cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.9.15 - Nicolas Coolman (09/04/2014)
~ Launched by rachid (09/04/2014 22:45:09)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8.1 Pro, 32-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, VOLUME_MAK channel
~ Windows Partial Key : CKBDQ
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Reader XI

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 67 GB (56%) free of 117 GB

---\\ Connection to the system mode
~ Computer Name: RACHIDSYSTEM34
~ User Name: rachid
~ All Users Names: rachid, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\rachid\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\rachid\AppData\Roaming\
~ %Desktop% : C:\Users\rachid\Desktop\
~ %Favorites% : C:\Users\rachid\Favorites\
~ %LocalAppData% : C:\Users\rachid\AppData\Local\
~ %StartMenu% : C:\Users\rachid\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 67 Go of 117 Go)
E: Hard drive, Flash drive, Thumb drive (Free 92 Go of 117 Go)
F: Hard drive, Flash drive, Thumb drive (Free 111 Go of 117 Go)
G: Hard drive, Flash drive, Thumb drive (Free 51 Go of 114 Go)
H: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.1A0BC9598E4A58FC84570FFF5A108E58] - (.Microsoft Corporation - Explorateur Windows.) (.22/10/2013 - 06:03:47.) -- C:\Windows\Explorer.exe [2065448]
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 02:49:55.) -- C:\Windows\System32\Wininit.exe [112640]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 02:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.94385F95EF948FB274A70DE3EDE5696D] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 02:48:19.) -- C:\Windows\System32\Winlogon.exe [458752]
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 08:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 06:13:54.) -- C:\Windows\system32\Drivers\AFD.sys [455168]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 05:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 04:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 01:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928]
[MD5.D4ADBFC2409EF883164F3AA49B22F366] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 04:09:45.) -- C:\Windows\system32\Drivers\DfsC.sys [101376]
[MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 04:10:12.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632]
[MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 04:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944]
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 11:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.9E030D5C03E68E0C78EA120212759D66] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 06:09:50.) -- C:\Windows\system32\Drivers\MRxSmb.sys [332800]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 04:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624]
[MD5.813F49CF41F561C52F3CF69A1B09E967] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 06:13:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1676128]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 04:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 04:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 03:51:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 06:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040]
[MD5.CA3C52D981550DEA46576F9FFBA22C58] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 14:04:24.) -- C:\Windows\system32\Drivers\volsnap.sys [265560]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/4
~ Mon Bureau (My Desktop) : 2/20
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.61A5597AB30F257BCC47A8E61711F039] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [66632] [PID.4420]
[MD5.BAB9D34A58C9CA038B0E4589E1DD01AA] - (.Microsoft Corporation - SkyDrive Sync Engine Host.) -- C:\Windows\System32\skydrive.exe [671232] [PID.2572]
[MD5.42433CDEC449D40F508752F2D487D8E4] - (.Microsoft Corporation - Host Process for Setting Synchronization.) -- C:\Windows\System32\SettingSyncHost.exe [478208] [PID.2428]
[MD5.1568FF282E268082C67CF0C3EBCC9179] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320] [PID.2060]
[MD5.1039BFA60D94CBC9AACD045BAF09F744] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128] [PID.3840]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.2484]
[MD5.0EE209370FAA94C2267B3B201D31E412] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [687336] [PID.2444]
[MD5.BE1DAE43DFBCA94FB6B4157C1B16923E] - (...) -- ystem32\RUNDLL32.exe [0] [PID.1528]
[MD5.C59C2E8A24E556C84C26EF5F972DFD44] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGDE.exe [200704] [PID.3544]
[MD5.3CA6463B1BF4CAF15F5C04D7188749A8] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\rachid\AppData\Roaming\uTorrent\uTorrent.exe [1689168] [PID.3680] =>P2P.BitTorrent
[MD5.E7E69A45148BE15CD26C5F63EEEC8133] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3829328] [PID.5864]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3532]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.900]
[MD5.909FF075A7415E346642B4F4B074265C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.5592]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1560]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1592]
[MD5.BE531939BB6D153DB63DBBFBD398A713] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584] [PID.1668]
[MD5.33E9F08F675EF94633C8EF8A7C4EADF3] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608] [PID.1692]
[MD5.EE7C82B0D69F038245CECBCE9EC45A9A] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [17760] [PID.2784]
[MD5.7E6B107120108B3A15BFECE0DE3201DB] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe [228744] [PID.3500]
[MD5.128B6D388138B3AF8B0E9B165D3BFD6F] - (.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\Windows\system32\dashost.exe [64512] [PID.1652]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\rachid\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://mail.ru
G2 - GCE: Preference [User Data\Default] [aknhaddjojgaldaffefbdhafiioikajl] New Tab Search v.0.5 (Désactivé)
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleآ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [goghkjdcbbbdfbjgakmgdhiglddeneep] Internet Speed Tracker v.8.22.3.42875, (Désactivé)
G2 - GCE: Preference [User Data\Default] [jaocgokledfmfebefgbeokdodbbdjhdd] Mail.ru آ«ذ’ذ¸ذ·رƒذ°ذ»رŒذ½ر‹ذµ ذ·ذ°ذ؛ذ»ذ°ذ´ذ؛ذ¸آ» v.1.0.15 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleآ Wallet v.0.0.6.1 (Activé)

