cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.2.5 - Nicolas Coolman (02.01.2014)
~ Launched by Thomas Willms (02.01.2014 15:35:15)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System protection software
Bitdefender Internet Security 2013 v16.26.0.1739
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v1.6.2

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 15 Model 67 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (39%) free of 75 GB

---\\ Connection to the system mode
~ Computer Name: PC-HOME-TW
~ User Name: Thomas Willms
~ All Users Names: Thomas Willms, SUPPORT_388945a0, IWAM_4944CE4B0A3147E, IUSR_4944CE4B0A3147E, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Thomas Willms\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Thomas Willms\Application Data\
~ %Desktop% : C:\Documents and Settings\Thomas Willms\Bureau\
~ %Favorites% : C:\Documents and Settings\Thomas Willms\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Thomas Willms\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 75 Go)
D: Hard drive, Flash drive, Thumb drive (Free 52 Go of 74 Go)
E: Hard drive, Flash drive, Thumb drive (Free 61 Go of 317 Go)
F: Hard drive, Flash drive, Thumb drive (Free 1465 Go of 1465 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Free 10 Go of 29 Go)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
Z: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14.04.2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8A2979A0A33389A1D2BA4C967F6EDD6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13.10.2013 - 08:25:45.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14.04.2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17.08.2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13.04.2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13.04.2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13.04.2008 - 20:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14.04.2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13.04.2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14.04.2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13.04.2008 - 20:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13.04.2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13.04.2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15.07.2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13.04.2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13.04.2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14.04.2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13.04.2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13.04.2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14.04.2008 - 03:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14.04.2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/1
~ Mes Favoris (My Favorites) : 0/108
~ Mes Documents (My Documents) : 1/6509
~ Mon Bureau (My Desktop) : 0/26
~ Menu demarrer (Programs) : 1/221
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.DE1AD5C2FC511360EC64A6D50E6E85CB] - (.Bitdefender - Bitdefender Security Service.) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472] [PID.1236]
[MD5.08D8FA119F2AD6AC0377FB667523482E] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584] [PID.636]
[MD5.3FE5A84FAC62753A20F539BE3E7BFC56] - (.Microsoft Corporation - Services Internet (IIS).) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.1604]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.488]
[MD5.575ED0F5DCB34E5C243D2A7EBC860484] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [53248] [PID.908]
[MD5.B88A592C93319B477A36FC9D4D2B1FB2] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [755536] [PID.148]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.620]
[MD5.86D5EF02C4D1486CF1BDA4A71EC470C0] - (.National Instruments Corporation - MXS Service.) -- C:\Program Files\NationalInstruments\MAX\nimxs.exe [83768] [PID.1708]
[MD5.3B712766DEA950ACA65789B460AA1899] - (.National Instruments Corporation - nidmsrv.) -- C:\Program Files\NationalInstruments\Shared\Security\nidmsrv.exe [380720] [PID.2900]
[MD5.29EBF365BCC850A3134A391E95E685C6] - (.National Instruments Corporation - NI Service Locator.) -- C:\Program Files\NationalInstruments\Shared\niSvcLoc\nisvcloc.exe [90440] [PID.3264]
[MD5.343B7AF567C0B1E0B76E6C0F448EF42D] - (.National Instruments Corporation - NI Variable Engine.) -- C:\Program Files\NationalInstruments\Shared\Tagger\tagsrv.exe [687944] [PID.3532]
[MD5.1982E96B2C5C2EFFEF38EFC37293A42E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\WINDOWS\system32\nvsvc32.exe [156448] [PID.3964]
