Script ZHPFix O17 - HKLM\System\CCS\Services\Tcpip\..\{BDE24462-60FA-464C-851B-9132F32B345E}: DhcpDomain = ASUS O17 - HKLM\System\CS1\Services\Tcpip\..\{BDE24462-60FA-464C-851B-9132F32B345E}: DhcpDomain = ASUS O17 - HKLM\System\CS2\Services\Tcpip\..\{BDE24462-60FA-464C-851B-9132F32B345E}: DhcpDomain = ASUS O42 - Logiciel: SMADAV version 9.8.1 - (.SmadSoft.) [HKLM][64Bits] -- {8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1 [HKCU\Software\Psiphon3] [HKCU\Software\SMAD?V] [HKLM\Software\Class] O44 - LFC:[MD5.63BC252CD02612F4CE87997DDD772C17] - 9/11/2014 - 7:56:22 PM ---A- . (...) -- C:\Windows\System32\CyTpCo1.dll [7680] O44 - LFC:[MD5.851D59F7BDF51A88FEA6F253C419D767] - 9/11/2014 - 7:56:25 PM ---A- . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\Drivers\cykbfltr.sys [14336] O44 - LFC:[MD5.E20E2E71BBCEE3522EF91AD4C7D2FE12] - 9/11/2014 - 7:56:25 PM ---A- . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\Drivers\cymfltr.sys [88576] O58 - SDL:3/9/2012 - 3:16:54 PM ---A- . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\Drivers\cykbfltr.sys [14336] O58 - SDL:3/9/2012 - 3:16:56 PM ---A- . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\Drivers\cymfltr.sys [88576] O43 - CFD: 9/14/2014 - 9:53:57 PM - [] ----D C:\Users\vecken\AppData\Roaming\TFP [MD5.6AA935398C57650947E1D5D2D359EE26] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1722368] =>Trojan.AutoKMS C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^ HKCU\Software\Torch] [HKCU\Software\Usbfix] O43 - CFD: 9/20/2014 - 10:51:16 PM - [] ----D C:\Users\vecken\AppData\Local\Torch O44 - LFC:[MD5.FD96D298BCEDA3971E74A3A8437EA692] - 9/11/2014 - 8:28:11 PM ----- . (...) -- C:\RHDSetup.log [2206] O44 - LFC:[MD5.D5712684CB320A31EAED4394D4F13F41] - 9/11/2014 - 8:28:30 PM ----- . (...) -- C:\Install.log [217] O44 - LFC:[MD5.3DFED40454579A06740BC34EAEEB3898] - 9/11/2014 - 8:28:53 PM ----- . (...) -- C:\csb.log [180] O44 - LFC:[MD5.1D3B56B7FC8FE1958078963279364F95] - 9/19/2014 - 12:05:07 AM ---A- . (...) -- C:\Windows\IE10_main.log [8574] O44 - LFC:[MD5.1A6926B82D73954F11B0FA494B62B5B6] - 9/20/2014 - 1:14:27 PM ---A- . (...) -- C:\UsbFix_Upload_Me_VECKEN-PC.zip [26108] O44 - LFC:[MD5.32D0284F0885872723A392F72ED28CCA] - 9/20/2014 - 1:14:37 PM ---A- . (...) -- C:\UsbFix.txt [7872] O44 - LFC:[MD5.9B69BE6C383443BCDFC231AC93A92A6D] - 9/21/2014 - 8:54:40 AM ---A- . (...) -- C:\service.log [5096] O44 - LFC:[MD5.ECB021CA3370582F0C7244B0CF06732C] - 9/16/2014 - 9:03:54 PM ---A- . (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\Windows\System32\cscript.exe [156160] O44 - LFC:[MD5.183FA53919638305691ED2F97EAF7072] - 9/19/2014 - 10:54:17 PM ---A- . (.Microsoft Corporation - Microsoft HTML Application host.) -- C:\Windows\System32\mshta.exe [12800] O51 - MPSK:{cd9fa325-3a3e-11e4-9d69-1c6f65441495}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.) [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O61 - LFC: 9/19/2014 - 9:55:02 AM ----- . (...) -- C:\Users\vecken\Downloads\Programs\HFV.exe [706893] O61 - LFC: 9/19/2014 - 9:55:02 AM ---A- . (...) -- C:\Users\vecken\Downloads\Programs\psiphon-3-en-win_2.exe [881488] O61 - LFC: 9/19/2014 - 9:55:02 AM ---A- . (.SmadSoft.) -- C:\Users\vecken\Downloads\Programs\smadav981.exe [1202657] O61 - LFC: 9/20/2014 - 9:55:02 AM ---A- . (...) -- C:\Users\vecken\Downloads\Trojorm Removal Tool v1.5.bat [21995] O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) [HKCU\Software\DeviceVM] [HKLM\Software\Wow6432Node\DeviceVM] O43 - CFD: 9/11/2014 - 9:26:54 PM - [] ----D C:\Program Files (x86)\DeviceVM [MD5.0659E8CF010BA0C49FC08EB88F0E2407] - (.Smadsoft - Smadav USB Antivirus & Additional Protectio.) -- C:\Program Files (x86)\Smadav\SM?RTP.exe [1617920] [PID.2068] [MD5.FB309A962EACD8D104225CA857614412] - (.DeviceVM, Inc. - Browser Configuration Utility.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000] [PID.2888] [MD5.382B151DAFFE4A9CE9DA9F564B66761E] - (.DeviceVM, Inc. - Browser Configuration Utility Auto-recovery.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464] [PID.1824] [MD5.D41D8CD98F00B204E9800998ECF8427E] - (...) -- C:\Program Files (x86)\Smadav\SM?RTP.exe [1617920] [PID.0] R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.google.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.google.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R3 - URLSearchHook: SearchHook Class [64Bits] - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.DeviceVM, Inc. - Browser Configuration Utility Address Bar S.) (1.1.18.0) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll O4 - HKCU\..\Run: [inadgnuxqz] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKLM\..\Wow6432Node\Run: [BCU] . (.DeviceVM, Inc. - Browser Configuration Utility.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe O4 - HKUS\S-1-5-21-3460996909-1450838025-1718544263-1000\..\Run: [inadgnuxqz] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O23 - Service: Browser Configuration Utility Service (BCUService) . (.DeviceVM, Inc. - Browser Configuration Utility Auto-recovery.) - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O24 - Default MHTML Editor: Last - .(...) - (.not file.) [MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [smadav] (...) -- C:\Program Files (x86)\Smadav\SM?RTP.exe [1617920] O43 - CFD: 9/21/2014 - 9:53:11 AM - [] ----D C:\Users\vecken\AppData\Local\Temp O44 - LFC:[MD5.045451FA238A75305CC26AC982472367] - 9/16/2014 - 9:03:54 PM ---A- . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe [168960] O44 - LFC:[MD5.05D80FF3483BD8F268B01703C859198A] - 9/16/2014 - 9:03:54 PM ---A- . (.Microsoft Corporation - Windows Script Host Runtime Library.) -- C:\Windows\System32\wshom.ocx [150016] O44 - LFC:[MD5.DC0354F0ECF2CA3F34A60D01BD415A46] - 9/19/2014 - 12:12:16 PM ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [282912] O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O61 - LFC: 9/19/2014 - 9:55:01 AM ---A- . (...) -- C:\Users\vecken\AppData\Roaming\IDM\DwnlData\vecken\psiphon-3-en-win_17\psiphon-3-en-win.exe [870464] O61 - LFC: 9/20/2014 - 9:55:01 AM ---A- . (.Tonec Inc..) -- C:\Users\vecken\AppData\Local\Temp\scoped_dir_4200_21528\CRX_INSTALL\IDMGCExt.dll [135816] O61 - LFC: 9/20/2014 - 9:55:01 AM ---A- . (.Torch Media Inc..) -- C:\Users\vecken\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg\25.0.0.3359_0\TorchHelper.dll [267104] O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {2EF3C226-DFBF-4320-A69C-F3BEB2C1C7C3} - (Yahoo) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {C1DD5C11-FD2E-4a0f-A031-2133BC88F094} - (Google) - http://www.google.com SR - | Auto 10/15/2009 223464 | (BCUService) . (.DeviceVM, Inc..) - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe ShortcutFix FirewallRaz EmptyTemp EmptyFlash Proxyfix Sysrestore