cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.11.19 - Nicolas Coolman (11/04/2014)
~ Launched by zaki (12/04/2014 02:49:11)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.116
OPIE: Opera vStable 20.0.1387.91 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 15 Model 2 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1783 MB (53% free)
System Restore: Désactivé (Disabled)
System drive C: has 1 GB (11%) free of 10 GB

---\\ Connection to the system mode
~ Computer Name: ZAKI-D196B615AF
~ User Name: zaki
~ All Users Names: zaki, SUPPORT_388945a0, pctquwfkl, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\zaki\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\zaki\Application Data\
~ %Desktop% : C:\Documents and Settings\zaki\Bureau\
~ %Favorites% : C:\Documents and Settings\zaki\Favoris\
~ %LocalAppData% : C:\Documents and Settings\zaki\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\zaki\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 22 Go)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: Modified
~ Security Center: 51 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.9F3B76C8CF787449A47F05ABAB4E13E6] - (.Microsoft Corporation - Explorateur Windows.) (.03/08/2004 - 21:54:50.) -- C:\WINDOWS\Explorer.exe [978432]
[MD5.F6AD4C0F992B3B51C044AD74D9E2E854] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.03/08/2004 - 21:54:46.) -- C:\WINDOWS\system32\wininet.dll [694784]
[MD5.D2DE785AEAB0BB8CA4C14A8A199DBE4E] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.03/08/2004 - 21:55:02.) -- C:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/08/2004 - 20:14:16.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 19:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.03/08/2004 - 20:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.03/08/2004 - 19:59:54.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.06/09/2002 - 23:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.03/08/2004 - 23:41:24.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.03/08/2004 - 20:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.03/08/2004 - 20:04:52.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.03/08/2004 - 20:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/08/2004 - 20:15:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.03/08/2004 - 20:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.03/08/2004 - 20:15:10.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.03/08/2004 - 22:05:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.03/08/2004 - 20:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 22:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.04/08/2004 - 00:39:44.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.03/08/2004 - 21:44:16.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 3/10
~ Mes musiques (My Musics) : 1/5
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 3/324
~ Mon Bureau (My Desktop) : 2/236
~ Menu demarrer (Programs) : 1/90
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.A4AB62C6844D98A70EF657537D5B4756] - (.No owner - Microsoft.) -- C:\WINDOWS\Win-boot.exe [479204] [PID.1748]
[MD5.A4AB62C6844D98A70EF657537D5B4756] - (.No owner - Microsoft.) -- C:\WINDOWS\system32\Booter.exe [479204] [PID.1784]
[MD5.BBD30429A6DD637612086AB3918D9CC0] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3894864] [PID.1896]
[MD5.53393FE192776D53640C447CA18B3E22] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [21633320] [PID.1904]
[MD5.AE77C36DCCB4396FE7730E5F65E134AF] - (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe [178688] [PID.1940]
[MD5.5D1FCB21DD3A26A6D6D6469A74246F40] - (.JetAudio, Inc. - jetAudio.) -- C:\Program Files\JetAudio\JetAudio.exe [7885848] [PID.1960]
[MD5.DC1342498BEE7EF1646E9D63138B69CC] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\javaw.exe [175016] [PID.1972]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.612]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.2696]
[MD5.0AE25D0F39DDA312DC6AA6CA507DFDA2] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [349296] [PID.2652]
[MD5.6B5EFCA87802A30B7BCA278D102F49BA] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [92272] [PID.3152]
[MD5.CEF42DB1DEF87F21B89A5AABB86051EF] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368] [PID.3364]
[MD5.C0D2348A923B2FAA3EC2BC65CBAE1A4F] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe [1952568] [PID.3108]
[MD5.1177E21C863C6BB21195AB51E6B86AC0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8210432] [PID.1644]
~ Processes Running: Scanned in 00mn 05s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\zaki\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://websearch.amaizingsearches.info
G0 - GCSP: Preference [User Data\Default][HomePage] http://websearch.amaizingsearches.info
G2 - GCE: Preference [User Data\Default] [cgdlnmpbpmallooijmjpkihlpmglbafe] SNT v.2.1 (Activé)
G2 - GCE: Preference [User Data\Default] [khagclindddokccfbmfmckaflngbmpon] Image Properties Context Menu v.246 (Activé)
G2 - GCE: Preference [User Data\Default] [lbidgdoiglndbjlcnnifemecdhnpeabo] OKitSpace v.1.0, (Activé) =>PUP.Onekit
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleآ Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nohedfeihmjlfnahkodghlfgaomfnhnm] saive Neet v.5.14 (Activé)
G2 - GCE: Preference [User Data\Default] [zzzzzzzzzzzzzzzzoibponkmmpgpmjgl] OKitSpace v.1.0, (Désactivé) =>PUP.Onekit