[MD5.6CFE2C7E666648083F67EA9A6918CFE4] - (.SiSoftware - SiSoftware Deployment Agent Service (NT)(Un.) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [98488] [PID.2728]
[MD5.50F22575C0FB5D85A9D41EF963610C32] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\system32\tcpsvcs.exe [19456] [PID.2924]
[MD5.45A0772A49914786AD64471205938CE9] - (.Microsoft Corporation - Service SNMP.) -- C:\WINDOWS\System32\snmp.exe [33280] [PID.3204]
[MD5.7C8DD5576695B3362202EF09B20C425E] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3574624] [PID.3844]
[MD5.51EE2913ED525DE18FDA96DCCBC5386A] - (.TuneUp Software - TuneUp Program Statistics Service.) -- C:\WINDOWS\System32\TUProgSt.exe [604488] [PID.2688]
[MD5.F13DA74969897359A88F2A739F54A250] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [49152] [PID.3220]
[MD5.BAFB0A7567153549CE30532A7C51D5AA] - (.Bitdefender - Bitdefender Update Service.) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960] [PID.3308]
[MD5.20CDB07017497C94A0BAD253C4BAFCBC] - (.National Instruments, Inc. - Part of Logos.) -- C:\WINDOWS\system32\lkcitdl.exe [695136] [PID.3996]
[MD5.B9BA33801B5F9B79F0949AF206F96177] - (.National Instruments Corporation - lktsrv.) -- C:\WINDOWS\system32\lktsrv.exe [63792] [PID.2532]
[MD5.F59599F4C0B3259AC1355F34E6AC6342] - (.National Instruments Corporation - National Instruments Zeroconf Service.) -- C:\Program Files\NationalInstruments\Shared\mDNS Responder\nimdnsResponder.exe [260976] [PID.1580]
[MD5.FD919AC3746322662DC21CDB7B9ADC07] - (.National Instruments Corporation - System Web Server Daemon.) -- C:\Program Files\NationalInstruments\Shared\NI WebServer\SystemWebServer.exe [57680] [PID.3096]
[MD5.964D778400303BF6CB4F7826314DB8B2] - (.National Instruments Corporation - National Instruments Network Discovery Serv.) -- C:\Program Files\NationalInstruments\Shared\NI Network Discovery\niDiscSvc.exe [176512] [PID.3140]
[MD5.F0EA0AD4B1AFFEFE4AB34191D539509B] - (.National Instruments Corporation - Application Web Server Daemon.) -- C:\Program Files\NationalInstruments\Shared\NI WebServer\ApplicationWebServer.exe [57696] [PID.3888]
[MD5.31702C5816E6EC1D66D3397EBB390579] - (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1614344] [PID.4120]
[MD5.2A21FE60A9BC5247BD8C57409A2B97F8] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456] [PID.4216]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.4424]
[MD5.658633D255FEF154EA1CB8705B4468C5] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\java.exe [174504] [PID.5416]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4668]
[MD5.F26AB739E1554156BC4040009ECE24B3] - (.IDEVFH - Memory Fox Version Beta 7.4.) -- C:\Documents and Settings\Thomas Willms\Application Data\Mozilla\Firefox\Profiles\py52gmnd.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [647168] [PID.5632]
[MD5.8A71812D1EEEB3C32F0CF0E0E3AB4016] - (.Bitdefender - BitDefender Update Downloader.) -- C:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe [309424] [PID.3192]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.2880]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.google.fr
~ Google Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Thomas Willms\Application Data\Mozilla\Firefox\Profiles\py52gmnd.default\prefs.js
C:\Documents and Settings\Thomas Willms\Application Data\Mozilla\Firefox\Profiles\py52gmnd.default\user.js
M3 - MFPP: Plugins - [Thomas Willms] -- C:\Documents and Settings\Thomas Willms\Application Data\Mozilla\Firefox\Profiles\py52gmnd.default\searchplugins\wiki-watch.xml
M0 - MFSP: prefs.js [Thomas Willms - py52gmnd.default] about:sessionrestore|http://mail.google.com
M2 - MFEP: prefs.js [Thomas Willms - py52gmnd.default\de-DE@dictionaries.addons.mozilla.org] [] Deutsches Wörterbuch v2.0.3 (..)
M2 - MFEP: prefs.js [Thomas Willms - py52gmnd.default\es-es@dictionaries.addons.mozilla.org] [] Diccionario de Español/España v1.7 (..)
M2 - MFEP: prefs.js [Thomas Willms - py52gmnd.default\es-ve@dictionaries.addons.mozilla.org] [] Spanish (Venezuela) spell check dictionary v1.1.17 (..)
M2 - MFEP: prefs.js [Thomas Willms - py52gmnd.default\fr-classique-reforme1990@dictionaries.addons.mozilla.org] [] Dictionnaire français «Classique & Réforme 1990» v4.3 (..)
M2 - MFEP: prefs.js [Thomas Willms - py52gmnd.default\fr-classique@dictionaries.addons.mozilla.org] [] Dictionnaire français «Classique» v4.3 (..)
M2 - MFEP: prefs.js [Thomas Willms - py52gmnd.default\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}] [] Memory Fox v7.4 (..)