---\\ Google Chrome Extension Folder

~ Google Lines Browser: 24 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\rachid\AppData\Roaming\Mozilla\Firefox\Profiles\kghu37em.default\prefs.js
M2 - MFEP: prefs.js [rachid - kghu37em.default\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}] [] ذ،ذ؟رƒر‚ذ½ذ¸ذ؛ @Mail.Ru v2.5.3.58 (..)
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R3 - URLSearchHook: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} . (...) (No version) -- Спутник@Mail.Ru
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Спутник@Mail.Ru - [HKLM]{09900DE8-1DCA-443F-9243-26FF581438AF} . (.@Mail.Ru - MailRuSputnik Module.) -- C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Ayat.lnk . (...) -- C:\Program Files\Ayat\Ayat.exe
O4 - GS\Desktop [Public]: DVBViewer.lnk . (.CM&V Hackbart - DVBViewer Pro.) -- C:\Program Files\DVBViewer\dvbviewer.exe
O4 - GS\Desktop [Public]: Epson Easy Photo Print.lnk . (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: EPSON SX218 Series Manuel.lnk . (...) -- C:\Program Files\epson\TpManual\EPSON SX218 Series\fr\Useg\index.htm
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PdfGrabber 8.0.lnk . (.PixelPlanet - PdfGrabber.) -- C:\Program Files\PixelPlanet\PdfGrabber 8.0\PdfGrabber.exe
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.) -- C:\Program Files\PowerISO\PowerISO.exe
O4 - GS\Desktop [Public]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - GS\Program [Public]: Ayat.lnk . (...) -- C:\Program Files\Ayat\Ayat.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [rachid]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [rachid]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [rachid]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) -- C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
O4 - GS\QuickLaunch [rachid]: SatHunter.lnk . (...) -- C:\Program Files\SatHunter\satellite.exe
O4 - GS\QuickLaunch [rachid]: vPlug Files Center.lnk . (...) -- C:\Program Files\Free Pack\vPlug Files Center
O4 - GS\QuickLaunch [rachid]: Web Navigation.lnk . (...) -- C:\Program Files\USB Disk Security\linkzb.exe
O4 - GS\QuickLaunch [rachid]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [rachid]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [rachid]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [rachid]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [rachid]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [rachid]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\SendTo [rachid]: DVB Dream Plugins Folder (pip00).lnk . (...) -- C:\dvbdream\Plugins\pip00
O4 - GS\Desktop [rachid]: DVB Dream.lnk . (.www.dvbdream.org - No Comment.) -- C:\dvbdream\dvbdream.exe
O4 - GS\Desktop [rachid]: music -.lnk . (...) -- G:\music
O4 - GS\Desktop [rachid]: Prog Finder.lnk . (.Microsoft - ProgSatFinder.) -- C:\ProgFinder\ProgSatFinder.exe
O4 - GS\Desktop [rachid]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) -- C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
O4 - GS\Desktop [rachid]: satellite - Raccourci.lnk . (...) -- C:\Program Files\SatHunter\satellite.exe
O4 - GS\Desktop [rachid]: Téléchargements - Raccourci.lnk . (...) -- C:\Users\rachid\Downloads
O4 - GS\Desktop [rachid]: Your Unin-staller!.lnk . (.URSoft,Inc - Your Uninstaller! - New way to uninstall pr.) -- C:\Program Files\Your Uninstaller! 7\urmain.exe
O4 - GS\Desktop [rachid]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 63 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Snagit 11.lnk . (.TechSmith Corporation - Snagit.) -- C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] . (.PixelPlanet - PixelPlanet PdfPrinter monitor.) -- C:\Program Files\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [EPSON SX218 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Platinum Hide IP] C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe (.not file.)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-4085608076-1952287052-2564765133-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4085608076-1952287052-2564765133-1001\..\Run: [EPSON SX218 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-4085608076-1952287052-2564765133-1001\..\Run: [Platinum Hide IP] C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe (.not file.)
O4 - HKUS\S-1-5-21-4085608076-1952287052-2564765133-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-4085608076-1952287052-2564765133-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AAFB750-2930-462C-AE72-B74B1755EDD8}: NameServer = 80.118.196.42,4.2.2.5,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9942DDB4-CD90-40F4-B129-FF6D09AA36EC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AAFB750-2930-462C-AE72-B74B1755EDD8}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{9942DDB4-CD90-40F4-B129-FF6D09AA36EC}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B46A416-DC22-4FAD-8861-0C2802387564}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2BC8F02-C469-4947-8266-C91D5E0DF86A}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AAFB750-2930-462C-AE72-B74B1755EDD8}: NameServer = 80.118.196.42,4.2.2.5,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9942DDB4-CD90-40F4-B129-FF6D09AA36EC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AAFB750-2930-462C-AE72-B74B1755EDD8}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{9942DDB4-CD90-40F4-B129-FF6D09AA36EC}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{9B46A416-DC22-4FAD-8861-0C2802387564}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{B2BC8F02-C469-4947-8266-C91D5E0DF86A}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AAFB750-2930-462C-AE72-B74B1755EDD8}: NameServer = 80.118.196.42,4.2.2.5,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9942DDB4-CD90-40F4-B129-FF6D09AA36EC}: NameServer = 208.67.220.220,208.67.222.222,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\inplay\bin\Injector.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: inplay (9d8f70183f00a47187e84e3ef5cc4a71) . (...) - C:\Program Files\inplay\bin\InjectorSvc.dll
~ Services: 5 Legitimates Filtered in 00mn 09s



