Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2014.7.16.105 - Nicolas Coolman (16.07.2014)
~ Launched by MST (19.07.2014 14:38:25)
~ Web site address : http://nicolascoolman.fr
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17207
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.5.464
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W7 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 9 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 407 GB (87%) free of 466 GB
---\\ Connection to the system mode
~ Computer Name: MST-
~ User Name: MST
~ All Users Names: MST, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\MST\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\MST\AppData\Roaming\
~ %Desktop% : C:\Users\MST\Desktop\
~ %Favorites% : C:\Users\MST\Pictures\Favorites\
~ %LocalAppData% : C:\Users\MST\AppData\Local\
~ %StartMenu% : C:\Users\MST\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 407 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Gezgini.) (.25.02.2011 - 08:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Başlatma Uygulaması.) (.14.07.2009 - 03:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions for Win32.) (.19.06.2014 - 00:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Oturum Açma Uygulaması.) (.04.03.2014 - 11:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Yazılım Lisans Kitaplığı.) (.20.11.2010 - 05:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30.05.2014 - 08:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 03:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 01:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 01:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 01:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 02:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Bağlantı Noktası Sürücüsü.) (.14.07.2009 - 01:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 02:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 04:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 01:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT Dosya Sistemi Sürücüsü.) (.24.01.2014 - 04:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Paralel Bağlantı Noktası Sürücüsü.) (.14.07.2009 - 02:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20.11.2010 - 02:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20.11.2010 - 03:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 02:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 01:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Birim Gölge Kopya Sürücüsü.) (.20.11.2010 - 05:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 05s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/906
~ Mes musiques (My Musics) : 1/119
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 6/89
~ Mon Bureau (My Desktop) : 18/3918
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 15s
---\\ Process running
[MD5.7DD08FB42F74784EC4855AE3A7197254] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.1256]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2112]
[MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2120]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.2132]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.2172]
[MD5.1E9B225DE829A6F666A0BA9B8A7984BF] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160] [PID.2224]
[MD5.0A76EB770F0D432AA7795C5DDB27B888] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760] [PID.2268] =>Toolbar.Ask
[MD5.F441E401B71C4E6087B6F23E1C35FA3A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.3608]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8076800] [PID.2528]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Users\MST\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1904]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160] [PID.1136]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1320]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1368]
[MD5.E7F2414D8EBF7C269FC5FC878C1DD1E9] - (.APN LLC. - APN Updater.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784] [PID.1388] =>Toolbar.Ask
[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1460]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2876]
[MD5.DF4A7E1E2BA788E28747F1EF49692ED6] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5341536] [PID.3000]
[MD5.1BF085C13A8F62E056E6201AFCF5E675] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224] [PID.1428]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.3300]
[MD5.433049770B810D7C83C5C94CDB3E09D2] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.3428]
~ Processes Running: Scanned in 00mn 01s
---\\ Opera, Plugins,Start,Search (P1,B0,B1)
B0 - SPO: operaprefs.ini [MST] Home URL=http://www.yandex.com.tr/?win=111&clid=1979776
B1 - OSP: search.ini [MST] URL=http://video.yandex.com.tr/#search?win=111&clid=1979777&text=%s
B1 - OSP: search.ini [MST] URL=http://gorsel.yandex.com.tr/yandsearch?win=111&clid=1979777&text=%s
B1 - OSP: search.ini [MST] URL=http://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=111&clid=1979777&text=%s
B1 - OSP: search.ini [MST] URL=http://yandex.com.tr/yandsearch?win=111&clid=1979777&text=%s
~ Opera Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\MST\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://rts.dsrlte.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://rts.dsrlte.com
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] MaÄŸaza v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ekhagklcjbdpajgpjgmbionohlpdbjgc] Zotero Connector v.4.0.8.2, (Activé)
G2 - GCE: Preference [User Data\Default] [gkojfkhlekighikafcpjkiklfbnlmeio] Hola Better Internet v.1.3.883, (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkcpopggjcjkiicpenikeogioednjeac] Görsel favoriler v.2.12.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Cüzdan v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pcoohmdcpejoeggdnihdfhohjgdbllgm] Avira SearchFree Toolbar plus Web Protection v.32.5, (Désactivé) =>Toolbar.Avira
