cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Launched by yacinne (23/01/2014 17:17:06)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.76

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : P4K27
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Kaspersky Anti-Virus 2013 v13.0.1.4190
Windows Defender W7

---\\ System optimization software
CCleaner v4.04 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI

---\\ Information on the system
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2998 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (17%) free of 100 GB

---\\ Connection to the system mode
~ Computer Name: YACINNE-PC
~ User Name: yacinne
~ All Users Names: yacinne, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\yacinne\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\yacinne\AppData\Roaming\
~ %Desktop% : C:\Users\yacinne\Desktop\
~ %Favorites% : C:\Users\yacinne\Favorites\
~ %LocalAppData% : C:\Users\yacinne\AppData\Local\
~ %StartMenu% : C:\Users\yacinne\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 100 Go)
D: Hard drive, Flash drive, Thumb drive (Free 95 Go of 97 Go)
E: Hard drive, Flash drive, Thumb drive (Free 101 Go of 101 Go)
F: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes Videos (My Videos) : 1/192
~ Mes Favoris (My Favorites) : 1/48
~ Mes Documents (My Documents) : 2/62
~ Mon Bureau (My Desktop) : 1/10528
~ Menu demarrer (Programs) : 1/70
~ Hidden Files: Scanned in 00mn 01s



---\\ Process running
[MD5.5B1A04768D46A8C2D6E30B4C683FE9FD] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [764192] [PID.1776]
[MD5.EBA760710CB7CA8AD224512E7946A01B] - (.IObit - Smart Defrag v2.) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [1974080] [PID.656]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128] [PID.1976]
[MD5.FEC63BCD1A1DDE7A990223D0F12655D7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [177944] [PID.5600]
[MD5.9A30BDDE96721FE6D6B2BA0593F69C81] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.5904]
[MD5.43191B84CB1D4300B061EE97F96BC57A] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\wdm\sttray.exe [1433692] [PID.3300]
[MD5.F233BD55E4B1F27B2BCAF29EAB08803C] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3821136] [PID.5896]
[MD5.6C22511C1E17A35940BF21015B7928A3] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2283808] [PID.4192]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.5560]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4804]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.4468]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\yacinne\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\yacinne\AppData\Roaming\Mozilla\Firefox\Profiles\nz1admq2.default\prefs.js
C:\Users\yacinne\AppData\Roaming\Mozilla\Firefox\Profiles\nz1admq2.default\user.js
M3 - MFPP: Plugins - [yacinne] -- C:\Users\yacinne\AppData\Roaming\Mozilla\Firefox\Profiles\nz1admq2.default\searchplugins\ividi.xml =>PUP.Ividi
M2 - MFEP: prefs.js [yacinne - nz1admq2.default\ar@dictionaries.addons.mozilla.org] [] Arabic spell-checking dictionary v3.2.20120321 (..)
M2 - MFEP: prefs.js [yacinne - nz1admq2.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [yacinne - nz1admq2.default\en-US@dictionaries.addons.mozilla.org] [] United States English Spellchecker v7.0.1 (..)
M2 - MFEP: prefs.js [yacinne - nz1admq2.default\{9e96c0cd-a901-4032-9236-0e4a264aeee4}] [] NCH FR v10.20.1.8 (..)
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: IObit Uninstaller.lnk . (.IObit - IObit Uninstaller.) -- C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
O4 - GS\Desktop [Public]: Oracle VM VirtualBox.lnk . (.Oracle Corporation - Oracle VM VirtualBox Manager.) -- C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [yacinne]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [yacinne]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [yacinne]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [yacinne]: Oracle VM VirtualBox.lnk . (.Oracle Corporation - Oracle VM VirtualBox Manager.) -- C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
O4 - GS\TaskBar [yacinne]: Gestionnaire des tâches de Windows.lnk . (.Microsoft Corporation - Gestionnaire des tâches de Windows.) -- C:\Windows\System32\taskmgr.exe
O4 - GS\TaskBar [yacinne]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\TaskBar [yacinne]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [yacinne]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [yacinne]: MSASCui - w.defender.lnk . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - GS\Program [yacinne]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [yacinne]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [yacinne]: Téléchargements.lnk . (...) -- C:\Users\yacinne\Downloads