~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://localhost/home/test.aspx
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 15530



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\Program [Thomas Willms]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 9 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Bdagent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-527237240-1547161642-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Orphan key
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfig_4_1_0_2.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{10B42E54-9A07-45B5-97E0-FF6840303830}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{10B42E54-9A07-45B5-97E0-FF6840303830}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{10B42E54-9A07-45B5-97E0-FF6840303830}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) - File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\o:) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\1-Klick-Wartung.job [516]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\goldenvideosShakeIcon.job [312]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Caere Scan Manager 4.0 - (...) [HKLM] -- ScMgr30Uninstall
O42 - Logiciel: Dew Lab Studio 2.1 Trial - (.Dew Research.) [HKLM] -- Dew Lab Studio 2.1 Trial
O42 - Logiciel: Force 2.0 - (.Lepsch.com.) [HKLM] -- Force 2.0_is1
O42 - Logiciel: GCsolution - (.SHIMADZU.) [HKLM] -- {EC12CA5F-2213-48CB-BA66-949EACF0938E}
O42 - Logiciel: GraphGrabber - (.Quintessa Limited.) [HKLM] -- {37B6E533-9430-406B-8A81-DF9EA44A35AE}
O42 - Logiciel: Hex-Editor MX - (.NEXT-Soft.) [HKLM] -- {7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1
O42 - Logiciel: JabRef 2.9.2 - (.JabRef Team.) [HKLM] -- JabRef 2.9.2
O42 - Logiciel: LicenseInfo V1.3.0 - (...) [HKLM] -- GTT-LicenseInfo_is1
O42 - Logiciel: LingoPad 2.5.1 (Build 325) - (.Lingo4you GbR.) [HKLM] -- LingoPad_is1
O42 - Logiciel: NUnit 2.2 - (.NUnit.) [HKLM] -- {1AA69CCD-1078-473A-BD6E-11CE30A81C57}
O42 - Logiciel: Nombres entendus 2009 - (...) [HKLM] -- ST6UNST #2
O42 - Logiciel: PL/Secure 9.2.1 - (.EnterpriseDB.) [HKLM] -- PL/Secure 9.2.1-1
O42 - Logiciel: PerfectToolsXP 2 - (.VbPerfect Products.) [HKLM] -- {ED4033EC-2EBD-408E-9997-9AE6B47D0CC6}_is1
O42 - Logiciel: Phreeqc Interactive 3.1.1-8288 - (.U.S. Geological Survey.) [HKLM] -- {AF12E5C7-F459-446D-BAA1-704EF23825AF}
O42 - Logiciel: TIPP10 Version 2.0.3 - (.(c) 2006-2008, Tom Thielicke.) [HKLM] -- TIPP10_is1
O42 - Logiciel: TMS Component Pack Samples - (...) [HKLM] -- TMS Component Pack Samples_is1
O42 - Logiciel: UltimateZip 2007 - (.SWE von Schleusen.) [HKLM] -- UltimateZip 2007_is1
O42 - Logiciel: concept/design Video Jukebox - (.concept/design GmbH.) [HKLM] -- {37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1
O42 - Logiciel: nutrical - (...) [HKLM] -- nutrical
O42 - Logiciel: www.tnk-bootblock.co.uk - (...) [HKLM] -- {b5992d64-0bc3-42bc-8fac-d218630fd0a6}.sdb
~ Logic: 57 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Big 3]
[HKCU\Software\CTC]
[HKCU\Software\Caere Corp]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Dew Research]
[HKCU\Software\FlasK Development]
[HKCU\Software\German IT Development]
[HKCU\Software\Hydrogeology]
[HKCU\Software\LdShih]
[HKCU\Software\Lepsch]
[HKCU\Software\MedienTeam66]
[HKCU\Software\NEXT-Soft]
[HKCU\Software\PerfectToolsXP_v2]
[HKCU\Software\RegExLab.com]
[HKCU\Software\SHIMADZU]
[HKCU\Software\SWE von Schleusen]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\USGS]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\concept/design]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Caere Corp]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DevExpress]
[HKLM\Software\GRASP]
[HKLM\Software\Globalink]
[HKLM\Software\HydroGeology]
[HKLM\Software\JabRef]
[HKLM\Software\Nelco]
[HKLM\Software\PgOleDB]
[HKLM\Software\SHIMADZU]
[HKLM\Software\StreamMachine]
[HKLM\Software\USGS]
[HKLM\Software\WinASO]
~ Key Software: 592 Legitimates Filtered in 00mn 02s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 26.09.2008 - 09:42:27 - [0,154] ----D C:\Program Files\boxworld
O43 - CFD: 30.03.2013 - 16:09:23 - [0,050] ----D C:\Program Files\bsod
