cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.16.27 - Nicolas Coolman (16/04/2014)
~ Launched by Administrateur (16/04/2014 14:21:33)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 15.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.116
OPIE: Opera vStable 20.0.1387.77

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software
avast! Free Antivirus v8.0.1497.0

---\\ System optimization software
CCleaner v3.18 =>.Piriform Ltd

---\\ Sharing software PeerToPeer
eMule

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (63% free)
System Restore: Désactivé (Disabled)
System drive C: has 36 GB (50%) free of 72 GB

---\\ Connection to the system mode
~ Computer Name: SWEET-5592C8FEA
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 36 Go of 72 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 77 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go)
G: CD-ROM drive (Free 0 Go of 0 Go)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.BFBBBFE0913E6C9706F97598A6588B8F] - (.Microsoft Corporation - Explorateur Windows.) (.27/09/2008 - 11:24:52.) -- C:\WINDOWS\Explorer.exe [1573888]
[MD5.90B16FF3ACEC94B95BA95AA686442A47] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/09/2008 - 11:27:20.) -- C:\WINDOWS\system32\wininet.dll [879616]
[MD5.4BB6301D634C857A5089E8B24C5555E4] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.27/09/2008 - 11:27:21.) -- C:\WINDOWS\system32\Winlogon.exe [593408]
[MD5.744B88B93D2A58A1EB84C11D48CA85C8] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/07/2008 - 12:44:47.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.32ECB7D3C03532B4460E09E960A3B72E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30/07/2008 - 13:09:57.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455936]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.A0857C97770034FD2AF17DC4014B5ABD] - (.Microsoft Corporation - NT File System Driver.) (.22/04/2008 - 14:45:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.24/08/2012 - 10:21:37.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.27/09/2008 - 01:58:26.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 0/7
~ Mes musiques (My Musics) : 0/16
~ Mes Videos (My Videos) : 0/2
~ Mes Favoris (My Favorites) : 0/5
~ Mes Documents (My Documents) : 0/8961
~ Mon Bureau (My Desktop) : 0/245
~ Menu demarrer (Programs) : 0/59
~ Hidden Files: Scanned in 00mn 02s



---\\ Process running
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1156]
[MD5.5AC144F03B31AFAB6717AD3622D1680D] - (.Atheros - ACS.) -- C:\WINDOWS\system32\acs.exe [499796] [PID.1320]
[MD5.BC0FEADA7A5A69787C70B03EBC51B582] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [161776] [PID.1456]
[MD5.472A00D2183C9E5EDB3E076272741812] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.2.) -- C:\WINDOWS\system32\nvsvc32.exe [155716] [PID.1484]
[MD5.3EC5F6051F8E678B42C2EA2ED903D503] - (.Solid Documents, LLC - Solid Spool Service.) -- C:\WINDOWS\Installer\MSI17.tmp [177784] [PID.1552]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.1676]
[MD5.B0844D746C47FB20CA50ED0BAD09065C] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16861184] [PID.1600]
[MD5.6E15CAC2275E0B0A22E7EE9BAC30D7BA] - (...) -- C:\WINDOWS\VistaDrive\VistaDrive.exe [280779] [PID.1768]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.1760]
[MD5.59C21F2E20088038544C04BEACB8BA10] - (.Vimicro - Vimicro.) -- C:\WINDOWS\VM303_STI.exe [61440] [PID.1840]
[MD5.1FC71A719B45A6A90BAFE2387EA07984] - (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe [233472] [PID.0]
[MD5.92FFC9F22407AD72F2CE0193B624B63F] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [950704] [PID.2060]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.2072]
[MD5.D0FD3AD8AC4A0090A44A4D08AAA05F5F] - (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe [200704] [PID.2080]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096] [PID.2100]
[MD5.2A5B8714984A8A5423FB99C2252D0985] - (...) -- C:\Documents and Settings\Administrateur\Application Data\svchost.exe [178688] [PID.844]
[MD5.BFF948019509B5BF3F9B6CEED2E2B8E3] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe [1422680] [PID.3456]
[MD5.9C376F42BDE37F18D0A39AF7415D9BE6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917984] [PID.3984]
[MD5.1B30B37ADC4F747823C513C51A2214A4] - (.AVAST Software - avast! antivirus Update.) -- C:\Program Files\AVAST Software\Avast\setup\avast.setup [6583664] [PID.2184]
[MD5.D1B5718B386705AE72149CC82A97F189] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\20.0.1387.77\opera.exe [46141792] [PID.3900]
[MD5.18FCC5BF3B1065BCE75AC5D373A77C62] - (...) -- C:\Program Files\Opera\20.0.1387.77\opera_crashreporter.exe [1380192] [PID.3904]
[MD5.405A2343A4A4337EA221603D69D8061A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8217088] [PID.372]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleآ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleآ Wallet v.0.0.6.1 (Activé)