O4 - GS\QuickLaunch [Administrateur]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Administrateur]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrateur]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Administrateur]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Global Startup: 77 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4055195793-284416017-2133676893-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4055195793-284416017-2133676893-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-4055195793-284416017-2133676893-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{373AA2DC-C5C7-46F9-A2FB-1FF284C1B4B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D67EEE5E-34E0-4A37-8914-65561BDBD895}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{373AA2DC-C5C7-46F9-A2FB-1FF284C1B4B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D67EEE5E-34E0-4A37-8914-65561BDBD895}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{373AA2DC-C5C7-46F9-A2FB-1FF284C1B4B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D67EEE5E-34E0-4A37-8914-65561BDBD895}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: LiveUpdate (LiveUpdateSvc) . (.IObit - Product Updater.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: C:\Windows\System32\stlang.dll (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Program Files\IDT\WDM\STacSV.exe
~ Services: 9 Legitimates Filtered in 00mn 05s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Driver Booster Update.job [276]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{02943510-9BB4-41E3-847C-EB7B6728D665}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{095B3113-7A2E-4AC8-AC5A-73BFFDD713F6}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{09E0F56D-C893-4CF3-A971-E24A007ADA5F}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0D84AAF7-4698-4ACD-808E-9E951B636000}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0D9E29FB-8BCE-4C8C-81DB-D9187F786295}] (...) -- C:\Program Files\Web Cake\OptChrome.exe (.not file.) [0] =>Adware.WebCake
[MD5.00000000000000000000000000000000] [APT] [{0EEE12BD-E178-4A89-8485-F808676B5A5A}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{140B1CED-BEA7-41B9-8F1B-B9D1DBBC4E11}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{15B541A7-A9CA-4E75-8360-365CC3AE98ED}] (...) -- C:\ubnldr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{16E291CA-7C61-47FC-92DB-092BF0CF4041}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2AE1E093-A578-4E0B-AF21-C846A1679E00}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{346C774F-8996-490C-AFE7-A1F6AADF570B}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3549FEE4-A86B-4392-914E-DF07CDD5F33B}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{391C6DD5-BB71-4D8B-88D8-113AAE4B46E0}] (...) -- I:\DW1703_W7_A00_Setup-W1GV9_ZPE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{39DD73F2-6B7A-4183-988C-DA771031054A}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3A5EDA97-73E7-45DB-92A5-1FE0DDF9E032}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3C937975-E3E6-46BC-96DC-EE61760050C7}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3D8C7F6E-95E0-45A6-BD93-FF6F9B21663F}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{44466F3D-C4CA-46B5-8621-E8E65BB9DE3B}] (...) -- C:\Users\yacinne\Desktop\AoE2demo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{450DB818-D7C9-49CC-A641-BAE22FCD1D9A}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{45E3272B-89FB-47BA-9270-7C78872EEB68}] (...) -- C:\Users\yacinne\Downloads\Programs\WNetWatcher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4D47B6B1-4307-4CCC-AC94-73CC177A4A37}] (...) -- C:\Program Files\Argente - Registry Cleaner\Registry Cleaner.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4DB0659E-68D1-4663-8A37-BBAFA0AE756D}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{50B7D4E7-EB53-4EA3-9E88-94CC83A2AA42}] (...) -- C:\Users\yacinne\Downloads\Programs\DivXInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{52BFD088-726F-48D6-B1BD-D55707E63D8D}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{585ECC5F-4947-46BF-8C24-BC09A3AC1C6C}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5E1642DB-E47E-4DC8-B21C-B414CDABF10F}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{666CB12B-298F-4E0D-BEA5-6101F68FC2DC}] (...) -- C:\Users\yacinne\Downloads\Programs\ZuneSetupPkg.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{69CF1AA2-800B-48FA-ADCC-17A7D5E251DD}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6D2122DA-D644-49A5-8604-65A8C807A8C4}] (...) -- C:\Users\yacinne\Downloads\Compressed\MyEgY.Camt.St 8.2.1 Build 1423.By.FOUADY\pro\camtasia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6FA45636-2006-40E4-963C-3EDD8B86C137}] (...) -- C:\Users\yacinne\Downloads\Programs\zunesetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{70136190-9E29-4DE2-BD2F-B0B366789FE9}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{757F4B7F-E8DD-4B96-9CE8-4EEBC81DCD9F}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{770652FA-EE5F-4C4C-A552-050745CE1776}] (...) -- C:\Users\yacinne\Downloads\Programs\Win32_152815.