cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Launched by Xp (20/07/2015 06:34:11 م)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v43.0.2357.134 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ System protection software
Avast Free Antivirus v10.2.2218

---\\ System optimization software
CCleaner v5.06

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 18 PPAPI
Extended Asian Language font pack for Adobe Reader XI
Java 7 Update 40

---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3574.1 MB (64% free)
System Restore: Désactivé (Disabled)
System drive C: has 3 GB (14%) free of 20 GB

---\\ Connection to the system mode
~ Computer Name: XP-AAA8489913B9
~ User Name: Xp
~ All Users Names: Xp, SUPPORT_388945a0, HelpAssistant, Guest, ASPNET, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Xp\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Xp\Application Data\
~ %Desktop% : C:\Documents and Settings\Xp\Desktop\
~ %Favorites% : C:\Documents and Settings\Xp\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Xp\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Xp\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 29 Go)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 49 Go)
F: Hard drive, Flash drive, Thumb drive (Free 2 Go of 51 Go)
G: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 41 Legitimates Filtered in :0mn صs



---\\ Search Generic System Files
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) (.08/10/2014 - 10:17:14 م.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.FBF173582874C30EC5FAF8F8A67D873E] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/10/2014 - 10:36:22 م.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) (.08/10/2014 - 10:36:24 م.) -- C:\WINDOWS\system32\Winlogon.exe [509440]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.08/10/2014 - 10:13:12 م.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:10:32 م.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.08/10/2014 - 10:14:32 م.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.08/10/2014 - 10:14:32 م.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.08/10/2014 - 10:17:16 م.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.08/10/2014 - 10:18:38 م.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.08/10/2014 - 10:19:10 م.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.08/10/2014 - 10:19:58 م.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.08/10/2014 - 10:20:02 م.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.08/10/2014 - 10:20:02 م.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.08/10/2014 - 10:25:10 م.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.08/10/2014 - 10:27:02 م.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) (.08/10/2014 - 10:27:48 م.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.08/10/2014 - 10:31:44 م.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.08/10/2014 - 10:29:26 م.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.04/09/2009 - 04:43:46 م.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 10:10:28 م.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.08/10/2014 - 10:34:30 م.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/6
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/126
~ Mes Documents (My Documents) : 1/2193
~ Mon Bureau (My Desktop) : 0/163
~ Menu demarrer (Programs) : 1/67
~ Hidden Files: Scanned in :0mn صs