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-020632.xml
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-020632.xml
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\keepmysearch.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-020632.xml
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-020632.xml
M0 - MFSP: prefs.js [MST - nahd6ha2.default] http://rts.dsrlte.com
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
~ IE Browser: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan key
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Yükleyici.) -- C:\Users\MST\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Yahoo! Search] C:\Users\MST\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Masaüstü Araçları.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Masaüstü Araçları.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTYöneticisi.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTYöneticisi.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3599246484-722935821-3700833125-1000\..\Run: [Google Update] . (.Google Inc. - Google Yükleyici.) -- C:\Users\MST\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3599246484-722935821-3700833125-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3599246484-722935821-3700833125-1000\..\Run: [Yahoo! Search] C:\Users\MST\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDCEDD27-C6B0-4F04-B86F-E0BCCC3C150B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EDCEDD27-C6B0-4F04-B86F-E0BCCC3C150B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EDCEDD27-C6B0-4F04-B86F-E0BCCC3C150B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Ask Update Service (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe
~ Services: 13 Legitimates Filtered in 00mn 08s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [Yahoo! Search] (...) -- C:\Users\MST\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6E225831-A9DC-476A-B07C-1A8C4CB637FF}] (...) -- I:\SOFT\6-NERO 7.8.5\Nero-7.8.5.0_trk_trial.exe (.not file.) [0]
[MD5.47BF82D59061BD532AE23E3F5688FA1E] [APT] [{B2E7CEC9-CFD7-41E1-97E8-EDC3E06E78EC}] (...) -- C:\Program Files (x86)\Google\Picasa3\Uninstall.exe [170629]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3599246484-722935821-3700833125-1000Core [970]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3599246484-722935821-3700833125-1000UA [1022]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_MST.job [362]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_MST [362]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_MST.job [358]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_MST [358]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_MST.job [368]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_MST [368]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 06s
---\\ Drivers launched at startup (O41)
O41 - Driver: ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({29b136c9-938d-4d3d-8df8-d649d9b74d02}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys =>PUP.LinkiDoo
~ Drivers: 75 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\VNT]
[HKCU\Software\Yandex]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
~ Key Software: 238 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03.07.2014 - 00:01:39 - [] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 11.05.2014 - 14:18:10 - [] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 06.02.2014 - 18:30:21 - [] -SH-D C:\ProgramData\Sık Kullanılanlar
O43 - CFD: 10.02.2014 - 02:59:35 - [] ----D C:\Users\MST\AppData\Roaming\rmi
O43 - CFD: 10.04.2014 - 19:16:08 - [] ----D C:\Users\MST\AppData\Roaming\Yandex
O43 - CFD: 03.07.2014 - 00:01:45 - [] ----D C:\Users\MST\AppData\Local\AskPartnerNetwork
O43 - CFD: 10.04.2014 - 19:16:18 - [] ----D C:\Users\MST\AppData\Local\Yandex
O43 - CFD: 09.02.2014 - 10:21:08 - [] ----D C:\Users\MST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 131 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.2EB66E7A35D535AA4C5C1AF8A80E77AE] - 18.07.2014 - 10:22:00 ---A- . (...) -- C:\Windows\win.ini [505]
~ Files: 60 Legitimates Filtered in 00mn 59s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:29.03.2005 - 01:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:14.07.2009 - 03:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10.06.2009 - 22:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14.07.2009 - 03:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:24.04.2014 - 11:33:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:09.06.2014 - 11:10:38 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704] =>PUP.LinkiDoo
~ Drivers: 57 Legitimates Filtered in 00mn 18s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 24.04.2014 - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64) .(.StdLib - StdLib.) - LEGACY_{29B136C9-938D-4D3D-8DF8-D649D9B74D02}GW64 =>PUP.LinkiDoo
O64 - Services: CurCS - 09.06.2014 - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys ({29b136c9-938d-4d3d-8df8-d649d9b74d02}w64) .(.StdLib - StdLib.) - LEGACY_{29B136C9-938D-4D3D-8DF8-D649D9B74D02}W64 =>PUP.LinkiDoo
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\MST\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 3020E123A7E4B9D525D093C926872C13 - (Yandex.Video) - http://video.yandex.com
O69 - SBI: SearchScopes [HKCU] 4217D5DB9DD6C5FEF576C827167C61D6 - (Yandex.Haberler) - http://haber.yandex.com