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78B2A112-C51A-40F4-9074-0827CCD3D512}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{79241517-1BEF-4395-9A63-9341C2F22F27}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{792FD06C-5C1B-40D2-9CFB-B3C4F6423EEA}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7DC1CF7B-2DC2-4671-B717-6CD6BB37F9C3}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{83C60D08-B216-4052-B93B-97B3C05758DB}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{885BB5B1-1777-41AD-A6B9-7282E2F0987A}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8A919800-CA07-49ED-A269-E3F9E39CA92E}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8B4262DA-5BA7-4524-8162-AE7FF709FC38}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8DDD4453-C45D-4016-9706-DA57203B0F61}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8F761754-2DE5-4C1E-A2B0-2F95ADE17DFE}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8FC6CCBA-704B-45B0-B079-AC7C1A247C1D}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{93BC0AA2-9E16-412F-BB20-9B0EEDC1EE35}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{96CCF971-24E3-4F14-9D7F-8D78A1C2CDA5}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{98A50693-6A1E-4FDA-854A-BC367E4F7E0F}] (...) -- C:\Users\yacinne\Downloads\Compressed\MyEgY.Camt.St 8.2.1 Build 1423.By.FOUADY\pro\camtasia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{99750350-F693-4AD6-9D48-59232C7924A1}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9C028EDE-ED7D-4E94-ACD1-D4C69468C9E9}] (...) -- C:\Users\yacinne\Downloads\Compressed\MyEgY.Camt.St 8.2.1 Build 1423.By.FOUADY\pro\camtasia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9CBBB190-51FC-4A5C-9160-0B3F2117549B}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9CFC5294-083C-4BF4-A69E-8055C2D77E81}] (...) -- C:\Users\yacinne\Downloads\Compressed\MyEgY.Camt.St 8.2.1 Build 1423.By.FOUADY\pro\camtasia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9FB67A38-25F9-46BB-99F3-7CCDB7FFDA99}] (...) -- C:\Users\yacinne\Downloads\Programs\zunesetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A4B879F7-0FA2-433A-9C6F-5E0E413EC112}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A6A8AC8E-641C-4E23-87EE-F53E902F6A9C}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AA6D85E7-461A-4A0D-AF81-32623B7DCF69}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ADD349F8-455B-4BF6-8E52-06683B478C60}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AE110160-09B9-4C11-83FB-574F558F6314}] (...) -- C:\Users\yacinne\Downloads\Compressed\MyEgY.Camt.St 8.2.1 Build 1423.By.FOUADY\pro\camtasia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2193BE5-2D13-4417-9A90-2C54380645B9}] (...) -- C:\Users\yacinne\Downloads\Programs\zunesetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BD3BAAC9-5CA0-496E-9ED0-94AB7B9AD5C8}] (...) -- C:\Users\yacinne\Downloads\Programs\startzune.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BDB9ADC6-2056-4566-8663-9F8E03B62120}] (...) -- C:\Users\yacinne\Downloads\Programs\zunesetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C91E7945-AA19-4977-826E-50606B6C15C5}] (...) -- C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CA5D4231-EF2B-4490-9F78-D488278243BC}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D14FBB4B-9372-4849-9BB4-A07B9E63F718}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D5482DF9-075D-41A2-8DF3-AEAFF66E6FE3}] (...) -- C:\Users\yacinne\Downloads\Programs\zunesetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D72BE425-103B-4758-8ED0-5DB2951159F6}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E4A47061-7147-4238-86C7-E098801CB450}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E580F716-D6BC-45DA-B4FD-87BFCD7A222C}] (...) -- C:\Users\yacinne\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E6B0BB0C-7836-4CA3-8F3F-9B9D8D0BF09A}] (...) -- C:\Users\yacinne\Downloads\Compressed\RHI4\auto-easy-mask-real-platinum-superhideip.x.x-patch.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7FF71C3-DC21-419C-AEF8-6AE0BD4DA932}] (...) -- C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F387D3BD-0AE5-4022-9A14-0F687FFCE549}] (...) -- C:\Users\yacinne\Downloads\Programs\WNetWatcher.exe (.not file.) [0]
~ Scheduled Task: 246 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\ProxyShell]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\ADSRemoval]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\IO3O]
[HKLM\Software\InstallIQ]
[HKLM\Software\SProtector] =>PUP.Mocaflix
[HKLM\Software\Tarma Installer] =>PUP.Tarma
~ Key Software: 187 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03/08/2013 - 06:23:14 - [0] ----D C:\ProgramData\APN
O43 - CFD: 04/10/2013 - 15:38:23 - [0,105] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 17/01/2014 - 17:04:49 - [0] ----D C:\ProgramData\ProductData
O43 - CFD: 07/08/2013 - 04:46:38 - [1,046] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 05/01/2014 - 22:39:06 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 22/01/2014 - 04:44:12 - [30,281] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