---\\ Task Planned Automatically (039)
[MD5.4E8C983215115036C46841FFB51562A1] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [2820608] =>Trojan.Keygen
~ Scheduled Task: 8 Legitimates Filtered in 00mn 04s



---\\ Drivers launched at startup (O41)
O41 - Driver: (MpKslf36f3d72) . (...) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FDFD379-88BA-4702-9034-39E3D0CD555D}\MpKslf36f3d72.sys
~ Drivers: 38 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: AV Splitter 1.2.3.2 - (...) [HKLM] -- AV Splitter
O42 - Logiciel: DVBViewer Pro - (.CM&V.) [HKLM] -- DVBViewer Pro_is1
O42 - Logiciel: Free Pack 2.5 - (...) [HKLM] -- Free Pack
O42 - Logiciel: Injector 2.00.1021 - (...) [HKLM] -- {B18C20BD-78D5-4391-BA0E-1659E61868A4}{9d8f70183f00a47187e84e3ef5cc4a71}
O42 - Logiciel: PdfGrabber 8.0 (32bit) - (.PixelPlanet.) [HKLM] -- {436B31A2-3E3B-4D6D-B589-20E7C238B7C6}
O42 - Logiciel: Prog Finder - (...) [HKLM] -- ProgSatFinder
O42 - Logiciel: SatHunter v2.5.0.62 - (...) [HKLM] -- {1ADE22D7-7A1E-4A2C-BA5D-E88A22BED943}
~ Logic: 19 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\OB]
[HKCU\Software\SatHunter]
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DVBDream]
[HKLM\Software\Gemstar]
[HKLM\Software\TDS]
[HKLM\Software\Tencent] =>Adware.TencentAddressBar
~ Key Software: 189 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 27/03/2014 - 16:09:50 - [4,983] ----D C:\Program Files\AV Splitter
O43 - CFD: 28/03/2014 - 21:08:18 - [14,576] ----D C:\Program Files\DVBViewer
O43 - CFD: 04/04/2014 - 10:42:02 - [0] ----D C:\Program Files\DVBViewer TE2
O43 - CFD: 27/03/2014 - 16:12:27 - [1,823] ----D C:\Program Files\Free Pack
O43 - CFD: 07/04/2014 - 19:16:58 - [4,647] ----D C:\Program Files\inplay
O43 - CFD: 01/04/2014 - 18:16:53 - [173,160] ----D C:\Program Files\Portable
O43 - CFD: 27/03/2014 - 14:52:36 - [12,082] ----D C:\Program Files\SatHunter
O43 - CFD: 27/03/2014 - 15:32:54 - [89,065] ----D C:\Program Files\Tencent =>Adware.TencentAddressBar
O43 - CFD: 27/03/2014 - 15:59:50 - [0,001] ----D C:\Program Files\Common Files\DVBViewer Shared
O43 - CFD: 28/03/2014 - 21:45:42 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 07/04/2014 - 19:25:03 - [1,222] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 07/04/2014 - 19:25:03 - [0] ----D C:\ProgramData\SuperbApp
O43 - CFD: 28/03/2014 - 21:45:41 - [0,004] ----D C:\Users\rachid\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 27/03/2014 - 14:17:45 - [5,084] ----D C:\Users\rachid\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 27/03/2014 - 15:33:13 - [0,197] ----D C:\Users\rachid\AppData\Roaming\Tencent =>Adware.TencentAddressBar
O43 - CFD: 28/03/2014 - 21:45:51 - [0,023] ----D C:\Users\rachid\AppData\Local\Babylon =>PUP.Babylon
O43 - CFD: 27/03/2014 - 15:16:27 - [0,003] ----D C:\Users\rachid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prog Finder
O43 - CFD: 27/03/2014 - 15:33:07 - [0,004] ----D C:\Users\rachid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>Adware.TencentAddressBar
~ Program Folder: 178 Legitimates Filtered in 00mn 25s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.919DAC5548D2000BFE3E43C0F74CE669] - 02/04/2014 - 08:33:41 ---A- . (...) -- C:\Windows\win.ini [167]