O69 - SBI: SearchScopes [HKCU] F5A14BB66FDFDBDB7EDB7EC085B30DAB - (Yandex.Görsel) - http://gorsel.yandex.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689 - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {96DF714A-8024-44C1-9495-036B0604318B} - (Yahoo! Search) - http://rts.dsrlte.com
O69 - SBI: SearchScopes [HKCU] {D07F1B2F-F6C4-4BB3-8FE2-E9DEBC577D33} - (Yandex) - http://yandex.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][19.07.2014] (...) -- C:\Users\MST\Desktop\adwcleaner_3.216.exe [1354223]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "25946514D214736534007A857BC0F010" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0F01}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.AACB27C8E71C4AF492E78CC3659EA8C1] [WIS][26.06.2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\250e4.msi [856064] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 05s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira
~ BCK: 4292 Legitimates Filtered in 00mn 05s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20.03.2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 06.01.2014 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10.07.1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Auto 03.04.2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 03.04.2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Auto 01.03.2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14.07.2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 06.06.2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16.07.2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 16.07.2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 16.07.2014 1030224 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SR - | Auto 23.06.2014 165784 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 07.01.2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 09.02.2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Demand 20.01.2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Demand 12.03.2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 14.08.2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17.12.2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 14.07.2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (16.07.2014)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 4
[HKLM\Software\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}] =>Toolbar.YandexFastDial
[HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
C:\Users\MST\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm =>Toolbar.Avira^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\MST\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Windows\Installer\250e4.msi =>Toolbar.Avira^
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^
~ Additionnel Scan: 500577 Items scanned in 01mn 28s
---\\ Additional information about modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
~ MSI: 3 link(s) detected in 00mn 00s
~ 727 Legitimates filtered by white list
End of the scan (495 lines in 04mn 11s)(0)
~ Launched by MST (19.07.2014 14:38:25)
~ Web site address : http://nicolascoolman.fr
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17207
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.5.464
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W7 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 9 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 407 GB (87%) free of 466 GB
---\\ Connection to the system mode
~ Computer Name: MST-
~ User Name: MST
~ All Users Names: MST, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\MST\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\MST\AppData\Roaming\
~ %Desktop% : C:\Users\MST\Desktop\
~ %Favorites% : C:\Users\MST\Pictures\Favorites\
~ %LocalAppData% : C:\Users\MST\AppData\Local\
~ %StartMenu% : C:\Users\MST\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 407 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Gezgini.) (.25.02.2011 - 08:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Başlatma Uygulaması.) (.14.07.2009 - 03:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions for Win32.) (.19.06.2014 - 00:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Oturum Açma Uygulaması.) (.04.03.2014 - 11:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Yazılım Lisans Kitaplığı.) (.20.11.2010 - 05:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30.05.2014 - 08:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 03:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 01:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 01:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 01:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 02:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Bağlantı Noktası Sürücüsü.) (.14.07.2009 - 01:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 02:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 04:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 01:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT Dosya Sistemi Sürücüsü.) (.24.01.2014 - 04:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Paralel Bağlantı Noktası Sürücüsü.) (.14.07.2009 - 02:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20.11.2010 - 02:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20.11.2010 - 03:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 02:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 01:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Birim Gölge Kopya Sürücüsü.) (.20.11.2010 - 05:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 05s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/906
~ Mes musiques (My Musics) : 1/119
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 6/89
~ Mon Bureau (My Desktop) : 18/3918
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 15s
---\\ Process running