~ Program Folder: 137 Legitimates Filtered in 00mn 00s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.38AF263BE038D96C17E56D75E4EAF8CF] - 15/01/2014 - 19:56:29 ---A- . (...) -- C:\Windows\System32\RsDecode.dll [155864]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/01/2014 - 23:30:39 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/01/2014 - 23:30:39 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.10525DD57BD68F1300C014AA6C853761] - 23/01/2014 - 06:40:19 ---A- . (...) -- C:\Windows\System32\umstartup000.etl [89088]
~ Files: 48 Legitimates Filtered in 00mn 01s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{82e55126-f981-11e2-b5da-642737d1657e}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{82e55136-f981-11e2-b5da-642737d1657e}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{a7b36105-123b-11e3-a085-642737d1657e}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{cab40d16-f974-11e2-ad7c-642737d1657e}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{cab40d28-f974-11e2-ad7c-642737d1657e}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.BDDE322DD3E6ABBC589C5DC8A948A661] - 29/08/2008 - 16:54:40 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmusbser.sys [103552]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.339ADEFAD60353F960E3CA67CE468C24] - 07/12/2012 - 18:27:50 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [23040]
O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:[MD5.BF302072DC8374CF4E118FD88AA817A2] - 22/05/2013 - 18:49:34 ---A- . (...) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.178277BE781FBDAE4E98FB07D36DC711] - 09/08/2012 - 02:35:50 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [450560]
O58 - SDL:[MD5.71F35B639417B0E851715D6081DEB916] - 24/05/2011 - 17:05:28 ---A- . (.Skyhook Wireless - Skyhook Core Location - GPS/Wi-Fi Driver.) -- C:\Windows\System32\Drivers\XPSVCOM.sys [12416]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("aol_toolbar.default.homepage.check", false);
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("aol_toolbar.default.search.check", false);
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>PUP.Babylon
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>PUP.Babylon
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [yacinne - nz1admq2.default] user_pref("sweetim.toolbar.searchguard.enable", ""); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {FFEBBF0A-C22C-4172-89FF-45215A135AC7} [DefaultScope] - (Поиск@Mail.Ru) - http://go.mail.ru
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\yacinne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracker-wifi.com_0.localstorage
C:\Users\yacinne\Downloads\Compressed\MyEgY.CoM_TuneUp.Utilities.2014_14.0.1000.221_Final_By.MaHeR\TuneUp Utilities 2014 14.0.1000.221 Final\Keygen.exe
C:\Users\yacinne\Downloads\Compressed\MyEgY.CoM_TuneUp.Utilities.2014_14.0.1000.221_Final_By.MaHeR\TuneUp Utilities 2014 14.0.1000.221 Final\Keygen.rar
C:\Users\yacinne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracker-wifi.com_0.localstorage
C:\Users\yacinne\Downloads\Compressed\MyEgY.CoM_TuneUp.Utilities.2014_14.0.1000.221_Final_By.MaHeR\TuneUp Utilities 2014 14.0.1000.221 Final\Keygen.exe
C:\Users\yacinne\Downloads\Compressed\MyEgY.CoM_TuneUp.Utilities.2014_14.0.1000.221_Final_By.MaHeR\TuneUp Utilities 2014 14.0.1000.221 Final\Keygen.rar
~ Files: Scanned in 00mn 06s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.DA84B06A603054FB161DBC6878CF711D] [SPRF][09/08/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/08/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/08/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/10/2013 878368 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 03/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\aestsrv.exe
SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SR - | Auto 11/11/2013 341824 | (IMFservice) . (.IObit.) - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 09/08/2012 303186 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 01s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by yacinne at 23/01/2014 17:17:40

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
1 ntkrnlpa!IofCallDriver[0x82E3CBBA] >> \Device\Harddisk0\DR0[0x869DC648]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 26 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by yacinne at 23/01/2014 17:17:42

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallIQ] =>Toolbar.Agent
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 186555 Items scanned in 00mn 12s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/33067902-pup-ividi =>PUP.Ividi
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ MSI: 11 link(s) detected in 00mn 12s



~ 1236 Legitimates filtered by white list
End of the scan (561 lines in 00mn 49s)(6)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !