowse =>PUP.MegaBrowse
http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ MSI: 2 link(s) detected in 00mn AMs



~ 1529 Legitimates filtered by white list
End of the scan (709 lines in 22mn AMs)(0)

Publicité


Signaler le contenu de ce document

Publicité