cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2013.9.23.44 - Nicolas Coolman (23/09/2013)
~ Launched by bourdin (27/09/2013 17:48:55)
~ Web site address : http://nicolascoolman.webs.com
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control :


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 25.0 (Defaut)
GCIE: Google Chrome v29.0.1547.76

---\\ Windows product information
~ Langage: Anglais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software

---\\ System optimization software
CCleaner v4.05 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (44% free)
System Restore: Activ� (Enable)
System drive C: has 437 GB (93%) free of 466 GB

---\\ Connection to the system mode
~ Computer Name: NOURDIN2-A40A21
~ User Name: bourdin
~ All Users Names: SUPPORT_388945a0, Invitado, bourdin, ASPNET, Asistente de ayuda, Administrador,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\bourdin\Datos de programa\
~ %Desktop% : C:\Documents and Settings\bourdin\Escritorio\
~ %Favorites% : C:\Documents and Settings\bourdin\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\bourdin\Configuraci�n local\Datos de programa\
~ %StartMenu% : C:\Documents and Settings\bourdin\Men� Inicio\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 437 Go of 466 Go)
D: Floppy drive, Flash card reader, USB Key (Free 12 Go of 15 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 26 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.7522F548A84ABAD8FA516DE5AB3931EF] - (.Microsoft Corporation - Explorador de Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1036288]
[MD5.40D636CC2DE3F2458F9A393185743E92] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 7:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.213C80D912880BBF04453D09FFCCB28C] - (.Microsoft Corporation - Aplicaci�n de inicio de sesi�n de Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [510976]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 23:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.E5E61F2C07344E91DBFB7EAFDE549AB4] - (.Microsoft Corporation - Unidad Crypto FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A2490A66E8271901E89DD5FB79748AE] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.E7855CBD8BD1FDA085A3F92CFF7906E2] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80256]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 23:02:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.20950948970A0EA329B4254052BCF093] - (.Microsoft Corporation - Controlador de filtros de sonido Redbook.) (.14/04/2008 - 7:21:32.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58880]
[MD5.C41FFDC191E6C832E2E53C967EAE0A16] - (.Microsoft Corporation - Controlador de instant�nea de volumen.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 07s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/11858
~ Mon Bureau (My Desktop) : 0/14
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 29s



---\\ Process running
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112] [PID.1336]
[MD5.812A055CF0774160B7FBA37F8637451D] - (.APN LLC. - APN Updater.) -- C:\Archivos de programa\AskPartnerNetwork\Toolbar\apnmcp.exe [164816] [PID.1192]
[MD5.73036FCE7FFE07D28F02336E00FA026C] - (.BullGuard Ltd. - BullGuard Behavioural Detection.) -- c:\archivos de programa\bullguard ltd\bullguard\BullGuardBhvScanner.exe [423776] [PID.1292]
[MD5.9FE4BDBB9A9D18C0D50DFC3E26F3AC36] - (.BullGuard Ltd. - BullGuard Scanner.) -- c:\archivos de programa\bullguard ltd\bullguard\BullGuardScanner.exe [210784] [PID.1848]
[MD5.BADA7E8357F3D59A7261EF78BD404B6C] - (.BullGuard Ltd. - BullGuard Update.) -- C:\Archivos de programa\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [290144] [PID.308]
[MD5.71FA05D742D3B3D538E3D096F5FC3A97] - (.BullGuard Ltd. - BullGuard.) -- C:\Archivos de programa\BullGuard Ltd\BullGuard\BullGuard.exe [788832] [PID.1760]
