cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.8.11.117 - Nicolas Coolman (11/08/2014)
~ Launched by USER (12/08/2014 15:34:45)
~ Web site address : http://nicolascoolman.fr
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software

---\\ System optimization software
CCleaner 4.05.4250 v4.05.4250

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Java 7 Update 60

---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (32% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (61%) free of 41 GB

---\\ Connection to the system mode
~ Computer Name: PCLAN
~ User Name: USER
~ All Users Names: USER, UpdatusUser, SUPPORT_388945a0, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\USER\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\USER\Application Data\
~ %Desktop% : C:\Documents and Settings\USER\Bureau\
~ %Favorites% : C:\Documents and Settings\USER\Favoris\
~ %LocalAppData% : C:\Documents and Settings\USER\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\USER\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 41 Go)
D: Hard drive, Flash drive, Thumb drive (Free 13 Go of 17 Go)
E: Hard drive, Flash drive, Thumb drive (Free 9 Go of 17 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)
M: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/03/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/262
~ Mes musiques (My Musics) : 1/4
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 8/5566
~ Mon Bureau (My Desktop) : 1/1866
~ Menu demarrer (Programs) : 1/77
~ Hidden Files: Scanned in 00mn 08s



---\\ Process running
[MD5.8943636C74603637BD5491CE2A26ADC6] - (...) -- E:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [914568] [PID.1760]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.1856]
[MD5.E87885A59FDC241B6575943A75E495D9] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.208]
[MD5.3585D8C36884D274F9047A1AC174D8D5] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [2117960] [PID.248]
[MD5.9E95E0F8EDE1CCEBF70D9E388D467814] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.0.) -- C:\WINDOWS\system32\nvsvc32.exe [156960] [PID.292]
[MD5.6915DDF0EA6B416FEF51C917DFA121BF] - (.Microsoft - service.) -- C:\WINDOWS\system32\service.exe [75264] [PID.524]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDLL32.exe [0] [PID.720]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [256896] [PID.768]
[MD5.CC907C2FB839D3F92690A25FF8E463BE] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4972864] [PID.1012]
[MD5.E7E69A45148BE15CD26C5F63EEEC8133] - (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe [3829328] [PID.1260]
[MD5.94902703C933B341383C16E65928A763] - (.PELock Software - .netshrink exe compressor loader.) -- C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\%svchost%.exe [188928] [PID.1708]
[MD5.3CAA1A4ADDE7A06516A5C9FEDF80CB2E] - (.Reloaded.company - ClassLibrary1.) -- C:\Documents and Settings\USER\Local Settings\Tempmr1motaz.exe [15360] [PID.2376]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- D:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.2988]
[MD5.340636A9D4F9B9449AA9AFF60BD1AEF6] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe [511872] [PID.2356]
[MD5.48F0FB34D7AAC0A48E005C796F79A94B] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe [73728] [PID.1192]
[MD5.48FD4932F734C1BA100CE52DC3E8BF30] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8091136] [PID.3448]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleآ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleآ Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ojoalkffommhmdmbohjphohoejjmgepc] Simple Startup Password v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 12s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [USER - fb4bu3bt.default] {e968fc70-8f95-4ab9-9e79-304de2a71ee1}
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=userinit.exe,,c:\program files\microsoft\desktoplayer.exe