---\\ Google Chrome Extension Folder

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 52s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lpjtjb6d.default\prefs.js
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\avg-secure-search.xml =>Toolbar.AVGSearch
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startimes.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects (O2)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Tonec Inc. - IDM BHO Module.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Opera 20.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O4 - GS\Program [AllUsers]: WRC 4 FIA World Rally Championship.lnk . (.Milestone S.r.l. - WRC 4.) -- C:\Program Files\WRC 4 FIA World Rally Championship\WRC4.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 9 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [VistaDrive] . (...) -- C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [BigDog303] . (.Vimicro - Vimicro.) -- C:\WINDOWS\VM303_STI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Orphan key
O4 - HKLM\..\Run: [abu dhabi sport 3 HD (1)] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe
O4 - HKLM\..\Run: [AVPCC] . (.Kaspersky Labs. - KL Control Centre.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O4 - HKLM\..\Run: [HSPALauncher] . (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe
O4 - HKLM\..\Run: [1c1381244e52115e9abc28474bcdf203] . (...) -- C:\Documents and Settings\Administrateur\Application Data\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4300 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAR.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [abu dhabi sport 3 HD (1)] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [1c1381244e52115e9abc28474bcdf203] . (...) -- C:\Documents and Settings\Administrateur\Application Data\svchost.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\.DEFAULT\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [EPSON Stylus CX4300 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAR.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [abu dhabi sport 3 HD (1)] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-602162358-789336058-1177238915-500\..\Run: [1c1381244e52115e9abc28474bcdf203] . (...) -- C:\Documents and Settings\Administrateur\Application Data\svchost.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF8AEDD-FF6B-45AA-8A2D-091A6B81D5A2}: NameServer = 4.2.2.2 80.246.0.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7CF8AEDD-FF6B-45AA-8A2D-091A6B81D5A2}: NameServer = 4.2.2.2 80.246.0.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{7CF8AEDD-FF6B-45AA-8A2D-091A6B81D5A2}: NameServer = 4.2.2.2 80.246.0.3
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: PS TO PC CONVERTER - (...) [HKLM] -- {A483F88A-41E9-45B2-AAC9-A823DD9B4873}
O42 - Logiciel: USB Game Controller - (...) [HKLM] -- {D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}
O42 - Logiciel: herdProtect Anti-Malware Scanner - (.Reason Company Software Inc..) [HKLM] -- herdProtectScan
~ Logic: 25 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1c1381244e52115e9abc28474bcdf203]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\System Management Bus]
[HKCU\Software\jo]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Doug]
[HKLM\Software\abu dhabi sport 3 HD (1)]
[HKLM\Software\jo]
~ Key Software: 298 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 15/03/2014 - 16:08:06 - [0] ----D C:\Program Files\AareSoft
O43 - CFD: 16/03/2014 - 12:01:15 - [0] ----D C:\Program Files\Mass Downloader
O43 - CFD: 15/03/2014 - 16:55:51 - [5,503] ----D C:\Program Files\Opera75
O43 - CFD: 15/03/2014 - 16:31:48 - [12,222] ----D C:\Program Files\Fichiers communs\KAV Shared Files
~ Program Folder: 159 Legitimates Filtered in 00mn 03s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.F0D114A524FF8C49AECABC5042968587] - 04/04/2014 - 23:15:42 ---A- . (...) -- C:\WINDOWS\win.ini [683]
O44 - LFC:[MD5.BDDE322DD3E6ABBC589C5DC8A948A661] - 12/04/2014 - 10:50:02 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\WINDOWS\system32\Drivers\cmusbser.sys [103552]
O44 - LFC:[MD5.64453813D9C6F39FD2BAAA054C0EDCAF] - 12/04/2014 - 10:50:03 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [67236]
O44 - LFC:[MD5.1A99F2A1D8B14ACB9C5F6943A9069660] - 12/04/2014 - 14:39:48 ---A- . (...) -- C:\WINDOWS\ModemLog_Mobile Connector.txt [8798]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 14/04/2014 - 11:55:23 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.10718CB872F7E1E6BFC7E0E570C99E26] - 15/04/2014 - 20:32:32 ---A- . (...) -- C:\WINDOWS\system32\JkDefragScreenSaver.log [13062]
O44 - LFC:[MD5.FC2D4291CF1B5BC2801A594DBABEE787] - 16/04/2014 - 12:49:17 ---A- . (...) -- C:\UsbFix [Scan 1] SWEET-5592C8FEA.txt [13792]
O44 - LFC:[MD5.138138C6D825072CD40450FCF73C38DB] - 16/04/2014 - 12:52:11 ---A- . (...) -- C:\UsbFix [Clean 2] SWEET-5592C8FEA.txt [3386]
O44 - LFC:[MD5.D1E4DBF92F0B12D83CAF354792B05A95] - 16/04/2014 - 12:53:32 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.A1D0B45E918E4E4217A1AE303E640CDE] - 16/04/2014 - 12:53:34 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.F1A275E9F6B37E0419A8246F5A9B41A8] - 16/04/2014 - 12:59:58 ---A- . (...) -- C:\UsbFix [Scan 2] SWEET-5592C8FEA.txt [13853]