---\\ Process running
[MD5.54236E79A44F909612391C8A2D70D512] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1488]
[MD5.E44733C30F7FE6A1CE7A6B1D2B335CFC] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.2012]
[MD5.2022C54B3A79A51C9538CE47D1F50BC3] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.2020]
[MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\rundll32.exe [0] [PID.2028]
[MD5.65C6AA484AD2287D20541C7735989437] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496] [PID.2036]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.140]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.204]
[MD5.1D4F13DBB57C5152FC9A5DABBCFC78B4] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.220]
[MD5.A381DE7A9E3EB7915242F91730F3B4D0] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.240]
[MD5.804FBB66EC6CA862B840D173EFC638A7] - (.DAEMON'S HOME - Virtual DAEMON Manager.) -- C:\Program Files\CD-R\DAEMON Tools\daemon.exe [81920] [PID.248]
[MD5.388BA092CAF69DF98AD6BDE3B91EF399] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3837520] [PID.268]
[MD5.C992C2FE8E3D149020F5397686C14145] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1565504] [PID.288]
[MD5.221C5310D1CD9549A28044F15F170B8A] - (.Microsoft Corporation - Microsoft Windows Status Protocol.) -- C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe [6786560] [PID.360]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1404]
[MD5.F57A690656A8CACFABB78E30D1E71EE1] - (.Mobogenie.com - MobogenieService.exe.) -- C:\Program Files\Mobogenie3\MobogenieService.exe [127680] [PID.852] =>PUP.Mobogenie
[MD5.C0C121B537DA3AD87481C0502CACE462] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448] [PID.2760]
[MD5.BED732213E4EE960F2480393C3326635] - (.No owner - The Desktop Weather Service.) -- C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe [143848] [PID.2800]
[MD5.A9BF6E5F3A667DA088A6268EBC53DB63] - (...) -- C:\Program Files\Mobogenie3\MoboGenieHelper.exe [105152] [PID.3024] =>PUP.Mobogenie
[MD5.B37B72E9066225FD483BA91D2908525C] - (.ShenZhen Enode Techology co,.Ltd - Windows weather tool.) -- C:\Program Files\WeatherTool\1.2.2.10256\weather.exe [1249768] [PID.3204]
[MD5.066F2BBE2EEC9A42B065B552BF356B4E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4060]
[MD5.EE526B0428581B57FFC571FF57309E28] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [6369048] [PID.1932]
[MD5.3BBEC4CC2A388B4C5D1EFE20EAD7D98F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.1552]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8214016] [PID.2716]
~ Processes Running: Scanned in :0mn صs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Xp\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 12 Legitimates Filtered in :0mn صs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@nokia.com/EnablerPlugin] - (.No owner - Nokia Suite Enabler Plugin.) -- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
~ Firefox Browser: 11 Legitimates Filtered in :0mn صs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 13 Legitimates Filtered in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
O1 - Hosts: 174.120.45.28 www.advanceturboflasher.com
O1 - Hosts: 174.120.45.29 www.atf-lightning.com
O1 - Hosts: waiting albert.apple.com
~ Nombre lignes détournées 3/23 (Hosts file redirected)
~ Hosts File: Scanned in :0mn صs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Orphan key
~ Toolbar: Scanned in :0mn صs



---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Global Startup: 1 Legitimates Filtered in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Run: [DAEMON Tools 3.47-1033] . (.DAEMON'S HOME - Virtual DAEMON Manager.) -- C:\Program Files\CD-R\DAEMON Tools\daemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [DriverToolkit] C:\Program Files\DriverToolkit\DriverToolkit.exe (.not file.) =>PUP.DriverToolkit
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [winver.exe] . (.Microsoft Corporation - Microsoft Windows Status Protocol.) -- C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (.not file.)
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe (.not file.)
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [DriverToolkit] C:\Program Files\DriverToolkit\DriverToolkit.exe (.not file.) =>PUP.DriverToolkit
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [winver.exe] . (.Microsoft Corporation - Microsoft Windows Status Protocol.) -- C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (.not file.)
O4 - HKUS\S-1-5-21-842925246-57989841-1417001333-1003\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
~ Application: Scanned in :0mn صs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons: Scanned in :0mn صs



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in :0mn صs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{023E6C1A-16DF-40F0-BB5C-B0A6D3E50A45}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C9EFA2-DDF9-4D35-9F90-51DD11DBD7DC}: NameServer = 10.5.50.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F71C19A-61CC-4E1E-BC12-5FD2BE9A46E6}: DhcpNameServer = 208.67.220.123 208.67.222.123 77.88.8.7 77.88.8.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{023E6C1A-16DF-40F0-BB5C-B0A6D3E50A45}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{E3C9EFA2-DDF9-4D35-9F90-51DD11DBD7DC}: NameServer = 10.5.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F71C19A-61CC-4E1E-BC12-5FD2BE9A46E6}: DhcpNameServer = 208.67.220.123 208.67.222.123 77.88.8.7 77.88.8.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{023E6C1A-16DF-40F0-BB5C-B0A6D3E50A45}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C9EFA2-DDF9-4D35-9F90-51DD11DBD7DC}: NameServer = 10.5.50.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F71C19A-61CC-4E1E-BC12-5FD2BE9A46E6}: DhcpNameServer = 208.67.220.123 208.67.222.123 77.88.8.7 77.88.8.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.220.123 208.67.222.123 77.88.8.7 77.88.8.3
~ Domain: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in :0mn صs