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: DAEMON Tools Toolbar - [HKLM]{32099AAC-C132-4136-9E9A-4E364A424E17} . (.No owner - ToolBand Module.) -- C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{32099AAC-C132-4136-9E9A-4E364A424E17} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitaire de configuration système.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-790525478-1202660629-1644491937-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-790525478-1202660629-1644491937-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACEE6C6-8AD3-4729-A5E9-F0B5FC348385}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5ACEE6C6-8AD3-4729-A5E9-F0B5FC348385}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Acunetix WVS Scheduler v8 (AcuWVSSchedulerv8) . (...) - E:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
~ Services: 8 Legitimates Filtered in 00mn 03s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: (MoboroboAssDriver) . (. - .) - C:\WINDOWS\system32\drivers\MoboroboAssDriver.sys (.not file.)
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: .NET Reactor - (.Eziriz.) [HKLM] -- .NET Reactor
O42 - Logiciel: .NET Reactor - (.Eziriz.) [HKLM] -- {6732AE9F-CE1A-4DC7-A18D-A23CAA99724C}
O42 - Logiciel: .netshrink v2.6 - (.Bartosz Wَjcik.) [HKLM] -- .netshrink demo version_is1
O42 - Logiciel: Advanced Bulk Mail Plus 1.0.0.0 - (.Plugged Soft., M.ali.) [HKLM] -- Advanced Bulk Mail Plus_is1
O42 - Logiciel: Advanced Mass Sender 4.3 - (...) [HKLM] -- Advanced Mass Sender 4.3
O42 - Logiciel: Babel Obfuscator 4 - (.Alberto Ferrazzoli.) [HKLM] -- {17856158-5A86-4F9F-BC69-19129B2B3059}
O42 - Logiciel: DNGuard Enterprise v3.60 - (.ZiYuXuan Studio..) [HKLM] -- DNGuard Enterprise
O42 - Logiciel: DeepSea Obfuscator v4.0.1.16 - (...) [HKLM] -- DeepSea Obfuscator v4_is1
O42 - Logiciel: ExpressVPN v3.535 - (...) [HKLM] -- ExpressVPN
O42 - Logiciel: MailJet - (.Jitbit.) [HKLM] -- {291F8EE2-CBC2-45E4-8075-5D5B4FA24AB9}
O42 - Logiciel: Smart Install Maker 5.03 - (...) [HKLM] -- Smart Install Maker 5.03
O42 - Logiciel: Who Is On My Wifi version 2.1.1 - (.IO3O LLC.) [HKLM] -- {010D45A1-093D-4534-8147-4E10E80F81CC}_is1
~ Logic: 29 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstallBuilders]
[HKCU\Software\PECompact]
[HKCU\Software\ZiYuXuan]
[HKCU\Software\proxy]
[HKLM\Software\Info]
[HKLM\Software\ND]
~ Key Software: 217 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 12/05/2014 - 22:43:09 - [] ----D C:\Program Files\.netshrink
O43 - CFD: 12/05/2014 - 12:50:21 - [] ----D C:\Program Files\Babel
O43 - CFD: 12/05/2014 - 12:46:19 - [] ----D C:\Program Files\DeepSea Obfuscator 4
O43 - CFD: 07/08/2014 - 20:35:34 - [] ----D C:\Program Files\Devolutions
O43 - CFD: 12/06/2014 - 12:57:15 - [] ----D C:\Program Files\ExpressVPN
O43 - CFD: 12/05/2014 - 21:53:10 - [] ----D C:\Program Files\Smart Install Maker
O43 - CFD: 11/08/2014 - 20:32:04 - [] ----D C:\Program Files\Your Product
O43 - CFD: 30/07/2014 - 22:48:08 - [] ----D C:\Documents and Settings\All Users\Application Data\boost_interprocess
O43 - CFD: 12/05/2014 - 12:36:24 - [0] ----D C:\Documents and Settings\All Users\Application Data\DNGuard HVM
O43 - CFD: 11/05/2014 - 23:27:51 - [] --H-D C:\Documents and Settings\All Users\Application Data\{68CB2E83-5D39-4632-AD40-574EE5ED3F38}
O43 - CFD: 12/06/2014 - 16:32:46 - [] ----D C:\Documents and Settings\USER\Application Data\ExpressVPN
O43 - CFD: 07/06/2014 - 11:53:46 - [] ----D C:\Documents and Settings\USER\Application Data\MailJet
O43 - CFD: 10/06/2014 - 19:47:32 - [] ----D C:\Documents and Settings\USER\Application Data\Maxprog
O43 - CFD: 07/08/2014 - 20:36:07 - [] ----D C:\Documents and Settings\USER\Local Settings\Application Data\Devolutions
O43 - CFD: 12/06/2014 - 16:26:28 - [] ----D C:\Documents and Settings\USER\Local Settings\Application Data\ExpressVPN
O43 - CFD: 19/04/2014 - 23:04:22 - [] ----D C:\Documents and Settings\USER\Menu Démarrer\Programmes\Advanced Mass Sender
O43 - CFD: 12/05/2014 - 12:41:26 - [] ----D C:\Documents and Settings\USER\Menu Démarrer\Programmes\Babel
O43 - CFD: 12/06/2014 - 12:57:15 - [] ----D C:\Documents and Settings\USER\Menu Démarrer\Programmes\ExpressVPN
O43 - CFD: 12/05/2014 - 13:17:04 - [] ----D C:\Documents and Settings\USER\Menu Démarrer\Programmes\PECompact
O43 - CFD: 12/05/2014 - 21:53:10 - [] ----D C:\Documents and Settings\USER\Menu Démarrer\Programmes\Smart Install Maker 5.03
O43 - CFD: 11/08/2014 - 20:32:04 - [] ----D C:\Documents and Settings\USER\Menu Démarrer\Programmes\Your Product
~ Program Folder: 151 Legitimates Filtered in 00mn 00s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.9450B18A8F86FAFFC765BD567B89F521] - 07/08/2014 - 18:33:46 ---A- . (...) -- C:\WINDOWS\system32\Outils.InstallState [2012]
O44 - LFC:[MD5.02470B8CB92C619455756E930E53AD86] - 07/08/2014 - 18:33:48 ---A- . (...) -- C:\WINDOWS\system32\service.InstallState [5012]
O44 - LFC:[MD5.7ADBAC213219D4BD53743A6A8EDA5F66] - 07/08/2014 - 20:28:54 ---A- . (...) -- C:\WINDOWS\ie8.log [58456]
O44 - LFC:[MD5.6C13B7ADDE0D66063CC7D9AE6E243AFC] - 07/08/2014 - 20:28:54 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.F233B91CB47710D0A022B52AAA5942A0] - 07/08/2014 - 20:29:17 ---A- . (...) -- C:\WINDOWS\ie8_main.log [37870]
O44 - LFC:[MD5.D3A40B6459CF4775816ED0E5557AE997] - 07/08/2014 - 23:21:26 ---A- . (...) -- C:\WINDOWS\wmsetup.log [21469]
O44 - LFC:[MD5.4DB4A095161139604F8E85E3C5D9119C] - 08/08/2014 - 12:49:00 ---A- . (...) -- C:\WINDOWS\updspapi.log [37837]
O44 - LFC:[MD5.EB1EE79CAD284AF1A8E62029CFC1557A] - 08/08/2014 - 12:49:10 ---A- . (...) -- C:\WINDOWS\msmqinst.log [39192]
O44 - LFC:[MD5.20A02943C9E1CAF161E7AAA647C17440] - 08/08/2014 - 12:49:25 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [130441]
O44 - LFC:[MD5.A67F92735A9806477A3906E528BBE7B6] - 08/08/2014 - 12:49:25 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [9219]
O44 - LFC:[MD5.362302B6404EAED73F83517616E64C43] - 08/08/2014 - 12:49:25 ---A- . (...) -- C:\WINDOWS\msgsocm.log [6659]
O44 - LFC:[MD5.154360D7766EC1E0F0BAAA548266B2B0] - 08/08/2014 - 12:49:25 ---A- . (...) -- C:\WINDOWS\netfxocm.log [23252]
O44 - LFC:[MD5.E72C949107E5F5D5D720D2980E9A663A] - 08/08/2014 - 12:49:25 ---A- . (...) -- C:\WINDOWS\ocgen.log [64936]
O44 - LFC:[MD5.CE0C927784D8607571303EDE0A044028] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\comsetup.log [43020]
O44 - LFC:[MD5.A81C1B591EB0C706013FCCD5BCEAF6DB] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\iis6.log [137585]
O44 - LFC:[MD5.A21CFDDE4637BE15EA92CE4049342D36] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.371116D6B26A7C3620D9E23E5141C492] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [26340]
O44 - LFC:[MD5.6C4FF45B79F1D033C8D1946678DF19CB] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\ocmsn.log [7309]
O44 - LFC:[MD5.430D741752FFDFFF075C6C412E7FBC89] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\tabletoc.log [6531]
O44 - LFC:[MD5.975EAE64F8FD5067372F55844AB8D5C8] - 08/08/2014 - 12:50:22 ---A- . (...) -- C:\WINDOWS\tsoc.log [61011]
O44 - LFC:[MD5.84EC39A12D40C873FA1817DF07DB7E1E] - 08/08/2014 - 12:52:29 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [12430]
O44 - LFC:[MD5.B5520D36B5867C764925008B4E724C05] - 12/08/2014 - 13:26:13 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.E99E8C8BC85A0FC86C4234910C421633] - 12/08/2014 - 13:26:28 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.FB06B1AA01D7FB2F93B1A13205C0E2B1] - 12/08/2014 - 13:42:02 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]
O44 - LFC:[MD5.C9CDB93664FF833AC42F350C0CD030C2] - 12/08/2014 - 15:04:52 ---A- . (...) -- C:\WINDOWS\system32\nvAppTimestamps [4350]
O44 - LFC:[MD5.D3E52CD450C217CE3CBF7AC24B594FE9] - 12/08/2014 - 15:12:22 ---A- . (...) -- C:\WINDOWS\system.ini [228]
O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 12/08/2014 - 15:12:22 ---A- . (...) -- C:\WINDOWS\win.ini [552]
O44 - LFC:[MD5.4DBFB3F55EAE99798AF1C179BB67F92E] - 29/07/2014 - 00:26:02 ---A- . (...) -- C:\WINDOWS\system32\tlpsplib10.dll [5480960]
~ Files: 43 Legitimates Filtered in 00mn 05s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "E:\Program Files\Counter-Strike 1.6\hl.exe" [Enabled] .(...) -- E:\Program Files\Counter-Strike 1.6\hl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\USER\Bureau\NJRAT\njRAT v0.7d.exe" [Enabled] .(...) -- C:\Documents and Settings\USER\Bureau\NJRAT\njRAT v0.7d.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Program Files\Moborobo\Moborobo PC Suite.exe" [Enabled] .(.Moborobo Inc..) -- D:\Program Files\Moborobo\Moborobo PC Suite.exe
O47 - AAKE:Key Export SP - "C:\Python27\setup.py" [Enabled] .(.No owner.) -- C:\Python27\setup.py