O43 - CFD: 06.04.2010 - 10:21:40 - [238,342] ----D C:\Program Files\c-plus-plus
O43 - CFD: 27.09.2010 - 16:46:37 - [38,206] ----D C:\Program Files\Caere
O43 - CFD: 24.12.2013 - 00:23:07 - [2,100] ----D C:\Program Files\concept design
O43 - CFD: 07.04.2010 - 15:47:42 - [1,004] ----D C:\Program Files\Conduit
O43 - CFD: 21.07.2009 - 17:22:57 - [1,528] ----D C:\Program Files\dependencywalker
O43 - CFD: 07.06.2010 - 06:44:20 - [99,279] ----D C:\Program Files\DevExpress 2009.3
O43 - CFD: 21.05.2009 - 18:23:26 - [84,697] ----D C:\Program Files\Dew Research
O43 - CFD: 07.12.2009 - 21:31:44 - [14,274] ----D C:\Program Files\Dew Research2
O43 - CFD: 30.11.2010 - 14:56:56 - [0,212] ----D C:\Program Files\dkfrag
O43 - CFD: 30.03.2013 - 15:24:22 - [15,081] ----D C:\Program Files\engauge
O43 - CFD: 16.09.2008 - 21:03:28 - [4,503] ----D C:\Program Files\exit
O43 - CFD: 23.11.2009 - 21:57:59 - [0,941] ----D C:\Program Files\flaskmpeg_078_39
O43 - CFD: 23.08.2009 - 09:59:35 - [8,427] ----D C:\Program Files\Force 2.0
O43 - CFD: 30.08.2013 - 12:37:14 - [69,117] ----D C:\Program Files\GCsolution
O43 - CFD: 03.08.2009 - 22:03:31 - [14,778] ----D C:\Program Files\GTT-Technologies
O43 - CFD: 29.08.2009 - 12:04:59 - [3,991] ----D C:\Program Files\GTT-Technologies2
O43 - CFD: 08.06.2009 - 20:50:07 - [63,692] ----D C:\Program Files\Gwb
O43 - CFD: 07.07.2010 - 17:33:17 - [0,626] ----D C:\Program Files\Hex-Editor MX
O43 - CFD: 30.11.2013 - 08:37:52 - [14,505] ----D C:\Program Files\JabRef
O43 - CFD: 19.09.2010 - 19:29:51 - [93,959] ----D C:\Program Files\LingoPad
O43 - CFD: 04.08.2008 - 19:54:28 - [3,674] ----D C:\Program Files\NUnit 2.2
O43 - CFD: 30.11.2010 - 14:00:47 - [0,524] ----D C:\Program Files\nutri
O43 - CFD: 30.05.2013 - 12:46:49 - [14,398] ----D C:\Program Files\NX Client for Windows
O43 - CFD: 30.11.2010 - 13:53:09 - [3,166] ----D C:\Program Files\OrganoBioGeoTherm
O43 - CFD: 13.01.2010 - 12:18:19 - [57,602] ----D C:\Program Files\PartitionMagic
O43 - CFD: 08.10.2009 - 09:06:39 - [3,480] ----D C:\Program Files\PerfectToolsXP2
O43 - CFD: 24.03.2009 - 22:18:10 - [2,773] ----D C:\Program Files\Quintessa Limited
O43 - CFD: 06.04.2013 - 13:31:52 - [0,201] ----D C:\Program Files\SC@LPA PRODUCTION
O43 - CFD: 04.12.2008 - 21:23:56 - [43,686] ----D C:\Program Files\SciFinder2007
O43 - CFD: 30.11.2010 - 13:53:09 - [30,955] ----D C:\Program Files\Sybex
O43 - CFD: 15.05.2010 - 17:31:22 - [7,592] ----D C:\Program Files\testdisk
O43 - CFD: 06.04.2013 - 11:42:17 - [15,035] ----D C:\Program Files\tipp10
O43 - CFD: 08.09.2010 - 15:58:24 - [9,201] ----D C:\Program Files\Troytec.com
O43 - CFD: 26.12.2013 - 10:55:36 - [10,592] ----D C:\Program Files\UltimateZip 2007
O43 - CFD: 03.01.2010 - 14:06:17 - [2,679] ----D C:\Program Files\ULTRA_ISO
O43 - CFD: 09.01.2010 - 12:29:14 - [0,064] ----D C:\Program Files\usddeview
O43 - CFD: 26.12.2013 - 21:55:16 - [32,318] ----D C:\Program Files\USGS
O43 - CFD: 07.06.2010 - 06:58:42 - [11,587] ----D C:\Program Files\Visual Assist X
O43 - CFD: 04.08.2010 - 19:41:56 - [0,381] ----D C:\Program Files\vstudio
O43 - CFD: 07.06.2010 - 06:55:11 - [1,660] ----D C:\Program Files\vtplus
O43 - CFD: 26.07.2008 - 20:11:22 - [1,756] ----D C:\Program Files\WinASO
O43 - CFD: 04.07.2008 - 20:20:46 - [0,492] ----D C:\Program Files\Wise Owl, Inc
O43 - CFD: 22.05.2009 - 11:41:57 - [26,876] ----D C:\Program Files\wotan
O43 - CFD: 27.09.2010 - 16:47:40 - [18,027] ----D C:\Program Files\Fichiers communs\Caere
O43 - CFD: 30.08.2013 - 12:37:05 - [4,058] ----D C:\Program Files\Fichiers communs\LabSolutions
O43 - CFD: 22.12.2013 - 08:32:45 - [0] ----D C:\Documents and Settings\All Users\Application Data\createonepart
O43 - CFD: 22.12.2013 - 08:34:34 - [0] ----D C:\Documents and Settings\All Users\Application Data\formatpart
O43 - CFD: 06.06.2009 - 09:24:57 - [0,138] ----D C:\Documents and Settings\All Users\Application Data\OPPU
O43 - CFD: 07.06.2010 - 06:44:46 - [2,457] ----D C:\Documents and Settings\Thomas Willms\Application Data\CodeRush for VS .NET
O43 - CFD: 24.12.2013 - 00:23:55 - [1,955] ----D C:\Documents and Settings\Thomas Willms\Application Data\concept design