---\\ Google Chrome Extension Folder

~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\zaki\Application Data\Mozilla\Firefox\Profiles\94hwgthg.default\prefs.js
C:\Documents and Settings\zaki\Application Data\Mozilla\Firefox\Profiles\94hwgthg.default\user.js
M3 - MFPP: Plugins - [zaki] -- C:\Documents and Settings\zaki\Application Data\Mozilla\Firefox\Profiles\94hwgthg.default\searchplugins\ask-web-search.xml
M3 - MFPP: Plugins - [zaki] -- C:\Documents and Settings\zaki\Application Data\Mozilla\Firefox\Profiles\94hwgthg.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [zaki] -- C:\Documents and Settings\zaki\Application Data\Mozilla\Firefox\Profiles\94hwgthg.default\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [zaki - 94hwgthg.default] http://websearch.amaizingsearches.info
M2 - MFEP: prefs.js [zaki - 94hwgthg.default\018cdeurmx@bfv-x.edu] [] saive Neet v5.14 (..)
M2 - MFEP: prefs.js [zaki - 94hwgthg.default\b83fscks@qj-pftp.com] [] SNT v2.1 (..)
M2 - MFEP: prefs.js [zaki - 94hwgthg.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v3.2.3.20140326060057 (..)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.amaizingsearches.info
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.amaizingsearches.info
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search.ask.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search.ask.com
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=Explorer.exe Win-boot.EXE
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects (O2)
O2 - BHO: OKitSpace Ads - {3543619C-D563-43f7-95EA-4DA7E1CC396A} . (...) -- C:\Documents and Settings\zaki\Application Data\okitSpace\IE\OkitSpace.dll =>PUP.Onekit
O2 - BHO: YoutubeAdblocker - {8A3DCD19-8F1C-CED1-5106-0F9192EF3287} . (...) -- C:\Program Files\YoutubeAdblocker\Tjgk6.dll =>PUP.TubeAdBlocker
O2 - BHO: uTorrentControl_v6 - {96f454ea-9d38-474f-b504-56193e00c1a5} . (...) -- C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (.not file.) =>P2P.µTorrent
~ BHO: 14 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: uTorrentControl_v6 Toolbar - [HKLM]{96f454ea-9d38-474f-b504-56193e00c1a5} . (...) -- C:\Program Files\uTorrentControl_v6\prxtbuTor.dll =>P2P.µTorrent
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [zaki]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [zaki]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 12 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Program [zaki]: jetAudio.lnk . (.JetAudio, Inc. - jetAudio.) -- C:\Program Files\JetAudio\JetAudio.exe
O4 - GS\Program [zaki]: Raccourci vers RShareClient.2.7.lnk . (...) -- C:\Documents and Settings\zaki\Mes documents\Downloads\Compressed\RshareClient 2.7.5 Fix\RShareClient.2.7.5_FINAL.jar
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe (.not file.) =>.Oracle Corporation
O4 - HKLM\..\Run: [TrayServer] . (.MAGIX AG - Trayserver.) -- C:\Program Files\MAGIX\Video_deluxe_16_Plus_Version_para_descargar\TrayServer.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (.not file.)
O4 - HKLM\..\Run: [Sys32-w32] . (.No owner - Microsoft.) -- C:\WINDOWS\system32\Booter.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [SpeedItupFree] C:\Program Files\SpeedItup Free\speeditupfree.exe (.not file.)
O4 - HKCU\..\Run: [iLivid] C:\Documents and Settings\zaki\Local Settings\Application Data\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKCU\..\Run: [Sys-Boot] . (.No owner - Microsoft.) -- C:\WINDOWS\Win-boot.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [SpeedItupFree] C:\Program Files\SpeedItup Free\speeditupfree.exe (.not file.)
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [iLivid] C:\Documents and Settings\zaki\Local Settings\Application Data\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKUS\S-1-5-21-1960408961-1364589140-725345543-1003\..\Run: [Sys-Boot] . (.No owner - Microsoft.) -- C:\WINDOWS\Win-boot.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27E15692-1897-4530-90D2-F30D59C6AD59}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27E15692-1897-4530-90D2-F30D59C6AD59}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27E15692-1897-4530-90D2-F30D59C6AD59}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 01s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\movies~1\datamngr\mgrldr.dll (.not file.) =>PUP.Datamngr
~ AppInit DLL: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Protect your browser's extensions (srvPlgProtect) . (...) - C:\Documents and Settings\zaki\Application Data\okitspace\protect\PluginProtect.exe (.not file.) =>PUP.Onekit
O23 - Service: WeatherBlinkService (WeatherBlinkService) . (...) - C:\Program Files\WEATHE~1\bar\1.bin\gcbarsvc.exe (.not file.) =>PUP.WeatherBlink
~ Services: 3 Legitimates Filtered in 00mn 05s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\zaki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\zaki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll =>PUP.Datamngr
~ Keys: Scanned in 00mn 01s