[MD5.F7A01E608EDEB9BA5AEA26D1040DA7B7] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20143688] [PID.2020]
[MD5.3BD005DC32A020CB0CD820F7BAD58308] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe [260472] [PID.2068]
[MD5.B36B02C079F5BB841CC2CCB896072DD4] - (.APN - Ask Toolbar Notifier.) -- C:\Archivos de programa\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1601488] [PID.2104] =>Toolbar.Ask
[MD5.2281E6B90E14A6E6C53BA9EA12145089] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Archivos de programa\Internet Download Manager\IDMan.exe [3665488] [PID.2136]
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Archivos de programa\Skype\Phone\Skype.exe [20684656] [PID.2144]
[MD5.BF93DA78B62A4F13D631657EE2FDCEBD] - (.Salaat Time - www.salaattime.com - Salaat Time is a multi-function Islamic fre.) -- C:\Archivos de programa\Salaat Time\SalaatTime.exe [15376384] [PID.2184]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Archivos de programa\Internet Download Manager\IEMonitor.exe [268248] [PID.3668]
[MD5.52FA8D53E6AB028A83CD031DA12C83FC] - (.Microsoft Corporation - Control de volumen.) -- C:\WINDOWS\system32\SNDVOL32.exe [139264] [PID.1324]
[MD5.B873BC456C2976CED86FFFE5C351E55E] - (.AVM Software Inc. - Paltalk Messenger.) -- C:\Archivos de programa\Paltalk Messenger\paltalk.exe [9819232] [PID.3624]
[MD5.8678ADAFD6AB62F60634291B0FCBE20A] - (.Tencent Technology Company limited - QQ Player.) -- C:\Archivos de programa\Tencent\QQPlayer\QQPlayer.exe [10121216] [PID.8164] =>Adware.TencentAddressBar
[MD5.FF37E47FDDC8A12EE91C5A39824DEFE8] - (.Mozilla Corporation - Firefox.) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe [274840] [PID.6448]
[MD5.E0B1F7DED9F4240EF4FFBC05AB94DB05] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Archivos de programa\Mozilla Firefox\plugin-container.exe [17816] [PID.536]
[MD5.D63791AEA2D98C5B3A2881A230613B8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Archivos de programa\ZHPDiag\ZHPDiag.exe [8006144] [PID.3008]
[MD5.53CE7DC71E55AB4891C85E12E50EA1C9] - (.Nicolas Coolman - ZHPFix.) -- C:\Archivos de programa\ZHPDiag\ZHPFix\ZHPFix.exe [3018240] [PID.8392]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Archivos de programa\Internet Explorer\iexplore.exe [638816] [PID.5976]
~ Processes Running: Scanned in 00mn 38s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\bourdin\Datos de programa\Mozilla\Firefox\Profiles\o28q1u1f.default\prefs.js
M3 - MFPP: Plugins - [bourdin] -- C:\Documents and Settings\bourdin\Datos de programa\Mozilla\Firefox\Profiles\o28q1u1f.default\searchplugins\ask-search.xml
M0 - MFSP: prefs.js [bourdin - o28q1u1f.default] http://www.search.ask.com
~ Firefox Browser: 9 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BullGuard] . (.BullGuard Ltd. - BullGuard.) -- C:\Archivos de programa\BullGuard Ltd\BullGuard\BullGuard.exe
O4 - HKLM\..\Run: [BullGuardUpdate2] . (.BullGuard Ltd. - BullGuard Secondary Updater.) -- c:\archivos de programa\bullguard ltd\bullguard\BullGuardUpdate2.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Archivos de programa\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Archivos de programa\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Archivos de programa\Skype\Phone\Skype.exe =>.
O4 - HKCU\..\Run: [SalaatTime] . (.Salaat Time - www.salaattime.com - Salaat Time is a multi-function Islamic fre.) -- C:\Archivos de programa\Salaat Time\SalaatTime.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-776561741-651377827-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-776561741-651377827-1801674531-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Archivos de programa\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-776561741-651377827-1801674531-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Archivos de programa\Skype\Phone\Skype.exe =>.