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in :0mn صs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: MobogenieService (MobogenieService) . (.Mobogenie.com - MobogenieService.exe.) - C:\Program Files\Mobogenie3\MobogenieService.exe =>PUP.Mobogenie
O23 - Service: The Desktop Weather Service (TheDesktopWeatherService) . (.No owner - The Desktop Weather Service.) - C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe
~ Services: 6 Legitimates Filtered in :0mn صs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in :0mn صs



---\\ Task Planned Automatically (039)
[MD5.1B760E19416D3988A23E83FFD3EDE0C2] [APT] [{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}] (...) -- C:\Program Files\WeatherTool\1.2.2.10256\InstallHelper.exe [849896]
[MD5.00000000000000000000000000000000] [APT] [{6A128791-4857-4484-9BB2-71D4C1257200}] (...) -- C:\Documents and Settings\Xp\Application Data\ToolsUpdatePlatform\CallBackInstall.exe (.not file.) [0]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\klcp_update.job [652]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job [892]
O39 - APT: {3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} - (...) -- C:\WINDOWS\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job [588]
O39 - APT: {6A128791-4857-4484-9BB2-71D4C1257200} - (...) -- C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job [334]
~ Scheduled Task: 20 Legitimates Filtered in :0mn صs



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Installed Component - S-1-5-21-842925246-57989841-1417001333-1003 - >{X9B49E34-C7CC-11D0-8953-00A0C90347FF} -- Not Hexadécimal CLSID
~ Active Setup: 20 Legitimates Filtered in :0mn صs



---\\ Drivers launched at startup (O41)
O41 - Driver: (wafd_vt_1_10_0_20) . (. - .) - C:\WINDOWS\system32\drivers\wafd_vt_1_10_0_20.sys (.not file.)
~ Drivers: 81 Legitimates Filtered in :0mn صs