O43 - CFD: 18.08.2009 - 19:33:42 - [0,004] ----D C:\Documents and Settings\Thomas Willms\Application Data\GWB
O43 - CFD: 11.09.2008 - 18:22:59 - [0,001] ----D C:\Documents and Settings\Thomas Willms\Application Data\Lingo4u
O43 - CFD: 30.03.2013 - 17:36:11 - [0,005] ----D C:\Documents and Settings\Thomas Willms\Application Data\PDF Experte 8
O43 - CFD: 30.03.2013 - 10:01:51 - [0,482] ----D C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\AskToolbar
O43 - CFD: 07.04.2010 - 15:47:42 - [0,013] ----D C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\Conduit
O43 - CFD: 30.11.2010 - 14:56:53 - [0] ----D C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\VisualAssist
O43 - CFD: 25.04.2010 - 13:20:43 - [2,215] ----D C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\{3225C812-5FB8-41CE-B15F-997F80150000}
O43 - CFD: 27.10.2010 - 21:51:15 - [8,442] --H-D C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\{613F2433-F86E-4C39-8A34-71457321FA21}
O43 - CFD: 26.12.2013 - 21:55:52 - [0,017] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\Audi-Video
O43 - CFD: 24.12.2013 - 00:23:08 - [0,002] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\concept design
O43 - CFD: 01.04.2013 - 19:54:47 - [0,041] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\IDE
O43 - CFD: 29.10.2010 - 20:58:32 - [0,003] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\nutrical
O43 - CFD: 22.05.2010 - 10:34:37 - [0,003] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\science
O43 - CFD: 30.11.2013 - 15:34:47 - [0,011] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\Text
O43 - CFD: 22.12.2013 - 08:31:42 - [0,012] ----D C:\Documents and Settings\Thomas Willms\Menu Démarrer\Programmes\Wartung
~ Program Folder: 391 Legitimates Filtered in 03mn 20s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.67908F80333A649B7BFD12ED1718F79E] - 01.01.2014 - 17:06:11 ---A- . (...) -- C:\bdlog.txt [167757]
O44 - LFC:[MD5.5D5C7D2B8EAFF2E325CD7EA3465D64A1] - 02.01.2014 - 10:34:25 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.A08261068A2C99CE8A82D1AB60DDDC9C] - 02.01.2014 - 10:34:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.1D12289E8C0043D24AFF17B919613266] - 23.12.2013 - 14:54:17 ---A- . (...) -- C:\WINDOWS\bitssetup.log [1880]
O44 - LFC:[MD5.ACED3CC66B2940055763837783597C81] - 24.12.2013 - 00:22:37 ---A- . (...) -- C:\WINDOWS\system32\lame_enc.dll [237568]
O44 - LFC:[MD5.49BE506E5F1B6A759840DD59D52C7403] - 24.12.2013 - 00:22:37 ---A- . (.NCT Company Ltd. - NCTAudioFile2 ActiveX DLL.) -- C:\WINDOWS\system32\NCTAudioFile2.dll [877568]
O44 - LFC:[MD5.7557E9992744C30F77927C2B90644ACB] - 24.12.2013 - 00:22:39 ---A- . (...) -- C:\WINDOWS\system32\advd.dll [110080]
O44 - LFC:[MD5.87691E8367638E518EF5B048336C1788] - 24.12.2013 - 00:22:39 ---A- . (...) -- C:\WINDOWS\system32\auth.dll [23040]
O44 - LFC:[MD5.DD70BB0B32D16F66FB7024FD09986900] - 24.12.2013 - 00:22:39 ---A- . (.East Wind Software - DVD Audio/Video Rip ActiveX Control Module.) -- C:\WINDOWS\system32\advdaudio.ocx [962560]
O44 - LFC:[MD5.FBC0E085A5BECBA5DD3C401EEB6E45BB] - 29.12.2013 - 11:29:25 ---A- . (.Stephan Schreiber - Ext2 File System Driver.) -- C:\WINDOWS\system32\Drivers\ext2fs.sys [181120]
O44 - LFC:[MD5.EB8C2BA4623DDEADE1D7A671FA752872] - 29.12.2013 - 11:29:25 ---A- . (.Stephan Schreiber - IfsDrives Configuration Control.) -- C:\WINDOWS\system32\ifsdrives.dll [210432]
O44 - LFC:[MD5.AE7EB9E1EF57E788C59ABA45479E6AA1] - 29.12.2013 - 11:29:25 ---A- . (.Stephan Schreiber - IfsDrives Control Panel Item.) -- C:\WINDOWS\system32\ifsdrives.cpl [74752]
O44 - LFC:[MD5.F3F825FCC70471FD967126E1871B2CDC] - 29.12.2013 - 11:29:26 ---A- . (.Stephan Schreiber - IFS Mount Manager.) -- C:\WINDOWS\system32\Drivers\ifsmount.sys [51072]
O44 - LFC:[MD5.81A65244D3FFBEDA568576BB72B510F2] - 29.12.2013 - 17:23:45 ---A- . (.www.ext2fsd.com - Ext2 File System Driver for Windows.) -- C:\WINDOWS\system32\Drivers\ext2fsd.sys [686360]
~ Files: 32 Legitimates Filtered in 00mn 02s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Java\Helios\files\eclipse\eclipse.exe" [Enabled] .(.No owner.) -- C:\Program Files\Java\Helios\files\eclipse\eclipse.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Maxima-5.19.1\bin\xmaxima.exe" [Enabled] .(.Equi4 Software.) -- C:\Program Files\Maxima-5.19.1\bin\xmaxima.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NX Client for Windows\nxclient.exe" [Enabled] .(.No owner.) -- C:\Program Files\NX Client for Windows\nxclient.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NX Client for Windows\bin\nxssh.exe" [Enabled] .(.No owner.) -- C:\Program Files\NX Client for Windows\bin\nxssh.exe
O47 - AAKE:Key Export SP - "C:\Program Files\TV-Browser\tvbrowser.exe" [Enabled] .(..) -- C:\Program Files\TV-Browser\tvbrowser.exe
O47 - AAKE:Key Export SP - "C:\Program Files\TV-Browser\tvbrowser_noDD.exe" [Enabled] .(..) -- C:\Program Files\TV-Browser\tvbrowser_noDD.exe
O47 - AAKE:Key Export SP - "C:\Program Files\concept design\Video Jukebox\cdVideoJukebox.exe" [Enabled] .(.concept/design GmbH.) -- C:\Program Files\concept design\Video Jukebox\cdVideoJukebox.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FRANZIS\onlineTV 8\onlineTV.exe" [Enabled] .(.concept/design GmbH.) -- C:\Program Files\FRANZIS\onlineTV 8\onlineTV.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FRANZIS\onlineTV 8\onlineTVStarter.exe" [Enabled] .(.concept/design GmbH.) -- C:\Program Files\FRANZIS\onlineTV 8\onlineTVStarter.exe
~ Keys Export: 43 Legitimates Filtered in 00mn 01s



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.ffds"="ffdshow.ax" . (.No owner - DirectShow and VFW video and audio decoding/encoding/processing filter.) -- C:\WINDOWS\system32\ffdshow.ax
~ TDSD: 21 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.548CCBD8B48FDF7E2435AD6017920A7F] - 08.10.2012 - 18:53:56 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys [26080]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05.08.2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.097A0A4899B759A4F032BD464963B4BE] - 27.03.2009 - 00:16:28 ---A- . (.Windows (R) Codename Longhorn DDK provider - CPUID Driver.) -- C:\WINDOWS\system32\Drivers\cpuz132_x32.sys [12672]
O58 - SDL:[MD5.CAB213D4681FCFAC9BF4E6D3B1EE4BFC] - 04.11.2011 - 19:34:56 ---A- . (...) -- C:\WINDOWS\system32\Drivers\cvintdrv.sys [19552]
O58 - SDL:[MD5.0613C7CF05DFE81AC70F4A925823C28E] - 12.01.2007 - 16:55:24 ---A- . (.eMPIA Technology, Inc. - USB EMP Audio Device.) -- C:\WINDOWS\system32\Drivers\emAudio.sys [22912]
O58 - SDL:[MD5.9B01CE1EDA6AD1ACFD4F865D6CB0A790] - 29.01.2007 - 20:20:04 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\WINDOWS\system32\Drivers\emBDA.sys [361728]
O58 - SDL:[MD5.C93E4F6BD1CBD163662E7C9BE021B895] - 29.01.2007 - 20:19:48 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\WINDOWS\system32\Drivers\emOEM.sys [39680]
O58 - SDL:[MD5.FBC0E085A5BECBA5DD3C401EEB6E45BB] - 25.09.2008 - 17:35:24 ---A- . (.Stephan Schreiber - Ext2 File System Driver.) -- C:\WINDOWS\system32\Drivers\ext2fs.sys [181120]
O58 - SDL:[MD5.81A65244D3FFBEDA568576BB72B510F2] - 09.07.2011 - 01:32:52 ---A- . (.www.ext2fsd.com - Ext2 File System Driver for Windows.) -- C:\WINDOWS\system32\Drivers\ext2fsd.sys [686360]
O58 - SDL:[MD5.A9157AFE4B6F32DCCE9BD18FECD53A0D] - 06.07.2009 - 16:30:58 ---A- . (.Hauppauge Computer Works, Inc. - HCW 95xxx/68xxx/112xxx BDA Drivers.) -- C:\WINDOWS\system32\Drivers\hcw95bda.sys [573440]
O58 - SDL:[MD5.EB77F3C96C62E65CC25F04220B9A204A] - 06.07.2009 - 16:33:40 ---A- . (.Hauppauge Computer Works, Inc. - hcw95bda HID Remote Control driver.) -- C:\WINDOWS\system32\Drivers\hcw95rc.sys [15616]
O58 - SDL:[MD5.F3F825FCC70471FD967126E1871B2CDC] - 28.08.2008 - 22:45:58 ---A- . (.Stephan Schreiber - IFS Mount Manager.) -- C:\WINDOWS\system32\Drivers\ifsmount.sys [51072]
O58 - SDL:[MD5.C5BD32A70808DB0F8BC01CE80EEA2C3A] - 26.12.2006 - 13:31:06 R--A- . (.Windows (R) Codename Longhorn DDK provider - Generic Port I/O.) -- C:\WINDOWS\system32\Drivers\PortIo.sys [4864]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05.08.2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.A25E0481DA469C3AF6AD18C1534B874C] - 26.09.2008 - 17:06:24 ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\WINDOWS\system32\Drivers\UimBus.sys [32048]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05.08.2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.DBCD41D42CF6F2C472B03E079057CBD2] - 08.06.2009 - 20:48:51 ---A- . (...) -- C:\WINDOWS\system32\haspdos.sys [383]