O4 - HKUS\S-1-5-21-776561741-651377827-1801674531-1003\..\Run: [SalaatTime] . (.Salaat Time - www.salaattime.com - Salaat Time is a multi-function Islamic fre.) -- C:\Archivos de programa\Salaat Time\SalaatTime.exe
~ Application: Scanned in 00mn 01s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} . (.BullGuard Ltd. - BullGuard Antiphishing Toolbar Button.) -- C:\Archivos de programa\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Archivos de programa\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Archivos de programa\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Param�tres WEB: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A299F49-2104-4408-851C-07AF083317A4}: DhcpNameServer = 62.81.16.164 62.81.16.213
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A299F49-2104-4408-851C-07AF083317A4}: DhcpNameServer = 62.81.16.164 62.81.16.213
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A299F49-2104-4408-851C-07AF083317A4}: DhcpNameServer = 62.81.16.164 62.81.16.213
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.81.16.164 62.81.16.213
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 01s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de red sin conexi�n.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL com�n de recepci�n de notificaciones Wi.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL com�n de recepci�n de notificaciones Wi.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificaci�n de servicio de inicio d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL com�n de recepci�n de notificaciones Wi.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL com�n de recepci�n de notificaciones Wi.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificaci�n del Programa de Ventajas de Wi.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL com�n de recepci�n de notificaciones Wi.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 03s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.BullGuard Ltd. - BullGuard protection agent.) - C:\Archivos de programa\BullGuard Ltd\BullGuard\BgAgent.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca de IU Shell Browser.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Precargador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca de IU Shell Browser.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Servicio de actualizaci�n Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Archivos de programa\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: BullGuard Behavioural Detection (BsBhvScan) . (.BullGuard Ltd. - BullGuard Behavioural Detection.) - c:\archivos de programa\bullguard ltd\bullguard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) . (.BullGuard Ltd. - BullGuard Scanner.) - c:\archivos de programa\bullguard ltd\bullguard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) . (.BullGuard Ltd. - BullGuard Update.) - C:\Archivos de programa\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Servicio de Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Archivos de programa\Skype\Updater\Updater.exe
~ Services: 7 Legitimates Filtered in 00mn 10s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Mi p�gina de inicio actual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\bourdin\Configuraci�n local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\bourdin\Configuraci�n local\Datos de programa\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job [438]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 01s



---\\ Drivers launched at startup (O41)
O41 - Driver: (BdSpy) . (.BullGuard Ltd. - BullGuard File Monitor (x86).) - C:\WINDOWS\system32\drivers\BdSpy.sys
O41 - Driver: (NovaShieldFilterDriver) . (.NovaShield, Inc. - NovaShield Kernel Module.) - C:\WINDOWS\system32\DRIVERS\NSKernel.sys
O41 - Driver: (NovaShieldTDIDriver) . (.NovaShield, Inc. - NovaShield Kernel Module.) - C:\WINDOWS\system32\DRIVERS\NSNetmon.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM] -- {504C5432-2D56-3700-76A7-A758B70C0300} =>Toolbar.Ask
O42 - Logiciel: System Speed Booster - (...) [HKLM] -- SystemSpeedBooster
O42 - Logiciel: Who Is On My Wifi version 2.1.2 - (.IO3O LLC.) [HKLM] -- {010D45A1-093D-4534-8147-4E10E80F81CC}_is1
O42 - Logiciel: yusetup7 2.1.0 - (.45 Mo.) [HKLM] -- yusetup7 2.1.0
~ Logic: 169 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Tencent] =>Adware.TencentAddressBar
~ Key Software: 102 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 26/09/2013 - 20:14:29 - [7,499] ----D C:\Archivos de programa\AskPartnerNetwork
O43 - CFD: 26/09/2013 - 16:22:40 - [6,947] ----D C:\Archivos de programa\IO3O LLC
O43 - CFD: 24/09/2013 - 3:50:48 - [0] ----D C:\Archivos de programa\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 23/09/2013 - 1:35:08 - [0,001] ----D C:\Archivos de programa\Servicios en l�nea
O43 - CFD: 23/09/2013 - 15:43:22 - [15,767] ----D C:\Archivos de programa\SystemSpeedBooster
O43 - CFD: 23/09/2013 - 3:20:01 - [89,519] ----D C:\Archivos de programa\Tencent =>Adware.TencentAddressBar
O43 - CFD: 26/09/2013 - 20:14:14 - [0] ----D C:\Documents and Settings\All Users\Datos de programa\APN
O43 - CFD: 26/09/2013 - 20:14:29 - [0,088] ----D C:\Documents and Settings\All Users\Datos de programa\AskPartnerNetwork
O43 - CFD: 23/09/2013 - 12:16:58 - [0] ----D C:\Documents and Settings\All Users\Datos de programa\Babylon =>Toolbar.Babylon
O43 - CFD: 25/09/2013 - 8:18:18 - [0,387] ----D C:\Documents and Settings\All Users\Datos de programa\InstallMate
O43 - CFD: 23/09/2013 - 15:43:29 - [0,025] ----D C:\Documents and Settings\All Users\Datos de programa\SystemSpeedBooster
O43 - CFD: 27/09/2013 - 9:55:47 - [0,000] ----D C:\Documents and Settings\All Users\Datos de programa\Tencent =>Adware.TencentAddressBar
O43 - CFD: 25/09/2013 - 9:11:23 - [3,087] --H-D C:\Documents and Settings\All Users\Datos de programa\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}
O43 - CFD: 23/09/2013 - 12:16:58 - [0,004] ----D C:\Documents and Settings\bourdin\Datos de programa\Babylon =>Toolbar.Babylon
O43 - CFD: 23/09/2013 - 15:43:28 - [0,000] ----D C:\Documents and Settings\bourdin\Datos de programa\SystemSpeedBooster
O43 - CFD: 27/09/2013 - 9:55:47 - [0,309] ----D C:\Documents and Settings\bourdin\Datos de programa\Tencent =>Adware.TencentAddressBar
O43 - CFD: 23/09/2013 - 12:17:04 - [0] ----D C:\Documents and Settings\bourdin\Configuraci�n local\Datos de programa\Babylon =>Toolbar.Babylon
O43 - CFD: 23/09/2013 - 15:47:01 - [0,015] R---D C:\Documents and Settings\bourdin\Men� Inicio\Programas\Accesorios
O43 - CFD: 26/09/2013 - 20:13:39 - [0,002] R---D C:\Documents and Settings\bourdin\Men� Inicio\Programas\Inicio
O43 - CFD: 23/09/2013 - 3:20:07 - [0,003] ----D C:\Documents and Settings\bourdin\Men� Inicio\Programas\Tencent =>Adware.TencentAddressBar
~ Program Folder: 112 Legitimates Filtered in 00mn 09s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E948405414D4209C65E95E6F1BC471D2] - 23/09/2013 - 0:32:23 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 23/09/2013 - 0:32:30 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.174E9CB0115D6BFA79D8E3B9A142EA48] - 23/09/2013 - 0:32:30 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3981]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 23/09/2013 - 0:32:31 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.F79ACA4022D8F057869B5F7CDFD333FC] - 23/09/2013 - 0:32:31 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [27334]
O44 - LFC:[MD5.F463BC45CD34ADE54F801746B6D322B1] - 23/09/2013 - 0:32:31 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1161]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 23/09/2013 - 0:32:33 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 23/09/2013 - 0:32:33 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 23/09/2013 - 0:32:33 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\Grano de caf�.bmp [17062]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\Lazo azul 16.bmp [1272]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\Pompas.bmp [65978]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 23/09/2013 - 0:32:34 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\A pescar.bmp [17336]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Abanicos.bmp [26680]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Azteca.bmp [9522]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Plumas.bmp [16730]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Roca verde.bmp [26582]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Rododendro.bmp [17362]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Santa Fe.bmp [65832]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 23/09/2013 - 0:32:35 ---A- . (...) -- C:\WINDOWS\Viento.bmp [65954]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 23/09/2013 - 0:33:10 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 23/09/2013 - 0:33:10 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.7FD163C49A6392F26D44483E9725E47A] - 23/09/2013 - 0:33:18 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21900]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 23/09/2013 - 0:34:44 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 23/09/2013 - 0:34:44 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 23/09/2013 - 0:34:44 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [48680]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 23/09/2013 - 0:34:44 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [48680]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 23/09/2013 - 0:35:14 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 23/09/2013 - 0:35:14 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 23/09/2013 - 0:35:14 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 23/09/2013 - 0:35:14 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 23/09/2013 - 0:35:14 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 23/09/2013 - 0:35:14 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 23/09/2013 - 0:35:18 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 23/09/2013 - 0:35:18 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 23/09/2013 - 0:36:09 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 23/09/2013 - 0:36:16 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 23/09/2013 - 0:36:16 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 23/09/2013 - 0:36:17 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 0:36:19 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 0:36:19 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 0:36:19 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.8715347D6B7B2E3A7CFE5ADF2D510CE3] - 23/09/2013 - 0:36:19 ---A- . (...) -- C:\WINDOWS\win.ini [477]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 0:36:19 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 0:36:19 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.CBCB5D8671AA0EC4ECC820685B89D12E] - 23/09/2013 - 0:38:14 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [261]
O44 - LFC:[MD5.7C743B2132B1AE020E9A4D8E33E659F8] - 23/09/2013 - 0:38:55 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.6DDA25BD2F3240A5C4FA68CC41CC88DF] - 23/09/2013 - 1:22:06 R--A- . (...) -- C:\WINDOWS\SET3.tmp [1246421]
O44 - LFC:[MD5.0B988DFC151D4607C8892D0C6002C03E] - 23/09/2013 - 1:22:07 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1088840]
O44 - LFC:[MD5.721FDB6972400DE8B18FDCAC52BF6158] - 23/09/2013 - 1:22:10 R--A- . (...) -- C:\WINDOWS\SET8.tmp [16825]
O44 - LFC:[MD5.753678BA30B22AC6EC8B77AE8C8BF773] - 23/09/2013 - 1:23:37 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2909]
O44 - LFC:[MD5.4B87F6768FF157D61D295E4F9B0175A3] - 23/09/2013 - 1:23:37 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1936]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 23/09/2013 - 1:23:40 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 23/09/2013 - 1:23:41 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 23/09/2013 - 1:23:42 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 23/09/2013 - 1:23:42 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 23/09/2013 - 1:23:42 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 23/09/2013 - 1:23:44 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 23/09/2013 - 1:23:44 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 23/09/2013 - 1:23:44 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 23/09/2013 - 1:23:45 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 23/09/2013 - 1:23:45 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 23/09/2013 - 1:23:45 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 23/09/2013 - 1:23:45 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 23/09/2013 - 1:23:46 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 23/09/2013 - 1:23:47 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 23/09/2013 - 1:23:47 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 23/09/2013 - 1:23:48 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 23/09/2013 - 1:23:50 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 23/09/2013 - 1:23:50 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 23/09/2013 - 1:23:50 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 23/09/2013 - 1:23:52 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.A0E02492452D4E237465D99D005D91FD] - 23/09/2013 - 1:23:53 ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.12CAD48EDB5186C2DC4EF444520DE823] - 23/09/2013 - 1:26:42 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 1:27:59 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.3647407BA2B9052E6A1368492A3CED01] - 23/09/2013 - 2:24:27 ---A- . (...) -- C:\WINDOWS\ODBC.INI [379]
O44 - LFC:[MD5.18B3AFB51D16BD28F6B2C0C920CF1A18] - 23/09/2013 - 3:05:55 ---A- . (.Systweak Inc., (www.systweak.com) - Regclean Pro.) -- C:\WINDOWS\system32\roboot.exe [18360] =>Rogue.RegistryPowerCleaner
O44 - LFC:[MD5.71D8C9A337641489E31E6FF31BABF6BE] - 23/09/2013 - 4:55:23 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6170]
O44 - LFC:[MD5.0D7FB73FDC1A628150EF872C0A713C8B] - 24/09/2013 - 3:04:58 ---A- . (.N/A - OpenJDK Platform binary.) -- C:\WINDOWS\system32\java.exe [175504]
O44 - LFC:[MD5.047E031D03925912CAFACCE6013D3BAC] - 24/09/2013 - 3:04:59 ---A- . (.N/A - OpenJDK Platform binary.) -- C:\WINDOWS\system32\javaw.exe [175504]
O44 - LFC:[MD5.B21998E774C0896227CF72384810754A] - 27/09/2013 - 7:05:31 ---A- . (...) -- C:\WINDOWS\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [512]
O44 - LFC:[MD5.74E5A2983D77EE8A9FF3A4DB1E459818] - 27/09/2013 - 16:50:03 ---A- . (...) -- C:\Documents [160]
O44 - LFC:[MD5.EE0DF911EA295B3A2A199EFD10C11393] - 27/09/2013 - 15:29:20 ---A- . (...) -- C:\WINDOWS\QQPlayer.INI [30]
O44 - LFC:[MD5.6BD78EC51D012FE74EC1DB8E197675E4] - 23/09/2013 - 13:18:56 ---A- . (.BullGuard Ltd. - BullGuard Winsock Provider.) -- C:\WINDOWS\system32\BGLsp.dll [63840]
O44 - LFC:[MD5.01F6A57DFB77CA141AF9077926316B6E] - 23/09/2013 - 13:18:33 ---A- . (.BullGuard Ltd. - BullGuard Gaming Monitor.) -- C:\WINDOWS\system32\BgGamingMonitor.dll [136832]
O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 23/09/2013 - 11:11:14 ---A- . (...) -- C:\WINDOWS\system32\BuzzingBee.wav [146650]
O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 23/09/2013 - 11:11:13 ---A- . (...) -- C:\WINDOWS\system32\LoopyMusic.wav [940794]
O44 - LFC:[MD5.2FB2C8FB69FFA443323FA6E47E54BF8B] - 23/09/2013 - 11:08:43 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [7912]
O44 - LFC:[MD5.B073E39AC258E2AF10D7105DA2125CBC] - 23/09/2013 - 11:02:49 ---A- . (.No owner - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [73728]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2013 - 11:02:24 ---A- . (...) -- C:\WINDOWS\ativpsrm.bin [0]
O44 - LFC:[MD5.31B434EDEC919137787CABF10E76266B] - 23/09/2013 - 11:01:54 ---A- . (...) -- C:\WINDOWS\system32\ativva5x.dat [3107788]
O44 - LFC:[MD5.C23E3A4C7004D634A5C2E02841B3E3D4] - 23/09/2013 - 11:01:54 ---A- . (...) -- C:\WINDOWS\system32\ativva6x.dat [887724]
O44 - LFC:[MD5.6BF1C5BD1E9FA4240280244E598FF639] - 23/09/2013 - 11:01:54 ---A- . (...) -- C:\WINDOWS\system32\ativvaxx.cap [152496]
O44 - LFC:[MD5.9C8D61415CE71081586E03715BF8C7BE] - 23/09/2013 - 11:01:53 ---A- . (...) -- C:\WINDOWS\atiogl.xml [15577]
O44 - LFC:[MD5.84086D3595E62266A72CE6B19E9BF569] - 23/09/2013 - 11:01:53 ---A- . (...) -- C:\WINDOWS\system32\atifglpf.xml [7167]
O44 - LFC:[MD5.1174551055FC72B1402E747BDA2DCD74] - 23/09/2013 - 11:01:53 ---A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [189051]
O44 - LFC:[MD5.149BCC90D7A55F9C69662507C7D40A0E] - 23/09/2013 - 11:01:21 ---A- . (...) -- C:\WINDOWS\system32\Drivers\RTAIODAT.DAT [25816]
~ Files: 390 Legitimates Filtered in 00mn 29s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Archivos de programa\Paltalk Messenger\paltalk.exe" [Enabled] .(.AVM Software Inc..) -- C:\Archivos de programa\Paltalk Messenger\paltalk.exe
O47 - AAKE:Key Export SP - "C:\Archivos de programa\Tencent\QQPlayer\Tencentdl.exe" [Enabled] .(.Tencent.) -- C:\Archivos de programa\Tencent\QQPlayer\Tencentdl.exe =>Adware.TencentAddressBar
O47 - AAKE:Key Export SP - "C:\Archivos de programa\Tencent\QQPlayer\QQPlayer.exe" [Enabled] .(.Tencent Technology Company limited.) -- C:\Archivos de programa\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
~ Keys Export: 8 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.FD894B9F560B03B877D597558D397B69] - 19/08/2013 - 13:43:54 ---A- . (.Agnitum Ltd. - Agnitum Firewall NDIS Driver.) -- C:\WINDOWS\system32\Drivers\afw.sys [36104]
O58 - SDL:[MD5.5A8AE7142A74588689BF4E9E42105F5B] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9035]
~ Drivers: 5 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 19/08/2013 - C:\WINDOWS\system32\DRIVERS\afwcore.sys (afwcore) .(.Agnitum Ltd. - Agnitum Firewall Core Driver.) - LEGACY_AFWCORE
O64 - Services: CurCS - 19/08/2013 - C:\Archivos de programa\AskPartnerNetwork\Toolbar\apnmcp.exe (APNMCP) .(.APN LLC. - APN Updater.) - LEGACY_APNMCP
O64 - Services: CurCS - 19/08/2013 - C:\WINDOWS\system32\drivers\BdSpy.sys (BdSpy) .(.BullGuard Ltd. - BullGuard File Monitor (x86).) - LEGACY_BDSPY
O64 - Services: CurCS - 23/09/2013 - c:\archivos de programa\bullguard ltd\bullguard\BullGuardBhvScanner.exe (BsBhvScan) .(.BullGuard Ltd. - BullGuard Behavioural Detection.) - LEGACY_BSBHVSCAN
O64 - Services: CurCS - 23/09/2013 - c:\archivos de programa\bullguard ltd\bullguard\BullGuardScanner.exe (BsScanner) .(.BullGuard Ltd. - BullGuard Scanner.) - LEGACY_BSSCANNER
O64 - Services: CurCS - 23/09/2013 - C:\Archivos de programa\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BsUpdate) .(.BullGuard Ltd. - BullGuard Update.) - LEGACY_BSUPDATE
O64 - Services: CurCS - 19/08/2013 - C:\WINDOWS\system32\DRIVERS\NSKernel.sys (NovaShieldFilterDriver) .(.NovaShield, Inc. - NovaShield Kernel Module.) - LEGACY_NOVASHIELDFILTERDRIVER
O64 - Services: CurCS - 19/08/2013 - C:\WINDOWS\system32\DRIVERS\NSNetmon.sys (NovaShieldTDIDriver) .(.NovaShield, Inc. - NovaShield Kernel Module.) - LEGACY_NOVASHIELDTDIDRIVER
~ Legacy: 117 Legitimates Filtered in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Archivos de programa\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Archivos de programa\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Archivos de programa\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Documents and Settings\bourdin\Mis documentos\Downloads\Compressed\CRACK ACTIVATION DEFINITIVE XP\Windows XP Keygen.exe
C:\Documents and Settings\bourdin\Mis documentos\Downloads\Compressed\CRACK ACTIVATION DEFINITIVE XP\Windows XP Keygen.exe
~ Files: Scanned in 00mn 27s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.6D6E061CF36A0B2970B13477114F49DA] [SPRF][23/09/2013] (.Systweak Inc - RegClean Pro.) -- C:\Documents and Settings\bourdin\Escritorio\rcpsetup_softonic_sd_global.exe [3683336] =>Rogue.RegistryPowerCleaner
[MD5.1D23657031578E0E5613C868952F1DD3] [SPRF][23/09/2013] (.No owner - VisualBee.) -- C:\Documents and Settings\bourdin\Escritorio\VisualBeeSilent-1-.exe [206592] =>Adware.VisualBeeToolbar
~ Files: 3 Legitimates Filtered in 00mn 01s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "2345C40565D20073677A7A857BC03000" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{504C5432-2D56-3700-76A7-A758B70C0300}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 16 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.4263043495790B37E997B4CAF9CE7726] [WIS][26/09/2013] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\1bcf92a.msi [456704] =>Toolbar.Ask
~ WIS: 16 Legitimates Filtered in 00mn 01s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 23/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/08/2013 164816 | (APNMCP) . (.APN LLC..) - C:\Archivos de programa\AskPartnerNetwork\Toolbar\apnmcp.exe
SR - | Auto 23/09/2013 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 14/04/2008 14336 | C:\Archivos de programa\BullGuard Ltd\BullGuard\BsBackup.dll (BsBackup) . (.BullGuard Ltd..) - C:\WINDOWS\system32\SvcHost.exe