[MD5.7DD08FB42F74784EC4855AE3A7197254] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.1256]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2112]
[MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2120]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.2132]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.2172]
[MD5.1E9B225DE829A6F666A0BA9B8A7984BF] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160] [PID.2224]
[MD5.0A76EB770F0D432AA7795C5DDB27B888] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760] [PID.2268] =>Toolbar.Ask
[MD5.F441E401B71C4E6087B6F23E1C35FA3A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.3608]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8076800] [PID.2528]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Users\MST\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1904]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160] [PID.1136]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1320]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1368]
[MD5.E7F2414D8EBF7C269FC5FC878C1DD1E9] - (.APN LLC. - APN Updater.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784] [PID.1388] =>Toolbar.Ask
[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1460]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2876]
[MD5.DF4A7E1E2BA788E28747F1EF49692ED6] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5341536] [PID.3000]
[MD5.1BF085C13A8F62E056E6201AFCF5E675] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224] [PID.1428]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.3300]
[MD5.433049770B810D7C83C5C94CDB3E09D2] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.3428]
~ Processes Running: Scanned in 00mn 01s
---\\ Opera, Plugins,Start,Search (P1,B0,B1)
B0 - SPO: operaprefs.ini [MST] Home URL=http://www.yandex.com.tr/?win=111&clid=1979776
B1 - OSP: search.ini [MST] URL=http://video.yandex.com.tr/#search?win=111&clid=1979777&text=%s
B1 - OSP: search.ini [MST] URL=http://gorsel.yandex.com.tr/yandsearch?win=111&clid=1979777&text=%s
B1 - OSP: search.ini [MST] URL=http://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=111&clid=1979777&text=%s
B1 - OSP: search.ini [MST] URL=http://yandex.com.tr/yandsearch?win=111&clid=1979777&text=%s
~ Opera Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\MST\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://rts.dsrlte.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://rts.dsrlte.com
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] MaÄŸaza v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ekhagklcjbdpajgpjgmbionohlpdbjgc] Zotero Connector v.4.0.8.2, (Activé)
G2 - GCE: Preference [User Data\Default] [gkojfkhlekighikafcpjkiklfbnlmeio] Hola Better Internet v.1.3.883, (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkcpopggjcjkiicpenikeogioednjeac] Görsel favoriler v.2.12.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Cüzdan v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pcoohmdcpejoeggdnihdfhohjgdbllgm] Avira SearchFree Toolbar plus Web Protection v.32.5, (Désactivé) =>Toolbar.Avira
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-020632.xml
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-020632.xml
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\keepmysearch.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-020632.xml
M3 - MFPP: Plugins - [MST] -- C:\Users\MST\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-020632.xml
M0 - MFSP: prefs.js [MST - nahd6ha2.default] http://rts.dsrlte.com
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
~ IE Browser: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan key
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Yükleyici.) -- C:\Users\MST\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Yahoo! Search] C:\Users\MST\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Masaüstü Araçları.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Masaüstü Araçları.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTYöneticisi.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTYöneticisi.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3599246484-722935821-3700833125-1000\..\Run: [Google Update] . (.Google Inc. - Google Yükleyici.) -- C:\Users\MST\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3599246484-722935821-3700833125-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3599246484-722935821-3700833125-1000\..\Run: [Yahoo! Search] C:\Users\MST\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDCEDD27-C6B0-4F04-B86F-E0BCCC3C150B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EDCEDD27-C6B0-4F04-B86F-E0BCCC3C150B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EDCEDD27-C6B0-4F04-B86F-E0BCCC3C150B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Ask Update Service (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe
~ Services: 13 Legitimates Filtered in 00mn 08s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [Yahoo! Search] (...) -- C:\Users\MST\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6E225831-A9DC-476A-B07C-1A8C4CB637FF}] (...) -- I:\SOFT\6-NERO 7.8.5\Nero-7.8.5.0_trk_trial.exe (.not file.) [0]
[MD5.47BF82D59061BD532AE23E3F5688FA1E] [APT] [{B2E7CEC9-CFD7-41E1-97E8-EDC3E06E78EC}] (...) -- C:\Program Files (x86)\Google\Picasa3\Uninstall.exe [170629]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3599246484-722935821-3700833125-1000Core [970]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3599246484-722935821-3700833125-1000UA [1022]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_MST.job [362]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_MST [362]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_MST.job [358]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_MST [358]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_MST.job [368]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_MST [368]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 06s