O58 - SDL:[MD5.EB77F3C96C62E65CC25F04220B9A204A] - 06.07.2009 - 16:33:40 ---A- . (.Hauppauge Computer Works, Inc. - hcw95bda HID Remote Control driver.) -- C:\WINDOWS\system32\hcw95rc.sys [15616]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.F839F551C6D024093CD3F18AD824A92F] - 03.04.2013 - 10:33:07 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [12518]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05.08.2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.27B3DD12A19EEC50220DF15B64913DDA] - 26.01.2005 - 08:22:20 ---A- . (.Zone Labs LLC - TrueVector Device Driver.) -- C:\WINDOWS\system32\vsdatant.sys [280344]
~ Drivers: 7 Legitimates Filtered in 00mn 04s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 09.07.2011 - C:\WINDOWS\system32\Drivers\Ext2Fsd.sys (Ext2Fsd) .(.www.ext2fsd.com - Ext2 File System Driver for Windows.) - LEGACY_EXT2FSD
O64 - Services: CurCS - 10.06.2013 - C:\Program Files\NationalInstruments\MAX\nimxs.exe (mxssvr) .(.National Instruments Corporation - MXS Service.) - LEGACY_MXSSVR
O64 - Services: CurCS - 31.01.2013 - C:\WINDOWS\system32\nvsvc32.exe (NVSvc) .(.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) - LEGACY_NVSVC
~ Legacy: 383 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {A1EF94B4-C370-4089-A6A0-4D2F31592FA1} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.B7EFE5A5C5879B17832DF2CDE5B880E5] [SPRF][30.03.2013] (...) -- C:\Documents and Settings\All Users\Application Data\1364633644.bdinstall.bin [1391027]
[MD5.1048D80B3043E0BABD5039A4AF19F67E] [SPRF][29.03.2013] (...) -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin [261850]
[MD5.438512EAD32E4268A58D115B92A91785] [SPRF][04.07.2008] (...) -- C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\fusioncache.dat [136]
[MD5.238A6FFC7EE17330C1C5859C7827EE2D] [SPRF][28.06.2009] (.Facebook - Contact Extractor.) -- C:\WINDOWS\Downloaded Program Files\contactx.dll [160488]
~ Files: 13 Legitimates Filtered in 00mn 00s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "4A4A2EB6BF99DE84EAE1E45830988F40" . (.PartitionMagic.) -- C:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\ARPPRODUCTICON.exe
O90 - PUC: "6903564444E3E2046BE8737D2704FB8A" . (.Accelrys Draw 4.1.) -- C:\WINDOWS\Installer\{44653096-3E44-402E-B68E-37D77240BFA8}\ARPPRODUCTICON.exe
O90 - PUC: "97CD5CCB57221714C8AE930FDDA9FD85" . (.USB TV Device Driver.) -- C:\WINDOWS\Installer\{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}\ARPPRODUCTICON.exe
O90 - PUC: "B291CAE8B5E167242A8D953A30CE2DED" . (.Visual J# .NET Redistributable 1.1- German Language Pack.) -- C:\WINDOWS\Installer\{8EAC192B-1E5B-4276-A2D8-59A303ECD2DE}\ndpsetup.ico
O90 - PUC: "C3D696F3362DB514B99D9058D05C1158" . (.ComponentOne Studio Enterprise™ .) -- C:\WINDOWS\Installer\{3F696D3C-D263-415B-9BD9-09850DC51185}\ARPPRODUCTICON.exe
O90 - PUC: "E066D3FFCC5EDF740805B1D43EAB189A" . (.Dual-Core Optimizer.) -- C:\WINDOWS\Installer\{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}\ARPPRODUCTICON.exe
~ Update Products: 311 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.4507215BDA9CD3F49DADA59CB3E649A2] [WIS][15.12.2009] (.TuneUp Software - TuneUp Utilities 2009.) -- C:\Windows\Installer\1ccf1e.msi [828928]
[MD5.CF0E0D7A71EB7727A59A72908B33BF93] [WIS][04.07.2008] (.ComponentOne, LLC - ComponentOne Studio Enterprise™ for Delphi .NET.) -- C:\Windows\Installer\25668.msi [3215872]
[MD5.E0B48FD8C3C090A5955D0C4A5E860F08] [WIS][26.12.2013] (.U.S. Geological Survey - Phreeqc Interactive 3.1.1-8288.) -- C:\Windows\Installer\2a5460.msi [513024]
[MD5.47D22888B54659F1B0C4D6DF7E3D19AB] [WIS][30.03.2013] (.Accelrys Software Inc. - Accelrys Draw 4.1.) -- C:\Windows\Installer\3a1fa1.msi [4495360]
[MD5.EAE7BE541FEE6D6711D0551262875F0A] [WIS][22.12.2013] (.Paragon Software - Program.) -- C:\Windows\Installer\7bcdf19.msi [5808640]
~ WIS: 327 Legitimates Filtered in 00mn 20s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 24.12.2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 29.11.2013 62688 | (BdDesktopParental) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