SR - | Auto 23/09/2013 423776 | (BsBhvScan) . (.BullGuard Ltd..) - c:\archivos de programa\bullguard ltd\bullguard\BullGuardBhvScanner.exe
SR - | Auto 14/04/2008 14336 | c:\archivos de programa\bullguard ltd\bullguard\BsFileScan.dll (BsFileScan) . (.BullGuard Ltd..) - C:\WINDOWS\system32\SvcHost.exe
SR - | Auto 14/04/2008 14336 | c:\archivos de programa\bullguard ltd\bullguard\BsFire.dll (BsFire) . (.BullGuard Ltd..) - C:\WINDOWS\system32\SvcHost.exe
SR - | Auto 14/04/2008 14336 | c:\archivos de programa\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll (BsMailProxy) . (.BullGuard Ltd..) - C:\WINDOWS\system32\SvcHost.exe
SR - | Auto 14/04/2008 14336 | C:\Archivos de programa\BullGuard Ltd\BullGuard\BsMain.dll (BsMain) . (.BullGuard Ltd..) - C:\WINDOWS\system32\SvcHost.exe
SR - | Auto 23/09/2013 210784 | (BsScanner) . (.BullGuard Ltd..) - c:\archivos de programa\bullguard ltd\bullguard\BullGuardScanner.exe
SR - | Auto 23/09/2013 290144 | (BsUpdate) . (.BullGuard Ltd..) - C:\Archivos de programa\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
SS - | Demand 14/04/2008 225792 | (dmadmin) . (.Microsoft Corp., VERITAS Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 23/09/2013 136176 | (gupdate) . (.Google Inc..) - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
SS - | Demand 23/09/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
SS - | Demand 25/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Archivos de programa\Skype\Updater\Updater.exe
~ Services: Scanned in 00mn 02s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by bourdin at 27/09/2013 17:52:13

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x867815B8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by bourdin at 27/09/2013 17:52:15

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12930 - (23/09/2013)
Cl�s trouv�es (Keys found) : 7
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 11
Fichiers trouv�s (Files found) : 10

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{504C5432-2D56-3700-76A7-A758B70C0300}] =>Toolbar.Ask^
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Archivos de programa\RegClean Pro =>Rogue.RegistryPowerCleaner^
C:\Archivos de programa\Tencent =>Adware.TencentAddressBar^
C:\Documents and Settings\All Users\Datos de programa\Babylon =>Toolbar.Babylon^
C:\Documents and Settings\All Users\Datos de programa\Tencent =>Adware.TencentAddressBar^
C:\Documents and Settings\bourdin\Datos de programa\Babylon =>Toolbar.Babylon^
C:\Documents and Settings\bourdin\Datos de programa\Tencent =>Adware.TencentAddressBar^
C:\Documents and Settings\bourdin\Configuraci�n local\Datos de programa\Babylon =>Toolbar.Babylon^
C:\Documents and Settings\bourdin\Men� Inicio\Programas\Tencent =>Adware.TencentAddressBar^
C:\Archivos de programa\AskPartnerNetwork =>Toolbar.Ask
C:\Documents and Settings\All Users\Datos de programa\InstallMate =>Toolbar.Tarma
C:\Documents and Settings\All Users\Datos de programa\AskPartnerNetwork =>Toolbar.Ask
C:\Archivos de programa\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Archivos de programa\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
[HKLM\Software\Babylon] =>Toolbar.Babylon^
[HKLM\Software\Tencent] =>Adware.TencentAddressBar^
C:\WINDOWS\system32\roboot.exe =>Rogue.RegistryPowerCleaner^
C:\Documents and Settings\bourdin\Escritorio\rcpsetup_softonic_sd_global.exe =>Rogue.RegistryPowerCleaner^
C:\Documents and Settings\bourdin\Escritorio\VisualBeeSilent-1-.exe =>Adware.VisualBeeToolbar^
C:\WINDOWS\Installer\{504C5432-2D56-3700-76A7-A758B70C0300}\ToolbarIcon.exe =>Toolbar.Ask^
C:\Windows\Installer\1bcf92a.msi =>Toolbar.Ask^
~ Additionnel Scan: 119382 Items scanned in 00mn 15s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27668065-adware-tencentaddressbar =>Adware.TencentAddressBar
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/29058830-adware-visualbeetoolbar =>Adware.VisualBeeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ MSI: 7 link(s) detected in 00mn 15s



~ 1040 Legitimates filtered by white list
End of the scan (637 lines in 03mn 35s)(2)

Publicité


Signaler le contenu de ce document

Publicité