~ Files: 20 Legitimates Filtered in 00mn 01s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Application Data\svchost.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\Administrateur\Application Data\svchost.exe
~ Keys Export: 8 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{9dff9664-6bda-11e3-94ea-001e8cc2b616}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{ae2a5144-c1b3-11e3-9592-9fe17ecef2d8}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 01s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
~ MWPS: 6 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=
O56 - MWPE:[HKLM\...\policies\Explorer] - "CDRAutoRun"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HideRunAsVerb"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoNetConnectDisconnect"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
~ MWPE Keys: 32 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 26/02/2006 - 16:02:49 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810]
O58 - SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] - 30/08/2013 - 09:48:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.A5F637D61719D37A5B4868C385E363C0] - 30/08/2013 - 09:48:13 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [177864]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 24/08/2012 - 10:21:37 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.BDDE322DD3E6ABBC589C5DC8A948A661] - 29/08/2008 - 16:54:40 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\WINDOWS\system32\Drivers\cmusbser.sys [103552]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.AACD48039C4BB5930EC145B456CB791E] - 28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121184]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.58C938BDD89281DC1A64B1DCE675FCE4] - 17/08/2004 - 11:44:22 ---A- . (.VM - Video streaming and Capture Device Driver.) -- C:\WINDOWS\system32\Drivers\usbVM31b.sys [91263]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 24/08/2012 - 10:21:37 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 6 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 14/12/2013 - C:\Program Files\Java\jre7\bin\jqs.exe (JavaQuickStarterService) .(.Oracle Corporation - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
~ Legacy: 111 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\Administrateur\Mes documents\cherif\XBMC\cache\scrapers\metadata.tvdb.com\cache-cracked%20s01.xml =>.Crack,Keygen
C:\Documents and Settings\Administrateur\Mes documents\cherif\XBMC\cache\scrapers\metadata.tvdb.com\cache-cracked.s01.xml =>.Crack,Keygen
C:\Documents and Settings\Administrateur\Mes documents\cherif\XBMC\cache\scrapers\metadata.tvdb.com\cache-cracked.xml =>.Crack,Keygen
C:\Documents and Settings\Administrateur\Mes documents\cherif\XBMC\cache\scrapers\metadata.tvdb.com\cache-cracked%20s01.xml =>.Crack,Keygen
C:\Documents and Settings\Administrateur\Mes documents\cherif\XBMC\cache\scrapers\metadata.tvdb.com\cache-cracked.s01.xml =>.Crack,Keygen
C:\Documents and Settings\Administrateur\Mes documents\cherif\XBMC\cache\scrapers\metadata.tvdb.com\cache-cracked.xml =>.Crack,Keygen
~ Files: Scanned in 00mn 28s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.2A5B8714984A8A5423FB99C2252D0985] [SPRF][15/04/2014] (...) -- C:\Documents and Settings\Administrateur\Application Data\svchost.exe [178688]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Random Export Key (REK) (O91)
[HKCU\Software\1c1381244e52115e9abc28474bcdf203]:[kl]="14/04/14 firefox منتديات ستار تايمز: جديد مدار Astra 4A 4.8° E - Mozilla Firefox[ENTER]14/04/14 opera Réglages - Ope
~ Export Key Software: Scanned in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/12/2013 250056 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 22/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/12/2011 360529 | (jswpsapi) . (.wireless.) - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe
SS - | Demand 06/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 10/07/1658 0 | (MSDTC) . (...) - C:\WINDOWS\system32\msdtc.exe
SS - | Auto 05/04/2012 158856 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 26/12/2011 499796 | (acs) . (.Atheros.) - C:\WINDOWS\system32\acs.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/12/2013 161776 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 05/12/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 14/12/2013 177784 | (SCPDFReadSpool) . (.Solid Documents, LLC.) - C:\WINDOWS\Installer\MSI17.tmp

~ Services: Scanned in 00mn 08s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 16/04/2014 14:23:33

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] >> \Device\Harddisk0\DR0[0x8A709AB8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 16/04/2014 14:23:35

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (16/04/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{6e4c89cf-3061-4ee4-b22a-b7a8aaea5cb3}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Softonic] =>Toolbar.Conduit
C:\Program Files\MediaInfo\OpenCandy =>Adware.OpenCandy
[HKLM\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 186173 Items scanned in 00mn 24s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ MSI: 5 link(s) detected in 00mn 00s



~ 929 Legitimates filtered by white list
End of the scan (579 lines in 02mn 27s)(6)

Publicité


Signaler le contenu de ce document

Publicité