---\\ Software installed (O42)
O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.TubeAdBlocker
~ Logic: 25 Legitimates Filtered in 00mn 12s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\APNDTX]
[HKCU\Software\Awop]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Nimbuzz]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKLM\Software\AskTBar]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Datamngr] =>PUP.Datamngr
[HKLM\Software\OKitSpace] =>PUP.Onekit
[HKLM\Software\Vittalia] =>Adware.Vittalia
~ Key Software: 213 Legitimates Filtered in 00mn 12s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 28/01/2014 - 12:53:57 - [0] ----D C:\Program Files\AskTBar
O43 - CFD: 02/01/2014 - 14:53:27 - [0] ----D C:\Program Files\Conduit
O43 - CFD: 14/02/2014 - 01:11:29 - [1,344] ----D C:\Program Files\PC-Telephone
O43 - CFD: 12/04/2014 - 01:17:53 - [0] ----D C:\Program Files\save net
O43 - CFD: 12/04/2014 - 01:17:00 - [0] ----D C:\Program Files\SNT
O43 - CFD: 11/04/2014 - 22:08:41 - [0,862] ----D C:\Program Files\YoutubeAdblocker =>PUP.TubeAdBlocker
O43 - CFD: 02/01/2014 - 14:53:23 - [3,418] ----D C:\Documents and Settings\All Users\Application Data\Conduit
O43 - CFD: 12/04/2014 - 01:17:53 - [0,140] ----D C:\Documents and Settings\All Users\Application Data\f4c2a345163db42c
O43 - CFD: 11/04/2014 - 22:06:42 - [0,168] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 12/04/2014 - 01:18:50 - [0] ----D C:\Documents and Settings\All Users\Application Data\save net
O43 - CFD: 12/04/2014 - 01:18:50 - [0] ----D C:\Documents and Settings\All Users\Application Data\SNT
O43 - CFD: 11/04/2014 - 22:10:44 - [0] ----D C:\Documents and Settings\All Users\Application Data\SuperbApp
O43 - CFD: 11/04/2014 - 22:08:42 - [0,515] ----D C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker =>PUP.TubeAdBlocker
O43 - CFD: 12/04/2014 - 02:05:32 - [85,730] -SH-D C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 18/02/2014 - 01:08:41 - [0,004] ----D C:\Documents and Settings\zaki\Application Data\newnext.me =>PUP.NextLive
O43 - CFD: 08/02/2014 - 16:28:53 - [1,723] ----D C:\Documents and Settings\zaki\Application Data\okitspace =>PUP.Onekit
O43 - CFD: 02/01/2014 - 16:11:14 - [5,154] ----D C:\Documents and Settings\zaki\Application Data\OpenCandy =>Adware.OpenCandy
O43 - CFD: 26/01/2014 - 22:27:13 - [0,002] ----D C:\Documents and Settings\zaki\Application Data\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 02/01/2014 - 14:53:27 - [0] ----D C:\Documents and Settings\zaki\Local Settings\Application Data\Conduit
O43 - CFD: 18/02/2014 - 01:05:08 - [0] ----D C:\Documents and Settings\zaki\Local Settings\Application Data\genienext =>PUP.NextLive
O43 - CFD: 14/02/2014 - 00:26:11 - [0] ----D C:\Documents and Settings\zaki\Local Settings\Application Data\IAC
~ Program Folder: 167 Legitimates Filtered in 01mn 37s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.B3C82AEB96643625CB17DCABB8BCA070] - 07/04/2014 - 14:17:54 ---A- . (...) -- C:\WINDOWS\wmsetup.log [50326]