---\\ Software installed (O42)
O42 - Logiciel: Advance Turbo Flasher 11.80 - (.Advance-Box.) [HKLM] -- {BD431236-592C-4D68-A6A3-2F68AC1CD55A}
O42 - Logiciel: ROCKEY200 Driver (Remove only) - (...) [HKLM] -- B3DE3DBF-7F64-47b5-B25B-9842D2B1A045_Rockey200std
O42 - Logiciel: UFS Suite - (.SarasSoft.) [HKLM] -- {E22E26FA-575A-4122-BB39-90321F1CF19C}
O42 - Logiciel: UFS_DCTxBB5 - (.SarasSoft.) [HKLM] -- {219CECE1-F39F-4F6E-82AE-ABB75A7125C4}
O42 - Logiciel: UFSx Device USB Drivers - (.SarasSoft.) [HKLM] -- UFS2XX
O42 - Logiciel: USB CCID Smartcard Reader - Version 1.2.1.2 - (.USB CCID.) [HKLM] -- {939913F9-F134-4E9E-B879-BE6755B69952}
~ Logic: 53 Legitimates Filtered in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Kromtech]
[HKCU\Software\MTK]
[HKCU\Software\Mike Bradley]
[HKCU\Software\Omnius]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\SPT]
[HKCU\Software\Spreadtrum]
[HKCU\Software\Toggle]
[HKCU\Software\WajIntEnhance] =>PUP.Wajam
[HKCU\Software\WeatherTool]
[HKCU\Software\Zebra-Media]
[HKCU\Software\handle]
[HKCU\Software\undefined]
[HKCU\Software\wincy]
[HKLM\Software\AIM Toolbar]
[HKLM\Software\Advance-Box]
[HKLM\Software\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Baidu Security]
[HKLM\Software\CloudOpt]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DtsEncodeTools]
[HKLM\Software\EVP]
[HKLM\Software\FMD]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Mike Bradley]
[HKLM\Software\SarasSoft]
[HKLM\Software\SpeedBit]
[HKLM\Software\StrongSignal] =>PUP.StrongSignal
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\baidu]
[HKLM\Software\supTab] =>PUP.SupTab
~ Key Software: 405 Legitimates Filtered in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 15/10/2014 - 10:39:08 م - [0] ----D C:\Program Files\GUM106.tmp
O43 - CFD: 21/10/2014 - 07:42:52 م - [] ----D C:\Program Files\USB CCID
O43 - CFD: 01/11/2014 - 10:50:58 م - [] ----D C:\Program Files\SarasSoft
O43 - CFD: 09/12/2014 - 07:44:12 م - [0] ----D C:\Program Files\MobiMB Mobile Media Browser
O43 - CFD: 24/02/2015 - 03:18:20 م - [0] ----D C:\Program Files\XTab
O43 - CFD: 19/03/2015 - 02:56:28 م - [] ----D C:\Program Files\Zebra-Media
O43 - CFD: 15/06/2015 - 02:48:12 م - [] ----D C:\Program Files\CD-R
O43 - CFD: 19/07/2015 - 03:24:20 م - [] ----D C:\Program Files\WeatherTool
O43 - CFD: 19/07/2015 - 03:42:28 م - [] ----D C:\Program Files\Wincy
O43 - CFD: 09/12/2014 - 07:44:30 م - [] ----D C:\Program Files\Common Files\LogoManager
O43 - CFD: 08/02/2015 - 02:58:30 م - [] ----D C:\Documents and Settings\All Users\Application Data\baidu
O43 - CFD: 08/02/2015 - 02:58:52 م - [0] ----D C:\Documents and Settings\All Users\Application Data\Baidu Security
O43 - CFD: 19/07/2015 - 03:24:28 م - [] ----D C:\Documents and Settings\All Users\Application Data\ToolsUpdatePlatform
O43 - CFD: 01/11/2014 - 10:50:58 م - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\SarasSoft
O43 - CFD: 22/01/2015 - 02:57:50 م - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\Java Development Kit
O43 - CFD: 15/06/2015 - 02:48:14 م - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\CD-R
O43 - CFD: 15/10/2014 - 09:01:28 م - [] ----D C:\Documents and Settings\Xp\Application Data\NaviFirmPlus
O43 - CFD: 04/11/2014 - 01:54:14 م - [] ----D C:\Documents and Settings\Xp\Application Data\AdbDriverInstaller
O43 - CFD: 04/11/2014 - 01:58:12 م - [] ----D C:\Documents and Settings\Xp\Application Data\ApkInstaller
O43 - CFD: 10/11/2014 - 01:46:30 م - [0] ----D C:\Documents and Settings\Xp\Application Data\rmi
O43 - CFD: 08/02/2015 - 02:40:02 م - [] ----D C:\Documents and Settings\Xp\Application Data\baidu
O43 - CFD: 19/07/2015 - 03:24:22 م - [] ----D C:\Documents and Settings\Xp\Application Data\WeatherTool
O43 - CFD: 22/01/2015 - 07:52:58 م - [] ----D C:\Documents and Settings\Xp\Local Settings\Application Data\._[WHH]_
O43 - CFD: 08/02/2015 - 03:14:08 م - [0] ----D C:\Documents and Settings\Xp\Local Settings\Application Data\BAVData
O43 - CFD: 19/07/2015 - 03:42:26 م - [] ----D C:\Documents and Settings\Xp\Local Settings\Application Data\fami
O43 - CFD: 19/07/2015 - 03:42:46 م - [] ----D C:\Documents and Settings\Xp\Local Settings\Application Data\Setup7976250
O43 - CFD: 21/10/2014 - 07:43:08 م - [] ----D C:\Documents and Settings\Xp\Start Menu\Programs\ROCKEY200 Driver
~ Program Folder: 224 Legitimates Filtered in :0mn صs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.55E6B88A75E4EC4936E2812B42918428] - 07/07/2015 - 11:03:08 م ---A- . (...) -- C:\WINDOWS\BcomDownloader_Lite_v1[1].67_for_BCM2153(Nand3G).INI [472]
O44 - LFC:[MD5.82D3A5ECBE9878F154B535631023082E] - 18/07/2015 - 10:58:16 م ---A- . (...) -- C:\WINDOWS\win.ini [823]
O44 - LFC:[MD5.F19DEA3B2181DC5A5EEFA6A890DAAC95] - 19/07/2015 - 02:19:26 م ---A- . (...) -- C:\Sonic-3D-Blast-(F)-[!].gs0 [140408]
O44 - LFC:[MD5.8018F9A1222A157BFA7DCAEAC777D843] - 19/07/2015 - 02:19:40 م ---A- . (...) -- C:\Sonic-3D-Blast-(F)-[!].gs1 [140408]
O44 - LFC:[MD5.679A12F130260BDFF19CA5DB75E167C4] - 19/07/2015 - 02:19:42 م ---A- . (...) -- C:\Sonic-3D-Blast-(F)-[!].gs2 [140408]
O44 - LFC:[MD5.5B1D5C2669E5B6076DBEC2AB55FA7B1D] - 19/07/2015 - 02:19:42 م ---A- . (...) -- C:\Sonic-3D-Blast-(F)-[!].gs3 [140408]
O44 - LFC:[MD5.5D00A5C308835BB8E634039305829388] - 19/07/2015 - 02:19:42 م ---A- . (...) -- C:\Sonic-3D-Blast-(F)-[!].gs4 [140408]
O44 - LFC:[MD5.BB7F08D6FCED04A8011CE585A4E81FC2] - 19/07/2015 - 02:40:06 م ---A- . (...) -- C:\Sonic-the-Hedgehog-3-(U)-[!].srm [604]
O44 - LFC:[MD5.70211BA63388B680EAD13193028C2ED0] - 19/07/2015 - 03:33:24 م ---A- . (...) -- C:\Sonic-Special-Stages-(U)-[c].gs0 [140408]
O44 - LFC:[MD5.9AC9E0C78B9074C24E54D65EBFD69DE2] - 19/07/2015 - 06:23:26 م ---A- . (...) -- C:\Sonic-and-Knuckles-(JUE)-[!].gs2 [140408]
O44 - LFC:[MD5.8B0A8C519B1EBA074791F166CBCB82A1] - 19/07/2015 - 06:23:26 م ---A- . (...) -- C:\Sonic-and-Knuckles-(JUE)-[!].gs3 [140408]
O44 - LFC:[MD5.90827D7D00D78240E3CCE10FF33E5252] - 19/07/2015 - 06:23:28 م ---A- . (...) -- C:\Sonic-and-Knuckles-(JUE)-[!].gs4 [140408]
O44 - LFC:[MD5.F7E545E231FFAAEA63416F8E688E0104] - 19/07/2015 - 06:41:46 م ---A- . (...) -- C:\Sonic-and-Knuckles-(JUE)-[!].srm [272]
O44 - LFC:[MD5.873EA3362AA6AC9B704F6C27D2CC7445] - 20/07/2015 - 03:36:54 م ---A- . (...) -- C:\WINDOWS\bthservsdp.dat [12]
O44 - LFC:[MD5.EEB9DD594ADFE3D02A145787838EE907] - 20/07/2015 - 03:36:56 م ----- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.62B5A71DDC444192FBEF5710AC8A79CE] - 20/07/2015 - 05:29:58 م ----- . (...) -- C:\WINDOWS\wiadebug.log [157]
~ Files: 30 Legitimates Filtered in :1mn صs



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Winamp\winamp.exe" [Enabled] .(.Nullsoft, Inc..) -- C:\Program Files\Winamp\winamp.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Mobogenie3\mobogenieP2sp.exe" [Enabled] .(...) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe (.not file.) =>PUP.Mobogenie
O47 - AAKE:Key Export DP - "C:\Program Files\Winamp\winamp.exe" [Enabled] .(.Nullsoft, Inc..) -- C:\Program Files\Winamp\winamp.exe
~ Keys Export: 17 Legitimates Filtered in :0mn صs



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in :0mn صs



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{3abd4ced-5850-11e4-b5f3-001372156ffc}\AutoRun\command. (...) -- G:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{40d2bd10-6808-11e4-8d6b-001372156ffc}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
~ Keys: Scanned in :0mn صs



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (...) -- C:\Program Files\Skype\Phone\Skype.exe (.not file.)
~ SMSR Keys: 11 Legitimates Filtered in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:08/10/2014 - 10:16:50 م ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:08/10/2014 - 10:29:24 م ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:08/10/2014 - 10:16:50 م ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:22/08/2004 - 04:31:10 م ---A- . (.No owner - PnP BIOS Extension.) -- C:\WINDOWS\system32\Drivers\stormbus.sys [155136]
O58 - SDL:08/10/2014 - 10:18:38 م ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:07/12/2012 - 06:27:50 م ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\WINDOWS\system32\Drivers\htcnprot.sys [21248]
O58 - SDL:22/08/2004 - 04:31:48 م ---A- . (.No owner - SCSI miniport.) -- C:\WINDOWS\system32\Drivers\stormprt.sys [5248]
O58 - SDL:13/12/2012 - 02:50:38 م ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\Drivers\usbaapl.sys [45056]
O58 - SDL:09/06/2014 - 10:40:58 ص ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121440]
O58 - SDL:30/12/2013 - 10:52:38 ص ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:13/10/2014 - 07:57:48 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [89856]
O58 - SDL:23/07/2008 - 06:29:18 م ---A- . (...) -- C:\WINDOWS\system32\Drivers\vsb.sys [15264]
O58 - SDL:23/07/2008 - 06:29:18 م ---A- . (...) -- C:\WINDOWS\system32\Drivers\vserial.sys [47744]
O58 - SDL:13/10/2014 - 07:57:48 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [184192]
O58 - SDL:07/07/2011 - 04:13:46 م ---A- . (.HandSet Incorporated - HandSet CDROM Filter.) -- C:\WINDOWS\system32\Drivers\massfilter_hs.sys [15896]
O58 - SDL:13/10/2014 - 07:57:48 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudserd.sys [184192]
O58 - SDL:13/10/2014 - 07:57:48 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile OBEX Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudobex.sys [184192]
O58 - SDL:13/10/2014 - 07:57:48 ص ---A- . (.DEVGURU Co., LTD. - MSS CS Connectivity USB driver.) -- C:\WINDOWS\system32\Drivers\ss_conn_usb_driver.sys [23296]
O58 - SDL:22/08/2011 - 03:31:34 م ---A- . (.SpreadTrum - SPRD Class Enumerator Driver.) -- C:\WINDOWS\system32\Drivers\sprd_enum.sys [84224]
O58 - SDL:22/08/2011 - 03:31:34 م ---A- . (.SpreadTrum - SPRD CDC ACM Class Driver.) -- C:\WINDOWS\system32\Drivers\sprd_acm.sys [67712]
O58 - SDL:22/08/2004 - 04:31:10 م ---A- . (.No owner - PnP BIOS Extension.) -- C:\WINDOWS\system32\Drivers\d347bus.sys [155136]
O58 - SDL:22/08/2004 - 04:31:48 م ---A- . (.No owner - SCSI miniport.) -- C:\WINDOWS\system32\Drivers\d347prt.sys [5248]
O58 - SDL:30/04/2015 - 07:17:08 م ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:30/04/2015 - 07:17:08 م ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:30/04/2015 - 07:17:08 م ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [209048] =>.ALWIL Software
O58 - SDL:12/03/2009 - 02:53:46 ص ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\WINDOWS\system32\Drivers\sthda.sys [1550613]
O58 - SDL:12/12/2008 - 06:12:12 ص R--A- . (.Compaq Computer Corp. - Easy Access PS/2 Keyboard Filter Driver.) -- C:\WINDOWS\system32\Drivers\eaps2kbd.sys [24035]
O58 - SDL:31/08/2007 - 11:21:14 م ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys [260224]
O58 - SDL:08/10/2014 - 10:13:16 م ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:08/10/2014 - 10:15:22 م ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:08/10/2014 - 10:18:54 م ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:08/10/2014 - 10:21:06 م ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:08/10/2014 - 10:21:06 م ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:08/10/2014 - 10:27:48 م ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:30/12/2013 - 03:54:22 ص ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [37344]
~ Drivers: 142 Legitimates Filtered in :0mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 30/04/2015 - C:\WINDOWS\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 28/05/2015 - C:\Program Files\Mobogenie3\MobogenieService.exe (MobogenieService) .(.Mobogenie.com - MobogenieService.exe.) - LEGACY_MOBOGENIESERVICE =>PUP.Mobogenie
O64 - Services: CurCS - 15/06/2015 - C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe (TheDesktopWeatherService) .(.No owner - The Desktop Weather Service.) - LEGACY_THEDESKTOPWEATHERSERVICE
~ Legacy: 150 Legitimates Filtered in :0mn صs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Xp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\launcher.exe (.not file.)
~ Keys: Scanned in :0mn صs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Xp - h7dz4iq7.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (istartsurf) - http://www.istartsurf.com =>PUP.Istart
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://do-search.com =>PUP.DoSearches
~ Keys: Scanned in :0mn صs



---\\ Crack & Keygen Files (CKF) (O82)
E:\box\BOXCRACK\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\AdvanceBB5 Interface Driver\AdvanceBB5UNIN.EXE =>.Crack,Keygen
E:\box\BOXCRACK\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\AdvanceUFS Interface Driver\AdvanceBB5UNIN.EXE =>.Crack,Keygen
E:\box\BOXCRACK\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\AdvanceUFS Interface Driver\Copy of UFS2XXUN.exe =>.Crack,Keygen
E:\box\BOXCRACK\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\Advance_Box_FREE_DCT4_Plus_Unlock_Cracked_V2_By_BB5BOX_ORG\AdvanceUFS Interface Driver\UFS2XXUN.exe =>.Crack,Keygen
E:\box\BOXCRACK\jaf\furious_cracked\furious cracked\furious cracked by dark flash\furious cracked by dark flash.exe =>.Crack,Keygen
E:\box\BOXCRACK\jaf\furious_cracked.rar =>.Crack,Keygen
E:\Direct_Com_For_UFS_by_tunivision\Direct Com For UFS by tunivision\Direct Com For UFS by tunivision\DirectCom_cracked.exe =>.Crack,Keygen
E:\elgakar\(I) ZERO CALL\صيانة\مخططات واعطال\مخططات\serves\iphone\icloud\Icloud unlocker Free\Icloud unlocker Free cracked flasher comunity\icloud unlocker Crack by Mark_unlocker\key.dat =>.Crack,Keygen
E:\elgakar\(I) ZERO CALL\صيانة\مخططات واعطال\مخططات\serves\iphone\icloud\Icloud unlocker Free\Icloud unlocker Free cracked flasher comunity\icloud unlocker Crack by Mark_unlocker.rar =>.Crack,Keygen
E:\elgakar\(I) ZERO CALL\صيانة\مخططات واعطال\مخططات\serves\iphone\icloud\Icloud unlocker Free\Icloud unlocker Free cracked flasher comunity\iCloud Unlocker Setup\iCloud Unlocker Setup.exe =>.Crack,Keygen
E:\elgakar\(I) ZERO CALL\صيانة\مخططات واعطال\مخططات\serves\iphone\icloud\Icloud unlocker Free\Icloud unlocker Free cracked flasher comunity\iCloud Unlocker Setup.rar =>.Crack,Keygen
E:\elgakar\المهم\Copy of Favorites\DreamDDL.com - Full Version Download Crack Serial Keygen Torrent Rapidshare Free Warez.url =>.Crack,Keygen
E:\elgakar\المهم\Copy of Favorites\http--www.crackserialkeygen.com-crack-PVplayer304--serial-keygen-nfo.html.url =>.Crack,Keygen
E:\برامج كمبيوتر\pro\برامج خفيفة\كورسات\تعليمات\NEWعلاء\cracked182.zip =>.Crack,Keygen
E:\برامج كمبيوتر\pro\سرعة الرامات\SuperRam.ACT\SuperRam.ACT\keygen-Lz0 & patch\Patch.exe =>.Crack,Keygen
~ Files: Scanned in :4mn صs



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial) =>PUP.SpeedDial
~ BCK: 5077 Legitimates Filtered in :2mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/07/2015 268976 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 08/10/2014 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 03/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/07/1658 0 | (NMIndexingService) . (...) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 22/07/1658 0 | (STacSV) . (...) - c:\docume~1\xp\locals~1\temp\drp\dp_sound_b_wnt5_x86-32_1111\drp\d\s\ia\STacSV.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/04/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 28/05/2015 127680 | (MobogenieService) . (.Mobogenie.com.) - C:\Program Files\Mobogenie3\MobogenieService.exe =>PUP.Mobogenie
SR - | Auto 15/12/2014 5426448 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
SR - | Auto 15/06/2015 143848 | (TheDesktopWeatherService) . (...) - C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe
~ Services: Scanned in :2mn صs



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Xp at 20/07/2015 06:37:05 م
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8B7E3AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in :0mn صs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Xp at 20/07/2015 06:37:07 م
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in :0mn صs



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:22/08/2004 - 04:31:10 م ---A- . (.No owner - PnP BIOS Extension.) -- C:\WINDOWS\system32\Drivers\d347bus.sys [155136]
O58 - SDL:22/08/2004 - 04:31:48 م ---A- . (.No owner - SCSI miniport.) -- C:\WINDOWS\system32\Drivers\d347prt.sys [5248]
~ Emulateurs: Scanned in :0mn صs



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 32
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 9

[HKLM\SYSTEM\CurrentControlSet\Services\MobogenieService] =>PUP.Mobogenie^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\AppDataLow\AskBarDis] =>Toolbar.AskBarDis
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLM\Software\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DriverToolkit =>PUP.DriverToolkit^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
C:\Program Files\Mobogenie3\MobogenieService.exe =>PUP.Mobogenie^
C:\Program Files\Mobogenie3\MoboGenieHelper.exe =>PUP.Mobogenie^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\WajIntEnhance] =>PUP.Wajam^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\StrongSignal] =>PUP.StrongSignal^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial) =>PUP.SpeedDial^
~ Additionnel Scan: 245951 Items scanned in :4mn صs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in :0mn صs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://www.nicolascoolman.fr/blog/ =>PUP.DriverToolkit
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.StrongSignal
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches
http://nicolascoolman.fr/32720552-pup-speeddial =>PUP.SpeedDial
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskTBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-whitesmoke =>PUP.Whitesmoke
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/spyware-soft2pc =>Spyware.Soft2PC
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBarDis
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://www.nicolascoolman.fr/blog/ =>Adware.ShopperReports
~ MSI: 25 link(s) detected in :0mn صs



~ 1083 Legitimates filtered by white list
End of the scan (728 lines in :4mn صs)(15.4)

Publicité


Signaler le contenu de ce document

Publicité