O44 - LFC:[MD5.EE0DF911EA295B3A2A199EFD10C11393] - 03/04/2014 - 20:59:32 ---A- . (...) -- C:\Windows\QQPlayer.INI [30]
O44 - LFC:[MD5.304EB63BD072D3006691DA30F1A40924] - 26/03/2014 - 15:13:27 ---A- . (...) -- C:\Windows\DtcInstall.log [2664]
O44 - LFC:[MD5.BA1518015FC50EEB2F8BEFD7DEA4779B] - 27/03/2014 - 13:18:47 ---A- . (...) -- C:\Windows\System32\sqlite3.dll [625614]
O44 - LFC:[MD5.A311AF088D80CB945714D44DEB92BF7A] - 27/03/2014 - 14:04:52 ---A- . (...) -- C:\Windows\setup.iss [306]
O44 - LFC:[MD5.A88218883D4693F856B016FA842CF549] - 27/03/2014 - 15:11:23 ---A- . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll [79360]
O44 - LFC:[MD5.0FE302F71971B3E2AA6870219248854B] - 27/03/2014 - 15:12:27 ---A- . (...) -- C:\Windows\Folders.ini [158]
O44 - LFC:[MD5.80D127A09093916E9E53E12E18965373] - 27/03/2014 - 15:17:29 ---A- . (.Lake Technology Limited, http://www.lake.co - Dolby Headphone Engine.) -- C:\Windows\System32\DolbyHph.dll [671744]
O44 - LFC:[MD5.DA86016F0672ADA925F589EDE715F185] - 27/03/2014 - 15:17:29 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\System32\Drivers\pfc.sys [9856]
O44 - LFC:[MD5.DDDE67010BF3A40C3331D18ED75A60B2] - 28/03/2014 - 20:52:58 ---A- . (.TechniSat Digital, S.A. - NDIS 5.0 driver.) -- C:\Windows\System32\Drivers\SkyNET.sys [507408]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 29/03/2014 - 11:46:45 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.2100B28C34C4FCE916A4A61F58E31198] - 29/03/2014 - 11:54:31 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [9701]
~ Files: 354 Legitimates Filtered in 00mn 10s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Search Drivers Rootkit (SDR) (O57)
O57 - SDR:Search Drivers Rootkit - ( - .) --
~ Keys: Scanned in 00mn 01s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.596DB7E4D0DB6AC32DF142C861001979] - 12/08/2013 - 23:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088]
O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:[MD5.DA86016F0672ADA925F589EDE715F185] - 29/03/2006 - 07:49:26 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\System32\Drivers\pfc.sys [9856]
O58 - SDL:[MD5.DDDE67010BF3A40C3331D18ED75A60B2] - 11/09/2009 - 05:47:24 ---A- . (.TechniSat Digital, S.A. - NDIS 5.0 driver.) -- C:\Windows\System32\Drivers\SkyNET.sys [507408]
O58 - SDL:[MD5.B4489EA5810BF73778CD8BDC305109CE] - 22/08/2013 - 05:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]
~ Drivers: 17 Legitimates Filtered in 00mn 03s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FBCDD504-EE10-43B0-877D-1ED927D603D0} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {FFEBBF0A-C22C-4172-89FF-45215A135AC7} [DefaultScope] - (Поиск@Mail.Ru) - http://go.mail.ru
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
E:\Downloads\Compressed\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Cracked\SuperHideIP.exe =>.Crack,Keygen
E:\Downloads\Compressed\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Seeded using SeedMyBox.com.txt =>.Crack,Keygen
E:\Downloads\Compressed\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\SuperHideIP-3.2.9.6.Setup.exe =>.Crack,Keygen
E:\Downloads\Compressed\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN\Torrent downloaded from ExtraTorrent.com.txt =>.Crack,Keygen
E:\Downloads\Compressed\Super Hide IP 3.2.9.6 Cracked NiCkkkDoN.rar =>.Crack,Keygen
E:\sky star 2\برامج عرض الشاشة\برنامج ديفبي فيور\برنامج ديفيبي فيور\DVBViewer4.6\DVBViewer_pro_v4.8.1.Cracked\DVBViewer_pro_v4.8.1.Cracked\crack\dvbviewer.exe =>.Crack,Keygen
E:\sky star 2\برامج عرض الشاشة\برنامج ديفبي فيور\برنامج ديفيبي فيور\DVBViewer4.6\DVBViewer_pro_v4.8.1.Cracked\DVBViewer_pro_v4.8.1.Cracked\crack\reg.reg =>.Crack,Keygen
E:\sky star 2\برامج عرض الشاشة\برنامج ديفبي فيور\برنامج ديفيبي فيور\DVBViewer4.6\DVBViewer_pro_v4.8.1.Cracked\DVBViewer_pro_v4.8.1.Cracked\setup.exe =>.Crack,Keygen
E:\sky star 2\برامج عرض الشاشة\برنامج ديفبي فيور\برنامج ديفيبي فيور\DVBViewer_pro_v4.8.1.Cracked.rar =>.Crack,Keygen
E:\برامج الحاسوب\برامج التحميل من الانترنات\برامج التحميل من الانترنات وتسريعه\برنامجIDM\Internet Download Manager 5.18 Build 5\KeyGen.exe =>.Crack,Keygen
E:\برامج الحاسوب\برامج التعديل علي الصور\برنامج التقليص من حجم الصور\Light Image Resizer 4.3\keygen\Keygen.exe =>.Crack,Keygen
~ Files: Scanned in 00mn 14s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{BC5F49ED-50CF-4158-A095-3662A95E1BCB}C:\program files\dvbviewer\dvbviewer.exe" | In - Private - P6 - TRUE | .(.CM&V Hackbart - DVBViewer Pro.) -- C:\program files\dvbviewer\dvbviewer.exe
O87 - FAEL: "UDP Query User{443BEEFF-84FD-42C9-B9F5-F984433E512D}C:\program files\dvbviewer\dvbviewer.exe" | In - Private - P17 - TRUE | .(.CM&V Hackbart - DVBViewer Pro.) -- C:\program files\dvbviewer\dvbviewer.exe
O87 - FAEL: "{FB304DCF-CDD1-45E8-B52F-5854762334FA}" | In - Public - P17 - TRUE | .(.CM&V Hackbart - DVBViewer Pro.) -- C:\program files\dvbviewer\dvbviewer.exe
O87 - FAEL: "{5A54A0F8-E6A5-4CE4-8F58-238E4D686E47}" | In - Public - P6 - TRUE | .(.CM&V Hackbart - DVBViewer Pro.) -- C:\program files\dvbviewer\dvbviewer.exe
~ Firewall: 261 Legitimates Filtered in 00mn 01s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "2A13B634B3E3D6D45B98027E2C837B6C" . (.PdfGrabber 8.0 (32bit).) -- C:\Windows\Installer\{436B31A2-3E3B-4D6D-B589-20E7C238B7C6}\ARPPRODUCTICON.exe
O90 - PUC: "3F85F000445A5BB4FAB167E11A8C95C5" . (.PixelPlanet PdfPrinter 7 (32bit).) -- C:\Windows\Installer\{000F58F3-A544-4BB5-AF1B-761EA1C8595C}\ARPPRODUCTICON.exe
~ Update Products: 34 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.D515D5701999F1354E1329D49F2F9012] [WIS][27/03/2014] (.UNKNOWN - Ayat.) -- C:\Windows\Installer\5260b.msi [29184]
[MD5.E111F92FDF94B035C6AF7ECF92D9B7D7] [WIS][01/04/2014] (.Thilo Kirsch - PdfGrabber.) -- C:\Windows\Installer\6d2bffa.msi [54685696]
~ WIS: 36 Legitimates Filtered in 00mn 05s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 7218 Legitimates Filtered in 00mn 07s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 26/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 07/04/2014 181136 | (9d8f70183f00a47187e84e3ef5cc4a71) . (...) - C:\Program Files\inplay\bin\InjectorSvc.dll
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30/10/2013 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 09s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by rachid at 09/04/2014 22:46:58

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 18

[HKLM\Software\Google\Chrome\Extensions\flpcjncodpafbgdpnkljologafpionhb] =>PUP.Manager^
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\rachid\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpcjncodpafbgdpnkljologafpionhb =>PUP.Manager^
C:\Program Files\Tencent =>Adware.TencentAddressBar^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\rachid\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\rachid\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\rachid\AppData\Roaming\Tencent =>Adware.TencentAddressBar^
C:\Users\rachid\AppData\Local\Babylon =>PUP.Babylon^
C:\Users\rachid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>Adware.TencentAddressBar^
C:\Users\rachid\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\rachid\AppData\Local\Temp\AskSearch =>Toolbar.AskBarDis
C:\Users\rachid\AppData\Local\Temp\PC Performer =>Rogue.PCPerformer
C:\Users\rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Tencent] =>Adware.TencentAddressBar^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
C:\Users\rachid\AppData\Local\Temp\nscCB7.exe =>Toolbar.Conduit
C:\Users\rachid\AppData\Local\Temp\nsk4659.exe =>Toolbar.Conduit
C:\Users\rachid\AppData\Local\Temp\nsm9F1A.exe =>Toolbar.Conduit
C:\Users\rachid\AppData\Local\Temp\nst4389.exe =>Toolbar.Conduit
C:\Users\rachid\AppData\Local\Temp\nswA26.exe =>Toolbar.Conduit
C:\Users\rachid\AppData\Local\Temp\sp-downloader.exe =>Toolbar.Conduit
~ Additionnel Scan: 248244 Items scanned in 00mn 29s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager =>PUP.Manager
http://nicolascoolman.webs.com/apps/blog/show/27668065-adware-tencentaddressbar =>Adware.TencentAddressBar
http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 9 link(s) detected in 00mn 00s



~ 1212 Legitimates filtered by white list
End of the scan (592 lines in 02mn 20s)(11)

Publicité


Signaler le contenu de ce document

Publicité