---\\ Drivers launched at startup (O41)
O41 - Driver: ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({29b136c9-938d-4d3d-8df8-d649d9b74d02}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys =>PUP.LinkiDoo
~ Drivers: 75 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\VNT]
[HKCU\Software\Yandex]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
~ Key Software: 238 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03.07.2014 - 00:01:39 - [] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 11.05.2014 - 14:18:10 - [] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 06.02.2014 - 18:30:21 - [] -SH-D C:\ProgramData\Sık Kullanılanlar
O43 - CFD: 10.02.2014 - 02:59:35 - [] ----D C:\Users\MST\AppData\Roaming\rmi
O43 - CFD: 10.04.2014 - 19:16:08 - [] ----D C:\Users\MST\AppData\Roaming\Yandex
O43 - CFD: 03.07.2014 - 00:01:45 - [] ----D C:\Users\MST\AppData\Local\AskPartnerNetwork
O43 - CFD: 10.04.2014 - 19:16:18 - [] ----D C:\Users\MST\AppData\Local\Yandex
O43 - CFD: 09.02.2014 - 10:21:08 - [] ----D C:\Users\MST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 131 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.2EB66E7A35D535AA4C5C1AF8A80E77AE] - 18.07.2014 - 10:22:00 ---A- . (...) -- C:\Windows\win.ini [505]
~ Files: 60 Legitimates Filtered in 00mn 59s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:29.03.2005 - 01:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:14.07.2009 - 03:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10.06.2009 - 22:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14.07.2009 - 03:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:24.04.2014 - 11:33:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:09.06.2014 - 11:10:38 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704] =>PUP.LinkiDoo
~ Drivers: 57 Legitimates Filtered in 00mn 18s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 24.04.2014 - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64) .(.StdLib - StdLib.) - LEGACY_{29B136C9-938D-4D3D-8DF8-D649D9B74D02}GW64 =>PUP.LinkiDoo
O64 - Services: CurCS - 09.06.2014 - C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys ({29b136c9-938d-4d3d-8df8-d649d9b74d02}w64) .(.StdLib - StdLib.) - LEGACY_{29B136C9-938D-4D3D-8DF8-D649D9B74D02}W64 =>PUP.LinkiDoo
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 3020E123A7E4B9D525D093C926872C13 - (Yandex.Video) - http://video.yandex.com
O69 - SBI: SearchScopes [HKCU] 4217D5DB9DD6C5FEF576C827167C61D6 - (Yandex.Haberler) - http://haber.yandex.com
O69 - SBI: SearchScopes [HKCU] F5A14BB66FDFDBDB7EDB7EC085B30DAB - (Yandex.Görsel) - http://gorsel.yandex.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689 - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {96DF714A-8024-44C1-9495-036B0604318B} - (Yahoo! Search) - http://rts.dsrlte.com
O69 - SBI: SearchScopes [HKCU] {D07F1B2F-F6C4-4BB3-8FE2-E9DEBC577D33} - (Yandex) - http://yandex.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][19.07.2014] (...) -- C:\Users\MST\Desktop\adwcleaner_3.216.exe [1354223]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "25946514D214736534007A857BC0F010" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0F01}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.AACB27C8E71C4AF492E78CC3659EA8C1] [WIS][26.06.2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\250e4.msi [856064] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 05s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira
~ BCK: 4292 Legitimates Filtered in 00mn 05s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20.03.2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 06.01.2014 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10.07.1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Auto 03.04.2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 03.04.2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Auto 01.03.2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14.07.2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 06.06.2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16.07.2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 16.07.2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 16.07.2014 1030224 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SR - | Auto 23.06.2014 165784 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 07.01.2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 09.02.2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Demand 20.01.2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Demand 12.03.2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 14.08.2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17.12.2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 14.07.2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (16.07.2014)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 4
[HKLM\Software\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}] =>Toolbar.YandexFastDial
[HKLM\Software\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}] =>Toolbar.YandexFastDial
[HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
C:\Users\MST\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm =>Toolbar.Avira^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\MST\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Windows\Installer\250e4.msi =>Toolbar.Avira^
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^
~ Additionnel Scan: 500577 Items scanned in 01mn 28s
---\\ Additional information about modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
~ MSI: 3 link(s) detected in 00mn 00s
~ 727 Legitimates filtered by white list
End of the scan (495 lines in 04mn 11s)(0)