cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.13.25 - Nicolas Coolman (13/04/2014)
~ Launched by hp (13/04/2014 22:40:21)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
OPIE: Opera vStable 18.0.1284.49

---\\ Windows product information
~ Langage: Anglais
Windows 7 Professional, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Java 7 Update 51

---\\ Information on the system
~ Processor: x86 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1921 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 176 GB (75%) free of 233 GB

---\\ Connection to the system mode
~ Computer Name: HP-PC
~ User Name: hp
~ All Users Names: hp, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\hp\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\hp\AppData\Roaming\
~ %Desktop% : C:\Users\hp\Desktop\
~ %Favorites% : C:\Users\hp\Favorites\
~ %LocalAppData% : C:\Users\hp\AppData\Local\
~ %StartMenu% : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 176 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 232 Go of 232 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: CD-ROM drive (Free 0 Go of 6 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 05:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2014 - 20:21:57.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 06:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 02:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 02:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 16:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/141
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/1562
~ Mon Bureau (My Desktop) : 4/20
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 02s



---\\ Process running
[MD5.92C2825E0F78B4788250A0E0B67AEF71] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [186864] [PID.2988]
[MD5.7542A258384DFCC38F56E3F1F7A21D67] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [196080] [PID.3028]
[MD5.2C3710840F1D20D571FF9658AAA6F1BD] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [267760] [PID.3036]
[MD5.8F27080C762E074B8F39A904FD630B7D] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344] [PID.3044]
[MD5.BF739971EC9B05DAFEC793767B632BA9] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3136]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3152]
[MD5.DCD78A37FB33BF0141A231109B052785] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3168]
[MD5.AACF7763452AC9D6CF84E84A16BEAD9D] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20685680] [PID.3260]
[MD5.6CE181DE23F2D175B72396EFAF5C43AC] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3829328] [PID.3292]
[MD5.E4B89C1434AC5EE740E87CCF7769F50D] - (.Samsung - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656] [PID.3308]
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.3320]
[MD5.364156326EF0F1B92B0DC132F8F10412] - (. New Softwares.net - Tray Application.) -- C:\Windows\System32\WinFLTray.exe [322360] [PID.3348]
[MD5.20D38F7D0B5383510C034BDD4178C5E1] - (.New Softwares.net - No Comment.) -- C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275768] [PID.3356]
[MD5.A8FAEE1A2A5588BF744726BB7C583E2D] - (. New Softwares.net - No Comment.) -- C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe [1238328] [PID.3444]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.3680]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3180]
[MD5.7116680C2C62709EE81BDDC69EF26B93] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757488] [PID.4892]
[MD5.090A189F4EEB3C0B76E97ACDB1A71C92] - (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) -- C:\Program Files\Internet Download Manager\idmBroker.exe [69144] [PID.4240]
[MD5.08FECDE82830FA31E186E071D87CE86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8212992] [PID.5456]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleآ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleآ Wallet v.0.0.6.1 (Activé)

---\\ Google Chrome Extension Folder

~ Google Lines Browser: 16 Legitimates Filtered in 01mn 07s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: AIMP3.lnk . (.AIMP DevTeam - AIMP3.) -- C:\Program Files\AIMP3\AIMP3.exe
O4 - GS\Desktop [Public]: B-Link 11n USB Wireless LAN Utility.lnk . (.Realtek - ReStart MFC Application.) -- C:\Program Files\B-Link\11n USB Wireless LAN Utility\ReStart.exe
O4 - GS\Desktop [Public]: Folder Lock.lnk . (.New Softwares.net. - Folder Lock Application.) -- C:\Program Files\NewSoftware's\Folder Lock\Folder Lock.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: MP3 Cutter.lnk . (.MP3 Cutter, Inc. - Easily and Fast Cut MP3 in few clicks..) -- C:\Program Files\MP3 Cutter\MP3Cutter.exe
O4 - GS\Desktop [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files\UltraISO\UltraISO.exe
O4 - GS\Desktop [Public]: Xilisoft iPod Rip.lnk . (...) -- C:\Program Files\Xilisoft\iPod Manager\ipodmanager-loader.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O4 - GS\QuickLaunch [hp]: Google Chrome.lnk . (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [hp]: idoo Video Editor Pro 2.5.0.lnk . (...) -- C:\Program Files\idoo\Video Editor\videoeditor.exe
O4 - GS\QuickLaunch [hp]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [hp]: Paltalk Messenger.lnk . (...) -- C:\Program Files\Paltalk Messenger\paltalk.exe (.not file.)
O4 - GS\QuickLaunch [hp]: PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [hp]: Upgrade to Paltalk Extreme.lnk - Orphan key
O4 - GS\QuickLaunch [hp]: Xilisoft iPod Rip.lnk . (...) -- C:\Program Files\Xilisoft\iPod Manager\ipodmanager-loader.exe
O4 - GS\TaskBar [hp]: Google Chrome.lnk . (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [hp]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [hp]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [hp]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [hp]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [hp]: dreamboxEDIT.lnk . (...) -- C:\Program Files\dreamboxEDIT\dreamboxEDIT.exe
O4 - GS\Desktop [hp]: EnigmEdit.lnk . (...) -- C:\EnigmEdit\EnigmEdit.exe
O4 - GS\Desktop [hp]: HDVB.lnk . (.- - HDVB CardSharing Client.) -- C:\Program Files\HDVB\HDVB.exe
O4 - GS\Desktop [hp]: pes2014.lnk . (.Konami Digital Entertainment Co., Ltd. - Pro Evolution Soccer 2014.) -- C:\Program Files\KONAMI\Pro Evolution Soccer 2014\pes2014.exe
O4 - GS\Desktop [hp]: PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [hp]: tout2 - Raccourci.lnk . (...) -- D:\tout2
O4 - GS\Desktop [hp]: XBMC.lnk . (.Team XBMC - XBMC.) -- C:\Program Files\XBMC\XBMC.exe
O4 - GS\Desktop [hp]: Youtube Downloader HD.lnk . (...) -- C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe
~ Global Startup: 104 Legitimates Filtered in 00mn 02s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\Windows\system32\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\Windows\system32\WinFLTray.exe
O4 - HKUS\S-1-5-21-2651599121-302006115-1394735740-1000\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{77113BD1-1361-46B7-9F10-E4A6318CD7F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1527736-957F-4A77-91C3-8C4A1C614FFF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{77113BD1-1361-46B7-9F10-E4A6318CD7F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F1527736-957F-4A77-91C3-8C4A1C614FFF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{77113BD1-1361-46B7-9F10-E4A6318CD7F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F1527736-957F-4A77-91C3-8C4A1C614FFF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: FLService (FLService) . (.New Softwares.net - Service Application.) - C:\Windows\system32\WinFLService.exe
O23 - Service: GLArab.com HTTP Proxy (glarab_http_proxy) . (.No owner - http_proxy.exe.) - C:\Program Files\GLArab.com\Proxy\http_proxy.exe
~ Services: 9 Legitimates Filtered in 00mn 02s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Start Registry Reviver for hp-PC@hp(logon).job [320]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 04s



---\\ Drivers launched at startup (O41)
O41 - Driver: (WinFLAdrv) . (...) - C:\Windows\System32\WinFLAdrv.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: EnigmEdit (remove only) - (...) [HKLM] -- EnigmEdit
O42 - Logiciel: HDVB - (...) [HKLM] -- HDVB
~ Logic: 15 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP]
[HKCU\Software\EnigmEdit]
[HKCU\Software\Msan]
[HKLM\Software\"EnigmEdit]
[HKLM\Software\AliEditor]
[HKLM\Software\IDLLC]
~ Key Software: 265 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 04/11/2013 - 14:30:35 - [10,974] ----D C:\Program Files\B-Link
O43 - CFD: 24/02/2014 - 23:00:45 - [4,191] ----D C:\Program Files\HDVB
O43 - CFD: 04/10/2013 - 18:30:31 - [101,099] ----D C:\Program Files\idoo
O43 - CFD: 18/09/2013 - 17:41:48 - [23,027] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 18/09/2013 - 23:39:42 - [0,001] ----D C:\Users\hp\AppData\Roaming\idoo
O43 - CFD: 17/09/2013 - 00:47:38 - [4,937] ----D C:\Users\hp\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 25/01/2014 - 13:47:58 - [0] ----D C:\Users\hp\AppData\Roaming\twd
O43 - CFD: 14/03/2014 - 21:46:59 - [0] ----D C:\Users\hp\AppData\Local\DM
O43 - CFD: 01/11/2013 - 18:23:54 - [0,534] ----D C:\Users\hp\AppData\Local\iSpirit
O43 - CFD: 12/10/2013 - 11:43:32 - [0] ----D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EnigmEdit
O43 - CFD: 24/02/2014 - 23:00:45 - [0,003] ----D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDVB
~ Program Folder: 211 Legitimates Filtered in 00mn 40s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CC35D242AFEBC4152AEFD01242359427] - 04/04/2014 - 18:01:06 -SHA- . (...) -- C:\Windows\System32\win_fldb_sys.dat [2772]
O44 - LFC:[MD5.707666A7D53DD9714CD4ABB7D4B1FEEF] - 07/04/2014 - 14:10:05 -SHA- . (...) -- C:\Windows\System32\win_flfiles_sys.dat [11781]
O44 - LFC:[MD5.77C0ECFA2B881C92579C78DA7CC4A504] - 08/04/2014 - 16:42:04 -SHA- . (...) -- C:\Windows\System32\win_stlthdb_sys.dat [3465]
O44 - LFC:[MD5.B9D5E5B1E0C302CCEF1A5F882CABDC45] - 13/04/2014 - 20:02:50 ---A- . (...) -- C:\Windows\msxml4-KB973688-enu.LOG [288432]
O44 - LFC:[MD5.2CB47C057B60C7B42601362A59A68268] - 13/04/2014 - 20:03:20 ---A- . (...) -- C:\Windows\msxml4-KB954430-enu.LOG [284516]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 13/04/2014 - 20:11:11 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 13/04/2014 - 20:21:56 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.CA67E788F2367A9777090599CA2C0AED] - 13/04/2014 - 20:22:36 ---A- . (...) -- C:\Windows\IE9_main.log [4755]
~ Files: 328 Legitimates Filtered in 00mn 13s



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\Windows\System32\Drivers\WinFLAdrv.sys (.not file.)
~ CSB: 14 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{b4f181f8-8aca-11e3-976b-8851fb45f1ff}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
O51 - MPSK:{b4f18215-8aca-11e3-976b-8851fb45f1ff}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:[MD5.D720E872772D004E304FCE0CE54E1F8A] - 20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:[MD5.A1CC726323FB41FFD29F436A77237E41] - 20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 14:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.7131934F7088ED1BC4A59D642CCF26AE] - 29/03/2014 - 19:32:31 ---A- . (...) -- C:\Windows\System32\WinFLAdrv.sys [30752]
O58 - SDL:[MD5.2BD447AA9488959A76508E5F78619FE4] - 29/03/2014 - 19:32:30 ---A- . (...) -- C:\Windows\System32\WinVDEdrv6.sys [188176]
~ Drivers: 16 Legitimates Filtered in 00mn 03s



---\\ Alternate Data Stream File (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\D3DX9_43.dll:Zone.Identifier
~ ADS: Scanned in 00mn 01s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9E6575A62D925600E5E8CF5BED841445] [SPRF][08/04/2014] (...) -- C:\ProgramData\win_mpwd_sys.dat [2568]
[MD5.7A0DFC5353FF6DE7DE0208A29FA2FFC9] [SPRF][17/09/2013] (.Simon Tatham - SSH, Telnet and Rlogin client.) -- C:\Users\hp\Desktop\putty.exe [495616]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{967575D5-1BBF-4401-B351-C355AB34F470}C:\program files\hdvb\hdvb.exe" | In - Public - P6 - TRUE | .(.- - HDVB CardSharing Client.) -- C:\program files\hdvb\hdvb.exe
O87 - FAEL: "UDP Query User{AFD2DDF3-2D93-43C7-8B3E-974ADED442D1}C:\program files\hdvb\hdvb.exe" | In - Public - P17 - TRUE | .(.- - HDVB CardSharing Client.) -- C:\program files\hdvb\hdvb.exe
~ Firewall: 443 Legitimates Filtered in 00mn 01s



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: iPhone - {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1}
~ MNS: 2 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
~ BTK: 230 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Auto 12/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 28/11/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/04/2010 36864 | (B-Link11nCU) . (.Realtek.) - C:\Program Files\B-Link\11n USB Wireless LAN Utility\RtlService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 07/03/2012 913144 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
SR - | Auto 29/03/2014 92984 | (FLService) . (.New Softwares.net.) - C:\Windows\system32\WinFLService.exe
SR - | Auto 20/12/2012 2255984 | (glarab_http_proxy) . (...) - C:\Program Files\GLArab.com\Proxy\http_proxy.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 23/10/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 08/09/2013 1786704 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 17/02/2014 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 07s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by hp at 13/04/2014 22:43:23

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
1 ntkrnlpa!IofCallDriver[0x82C75718] >> \Device\Harddisk0\DR0[0x859ACA58]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 12 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by hp at 13/04/2014 22:43:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (13/04/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKLM\Software\Martin Prikryl\OpenCandy] =>Adware.OpenCandy
C:\Users\hp\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\hp\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 335887 Items scanned in 00mn 19s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.Whitesmoke
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 6 link(s) detected in 00mn 00s



~ 1614 Legitimates filtered by white list
End of the scan (568 lines in 03mn 24s)(0)

Publicité


Signaler le contenu de ce document

Publicité