O47 - AAKE:Key Export SP - "C:\Documents and Settings\USER\Bureau\DarkCometRAT531\DarkComet.exe" [Enabled] .(...) -- C:\Documents and Settings\USER\Bureau\DarkCometRAT531\DarkComet.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Your Product\server final.exe" [Enabled] .(.PELock Software.) -- C:\Program Files\Your Product\server final.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\%svchost%.exe" [Enabled] .(.PELock Software.) -- C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\%svchost%.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:26/03/2014 - 12:40:29 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\WINDOWS\system32\Drivers\dtsoftbus01.sys [218688]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121184]
O58 - SDL:14/01/2014 - 15:13:28 ---A- . (...) -- C:\WINDOWS\system32\Drivers\MoborobAssDriver.sys [12072]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:22/08/2013 - 13:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\tap0901.sys [35288]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 40 Legitimates Filtered in 00mn 06s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix 2.0.2.2 - (...) [HKLM] -- UsbFix 2.0.2.2
O63 - Logiciel: UsbFix 2.15 - (...) [HKLM] -- UsbFix 2.15
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 16/11/2011 - E:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe (AcuWVSSchedulerv8) .(...) - LEGACY_ACUWVSSCHEDULERV8
O64 - Services: CurCS - 10/02/2013 - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (nvUpdatusService) .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) - LEGACY_NVUPDATUSSERVICE
~ Legacy: 116 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\USER\Mes documents\Downloads\Compressed\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD.rar =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD\bmbm842.rar =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD\bmbm842a.zip =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD\bmbm842b.zip =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Downloads\Compressed\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD.rar =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD\bmbm842.rar =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD\bmbm842a.zip =>.Crack,Keygen
C:\Documents and Settings\USER\Mes documents\Maxprog.MaxBulk.Mailer.Pro.v8.4.2.Multilingual.Incl.Keygen-BRD\bmbm842b.zip =>.Crack,Keygen
D:\Downloads\Compressed\Keygen.zip =>.Crack,Keygen
~ Files: Scanned in 00mn 21s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.86A1311D51C00B278CB7F27796EA442E] [SPRF][22/11/2013] (.Genry - ISTask for Inno Setup.) -- C:\Documents and Settings\All Users\Application Data\ISTask.dll [67584]
[MD5.E48357CDCB9605C8BAC672EA1B753957] [SPRF][07/08/2014] (...) -- C:\Documents and Settings\All Users\Application Data\patch.dll [132]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 26/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 25/09/2013 32568 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 16/11/2011 914568 | (AcuWVSSchedulerv8) . (...) - E:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
SR - | Auto 13/07/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 01/04/2014 2117960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 10/02/2013 156960 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 10/02/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 04/07/2014 75264 | (Service1) . (.Microsoft.) - C:\WINDOWS\system32\service.exe
SR - | Auto 02/04/2014 4972864 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
~ Services: Scanned in 00mn 14s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by USER at 12/08/2014 15:36:27
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF196] >> \Device\Harddisk0\DR0[0x89E07AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by USER at 12/08/2014 15:36:29
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (11/08/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar] =>Toolbar.Agent
[HKLM\Software\Classes\DTToolbar.ToolBandObj] =>Toolbar.ToolBand
[HKLM\Software\Classes\DTToolbar.ToolBandObj.1] =>Toolbar.ToolBand
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
C:\Program Files\DAEMON Tools Toolbar =>Toolbar.Agent
~ Additionnel Scan: 168416 Items scanned in 00mn 35s



---\\ Additional information about modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 00s



~ 806 Legitimates filtered by white list
End of the scan (540 lines in 02mn 21s)(9)

Publicité


Signaler le contenu de ce document

Publicité