O44 - LFC:[MD5.B66D28E01D25B91E91881DD1D65F1BB9] - 11/04/2014 - 13:37:13 ---A- . (...) -- C:\WINDOWS\system.ini [307]
O44 - LFC:[MD5.07E6EB744F21B48D634C825A5A2E7451] - 12/04/2014 - 00:30:15 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.1B191A3E9ABEA184469E5034C2E30BC3] - 12/04/2014 - 00:30:54 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.9DF24F884B80F98E89BEB9840ED21A06] - 12/04/2014 - 01:19:11 RSHA- . (...) -- C:\Autorun.inf [112]
O44 - LFC:[MD5.1E478A9C9C9275097F06C5BF682DEE8B] - 29/03/2014 - 10:02:51 ---A- . (...) -- C:\WINDOWS\WORDPAD.INI [754]
~ Files: 22 Legitimates Filtered in 00mn 34s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "F:\Ntldr.EXE" [Enabled] .(...) -- F:\Ntldr.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\zaki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [Enabled] .(...) -- C:\Documents and Settings\zaki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\Win-boot.EXE" [Enabled] .(..) -- C:\WINDOWS\Win-boot.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Supercopier\supercopier.exe" [Enabled] .(.ultracopier.first-world.info.) -- C:\Program Files\Supercopier\supercopier.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\Booter.EXE" [Enabled] .(..) -- C:\WINDOWS\system32\Booter.exe
~ Keys Export: 15 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{16f136cc-7d97-11e3-ab3d-00110a9805be}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{b40416b4-c0a1-11e3-abc9-00110a9805be}\AutoRun\command - Orphan key
O51 - MPSK:{fe009e86-724c-11e3-9716-806d6172696f}\AutoRun\command. (.No owner - Microsoft.) -- C:\Ntldr.exe
O51 - MPSK:{fe009e87-724c-11e3-9716-806d6172696f}\AutoRun\command. (.No owner - Microsoft.) -- D:\Ntldr.exe
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 8 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFind"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRun"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoFolderOptions"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 06/09/2002 - 23:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.B53F9635457B56DCFFEF750E18AEC6CB] - 09/05/2005 - 20:08:40 ---A- . (.Team H2O - Team H2O CLEDX DevWhore.) -- C:\WINDOWS\system32\Drivers\cledx.sys [33792]
O58 - SDL:[MD5.AACD48039C4BB5930EC145B456CB791E] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121184]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/09/2002 - 23:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.D26E26EA516450AF9D072635C60387F4] - 17/07/2004 - 08:36:38 ---A- . (...) -- C:\WINDOWS\system32\Drivers\secdrv.sys [27440]
O58 - SDL:[MD5.F1771926A47A18BD3A3EDAC334FC78E0] - 15/08/2006 - 15:48:22 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\WINDOWS\system32\Drivers\smsens.sys [3744]
O58 - SDL:[MD5.FA3368A7039F5ABAA4B933703AC34763] - 15/08/2006 - 15:48:24 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys [578304]
O58 - SDL:[MD5.85557234B421D99C87D46E57248793F0] - 25/11/2002 - 14:46:16 ---A- . (.Syncrosoft GmbH - SynasUSB.sys.) -- C:\WINDOWS\system32\Drivers\synasUSB.sys [16896]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 06/09/2002 - 23:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 03/08/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 19:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 8 Legitimates Filtered in 00mn 22s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 01/01/1601 - C:\WINDOWS\system32\drivers\uqmhlo.sys (amsint32) .(...) - LEGACY_AMSINT32
~ Legacy: 117 Legitimates Filtered in 00mn 11s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {2381E4B7-5C04-459E-9D46-2F9AC1608B66} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (uTorrentControl_v6 Customized Web Search) - http://search.conduit.com =>P2P.µTorrent
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [DefaultScope] - (WebSearch) - http://websearch.amaizingsearches.info
O69 - SBI: SearchScopes [HKCR] {2381E4B7-5C04-459E-9D46-2F9AC1608B66} [DefaultScope] - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {2381E4B7-5C04-459E-9D46-2F9AC1608B66} [DefaultScope] - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {2381E4B7-5C04-459E-9D46-2F9AC1608B66} [DefaultScope] - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {2381E4B7-5C04-459E-9D46-2F9AC1608B66} [DefaultScope] - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {2381E4B7-5C04-459E-9D46-2F9AC1608B66} [DefaultScope] - (Yahoo! Search) - http://search.yahoo.com
~ Keys: Scanned in 00mn 03s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\zaki\Bureau\tuneUp Utilities 2014 14.0.1000.275 Final.mazika2day.com\Keygen.exe =>.Crack,Keygen
C:\Documents and Settings\zaki\Bureau\tuneUp Utilities 2014 14.0.1000.275 Final.mazika2day.com\Tune.Up.Utilities.2014.Keygen.REPT.rar =>.Crack,Keygen
C:\Documents and Settings\zaki\Bureau\tuneUp Utilities 2014 14.0.1000.275 Final.mazika2day.com\Keygen.exe =>.Crack,Keygen
C:\Documents and Settings\zaki\Bureau\tuneUp Utilities 2014 14.0.1000.275 Final.mazika2day.com\Tune.Up.Utilities.2014.Keygen.REPT.rar =>.Crack,Keygen
~ Files: Scanned in 02mn 52s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}] (OKitSpace Object) =>PUP.Onekit
[HKCR\CLSID\{61FF8246-4E94-42F2-8647-DDA6F03F2689}] (uTorrentControl_v6 Findbar) =>P2P.µTorrent
[HKCR\CLSID\{8A3DCD19-8F1C-CED1-5106-0F9192EF3287}] (YoutubeAdblocker) =>PUP.Multiplug
[HKCR\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}] (uTorrentControl_v6 Toolbar) =>P2P.µTorrent
[HKCR\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}] (uTorrentControl_v6 API Server) =>P2P.µTorrent
~ BCK: 3864 Legitimates Filtered in 00mn 31s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 31/12/2013 190376 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 31/12/2013 190376 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 189040 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (srvPlgProtect) . (...) - C:\Documents and Settings\zaki\Application Data\okitspace\protect\PluginProtect.exe =>PUP.Onekit
SS - | Auto 10/07/1658 0 | (WeatherBlinkService) . (...) - C:\Program Files\WEATHE~1\bar\1.bin\gcbarsvc.exe =>PUP.WeatherBlink

SR - | Auto 02/01/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 20/03/2014 1773368 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe

~ Services: Scanned in 00mn 35s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (11/04/2014)
Clés trouvées (Keys found) : 25
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 18
Fichiers trouvés (Files found) : 13

[HKLM\Software\Google\Chrome\Extensions\lbidgdoiglndbjlcnnifemecdhnpeabo] =>PUP.Onekit^
[HKLM\Software\Google\Chrome\Extensions\zzzzzzzzzzzzzzzzoibponkmmpgpmjgl] =>PUP.Onekit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A}] =>PUP.Onekit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A3DCD19-8F1C-CED1-5106-0F9192EF3287}] =>PUP.TubeAdBlocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}] =>P2P.µTorrent^
[HKLM\SYSTEM\CurrentControlSet\Services\srvPlgProtect] =>PUP.Onekit^
[HKLM\SYSTEM\CurrentControlSet\Services\WeatherBlinkService] =>PUP.WeatherBlink^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.TubeAdBlocker^
[HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe063db1-4ec0-403e-8dd8-394c54984b2c}] =>Toolbar.AskTBar
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save
[HKLM\Software\SoftwareUpdater] =>Hijacker.Eazel
[HKCU\Software\PC Optimizer Pro] =>Rogue.PCOptimizerPro
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\Toolbar.CT3289075] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{96f454ea-9d38-474f-b504-56193e00c1a5} =>P2P.µTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:iLivid =>Adware.Bandoo^
C:\Documents and Settings\zaki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbidgdoiglndbjlcnnifemecdhnpeabo =>PUP.Onekit^
C:\Documents and Settings\zaki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\zzzzzzzzzzzzzzzzoibponkmmpgpmjgl =>PUP.Onekit^
C:\Program Files\YoutubeAdblocker =>PUP.TubeAdBlocker^
C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker =>PUP.TubeAdBlocker^
C:\Documents and Settings\zaki\Application Data\newnext.me =>PUP.NextLive^
C:\Documents and Settings\zaki\Application Data\okitspace =>PUP.Onekit^
C:\Documents and Settings\zaki\Application Data\OpenCandy =>Adware.OpenCandy^
C:\Documents and Settings\zaki\Application Data\SwvUpdater =>PUP.Software.Updater^
C:\Documents and Settings\zaki\Local Settings\Application Data\genienext =>PUP.NextLive^
C:\Program Files\AskTBar =>Toolbar.AskTBar
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\SearchProtect =>Toolbar.Conduit
C:\Program Files\PC Optimizer Pro =>Rogue.PCOptimizerPro
C:\Documents and Settings\All Users\Application Data\Conduit =>Toolbar.Conduit
C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma
C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro =>Rogue.PCOptimizerPro
C:\Documents and Settings\zaki\Local Settings\Application Data\Conduit =>Toolbar.Conduit
C:\Documents and Settings\zaki\Local Settings\Application Data\SearchProtect =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Datamngr] =>PUP.Datamngr^
[HKLM\Software\OKitSpace] =>PUP.Onekit^
[HKLM\Software\Vittalia] =>Adware.Vittalia^
[HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}] (OKitSpace Object) =>PUP.Onekit^
[HKCR\CLSID\{61FF8246-4E94-42F2-8647-DDA6F03F2689}] (uTorrentControl_v6 Findbar) =>P2P.µTorrent^
[HKCR\CLSID\{8A3DCD19-8F1C-CED1-5106-0F9192EF3287}] (YoutubeAdblocker) =>PUP.Multiplug^
[HKCR\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}] (uTorrentControl_v6 Toolbar) =>P2P.µTorrent^
[HKCR\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}] (uTorrentControl_v6 API Server) =>P2P.µTorrent^
~ Additionnel Scan: 121384 Items scanned in 02mn 01s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/33456961-pup-onekit =>PUP.Onekit
http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/41413709-pup-weatherblink =>PUP.WeatherBlink
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager =>PUP.weDownloadManager
http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater =>PUP.Software.Updater
http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
http://nicolascoolman.webs.com/apps/blog/show/30393459-rogue-pcoptimizerpro =>Rogue.PCOptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 27 link(s) detected in 00mn 00s



~ 821 Legitimates filtered by white list
End of the scan (671 lines in 10mn 01s)(4)

Publicité


Signaler le contenu de ce document

Publicité