SS - | Demand 14.04.2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 20.12.2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 18.08.2010 8955 | (MySQL) . (...) - C:\Program Files\MySQL\MySQL Server 5.1\my.ini
SS - | Demand 02.08.2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files\NationalInstruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 21.05.2013 172832 | (OpcEnum) . (.OPC Foundation.) - C:\WINDOWS\system32\Opcenum.exe
SS - | Demand 04.03.2013 79872 | (postgresql-9.2) . (.PostgreSQL Global Development Group.) - C:\Program Files\EasyPHP-12.1\pgsql\bin\pg_ctl.exe
SS - | Demand 14.05.2004 86016 | (rpcapd) . (.NetGroup - Politecnico di Torino.) - C:\Program Files\WinPcap\rpcapd.exe
SS - | Demand 11.09.2007 184504 | (SandraDataSrv) . (.SiSoftware.) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
SS - | Demand 11.09.2007 1265856 | (SandraTheSrv) . (.SiSoftware.) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
SS - | Auto 28.02.2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 28.12.2009 361288 | (TuneUp.Defrag) . (.TuneUp Software.) - C:\WINDOWS\system32\TuneUpDefragService.exe

SR - | Auto 03.04.2007 1516584 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 19.11.2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 24.07.2005 53248 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SR - | Auto 27.10.2010 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\WINDOWS\system32\lkcitdl.exe
SR - | Auto 12.06.2013 53544 | (lkClassAds) . (.National Instruments Corporation.) - C:\WINDOWS\system32\lkads.exe
SR - | Auto 12.06.2013 63792 | (lkTimeSync) . (.National Instruments Corporation.) - C:\WINDOWS\system32\lktsrv.exe
SR - | Auto 15.05.2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 10.06.2013 83768 | (mxssvr) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\MAX\nimxs.exe
SR - | Auto 08.06.2013 57696 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 12.06.2013 380720 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\Security\nidmsrv.exe
SR - | Auto 11.05.2013 260976 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 19.06.2013 176512 | (NINetworkDiscovery) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\NI Network Discovery\niDiscSvc.exe
SR - | Auto 07.06.2013 90440 | (NiSvcLoc) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\niSvcLoc\nisvcloc.exe
SR - | Auto 08.06.2013 57680 | (NISystemWebServer) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 15.06.2013 687944 | (NITaggerService) . (.National Instruments Corporation.) - C:\Program Files\NationalInstruments\Shared\Tagger\tagsrv.exe
SR - | Auto 31.01.2013 156448 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 22.04.2008 98488 | (SandraAgentSrv) . (.SiSoftware.) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
SR - | Auto 23.04.2013 3574624 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 15.12.2009 604488 | (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software.) - C:\WINDOWS\system32\TUProgSt.exe
SR - | Auto 28.09.2006 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
SR - | Auto 17.09.2013 54960 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
SR - | Auto 14.04.2008 14336 | C:\WINDOWS\system32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 29.11.2013 1343472 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

~ Services: Scanned in 00mn 21s



---\\ Scan Additionnel (O88)
Database Version : 13018 - (02.01.2014)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 2

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}] =>Toolbar.Ask
[HKLM\Software\Classes\Toolbar.CT1460988] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\AskToolbar =>Toolbar.AskTBar
C:\Documents and Settings\Thomas Willms\Local Settings\Application Data\Conduit =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 807238 Items scanned in 00mn 42s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27350807-adware-recordnrip =>Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 3 link(s) detected in 00mn 42s



~ 1967 Legitimates filtered by white list
End of the scan (698 lines in 05mn 00s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !