Sujet Précédent Sujet Suivant

Infection BoxoreClient / Analise Rapport ZHPDiag

Fermé
AdriKN Messages postés 39 Date d'inscription lundi 20 janvier 2014 Statut Membre Dernière intervention 22 avril 2016 - 20 janv. 2014 à 18:55
AdriKN Messages postés 39 Date d'inscription lundi 20 janvier 2014 Statut Membre Dernière intervention 22 avril 2016 - 20 janv. 2014 à 19:06
Bonjour, je viens de découvrir que je me suis fait infecter par Boxore Client et il m'est impossible de le supprimer.
Après quelques recherches je découvre qu il faut faire une analyse avec ZHPDiag, et après il faut utiliser ZHPfix pour le supprimer.
Actuellement j'ai fait l 'analyse, maintenant je cherche quelqu'un qui puisse me dire ce que je dois faire avec ZHPfix.


~ Report of ZHPDiag v2014.1.17.19 - Nicolas Coolman (17.01.2014)
~ Launched by Adrien (20.01.2014 18:27:10)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System optimization software
CCleaner v3.21 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 165 GB (36%) free of 450 GB

---\\ Connection to the system mode
~ Computer Name: ADRIEN-HP
~ User Name: Adrien
~ All Users Names: HomeGroupUser$, Gast, Adrien, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Adrien\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Adrien\AppData\Roaming\
~ %Desktop% : C:\Desktop\
~ %Favorites% : C:\Users\Adrien\Favorites\
~ %LocalAppData% : C:\Users\Adrien\AppData\Local\
~ %StartMenu% : C:\Users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 165 Go of 450 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 16 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26.02.2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14.07.2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22.02.2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.87A00ED70FEC36D0DD968E5058C29AA1] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.17.10.2011 - 17:05:43.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14.07.2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28.12.2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14.07.2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27.04.2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14.07.2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14.07.2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04.05.2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14.07.2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12.04.2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14.07.2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14.07.2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14.07.2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06.09.2012 - 18:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/43
~ Mes musiques (My Musics) : 1/2
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/149
~ Mon Bureau (My Desktop) : 6/15
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.2469DECEC0E28CB3C83E7FC47CB4AD12] - (...) -- C:\Windows\System32\hale.exe [2169856] [PID.2948]
[MD5.A16852B04C0A5654B0B8DFD5E1A25718] - (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe [576000] [PID.3744]
[MD5.FCDD7F7DA08E82A0CC83AF8111EDFDB9] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680] [PID.2652]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552] [PID.3916]
[MD5.5C96C5A27C1DBE126EEE2E4E220AF337] - (...) -- C:\Program Files (x86)\eLimit\maeLimit.exe [1298516] [PID.1540]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.4024]
[MD5.49CCFBE5D5225B9D3CC78C09DEE147D0] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe [286720] [PID.3428]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.3680]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.4704]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4860]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1528]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.2036]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2092]
[MD5.9DF9CF7840A3A99F2FFD614F0A13F2F9] - (.No owner - HPWMISVC Application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192] [PID.2268]
[MD5.AD5DF6F4FBBC798636EDC66BFEC7D0DE] - (.No owner - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [116104] [PID.2312]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2380]
[MD5.46B389E1A1C8E66D877402FC0821A371] - (.Telefónica I+D - ImpWiFiSvc Aplicación.) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624] [PID.2752]
[MD5.0955C23C041451FB4E7099D6B2CF1C06] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [988216] [PID.4608]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\h9s26bkh.default\prefs.js
C:\Users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\h9s26bkh.default\user.js
M2 - MFEP: prefs.js [Adrien - h9s26bkh.default\pksx2o@kdmboooa.co.uk] [] CeoupEExtension v1.3 (..)
M2 - MFEP: prefs.js [Adrien - h9s26bkh.default\yayafbmo@eooui.net] [] EinjjooyiCCoupon v3.4 (..)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: La Bataille pour la Terre du Milieu(TM) II.lnk . (...) -- C:\Program Files (x86)\Electronic Arts\La Bataille pour la Terre du Milieu II\lotrbfme2.exe
O4 - GS\Desktop [Public]: Mobile Connection Manager.lnk . (.Telefónica I+D - Telefónica Group Connection Manager.) -- C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Pandora Recovery.lnk . (.Pandora Corp. - Pandora Recovery.) -- C:\Program Files (x86)\Pandora Recovery\PandoraRecovery.exe
O4 - GS\Desktop [Public]: Pinnacle VideoSpin.lnk . (.Pinnacle Systems - Pinnacle VideoSpin program file.) -- C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
O4 - GS\Desktop [Public]: Studio Version 9.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe
O4 - GS\Program [Public]: CDBurner (graveur).lnk . (...) -- C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Accessories [Public]: imprim écran.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\QuickLaunch [Gast]: Studio.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe
O4 - GS\TaskBar [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Gast]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Gast]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Gast]: Crusader.lnk . (...) -- C:\Program Files (x86)\Fizzy\Crusader\swords_and_sandals_crusader_download.exe (.not file.)
O4 - GS\Desktop [Gast]: MagicDisc.lnk . (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - GS\Desktop [Gast]: MagicISO.lnk . (...) -- C:\Program Files (x86)\MagicISO\MagicISO.exe (.not file.)
O4 - GS\Desktop [Gast]: PDF Editeur 3.3.lnk . (...) -- C:\Program Files (x86)\PDF Editeur 3\PDFEdit.exe
O4 - GS\QuickLaunch [Adrien]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Adrien]: Studio.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe
O4 - GS\TaskBar [Adrien]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Adrien]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Adrien]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Adrien]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Adrien]: Creatval.lnk . (...) -- C:\Creatval\Creatval.exe (.not file.)
O4 - GS\Desktop [Adrien]: MagicDisc.lnk . (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - GS\Desktop [Adrien]: MagicISO.lnk . (...) -- C:\Program Files (x86)\MagicISO\MagicISO.exe (.not file.)
O4 - GS\Desktop [Adrien]: PDF Editeur 3.3.lnk . (...) -- C:\Program Files (x86)\PDF Editeur 3\PDFEdit.exe
~ Global Startup: 71 Legitimates Filtered in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: MagicDisc.lnk . (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [Chew7Hale] . (...) -- C:\Windows\System32\hale.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Adrien\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [eLimit] . (...) -- C:\Program Files (x86)\eLimit\maelimit.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2192003918-406133432-768257036-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Adrien\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BAEC7D7-813A-426C-A90C-42C33F707A4D}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{92C754A9-9FBF-41C9-9AFF-041053B2B60B}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA4915D6-4D97-4622-BC68-5A3955E8494E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BAEC7D7-813A-426C-A90C-42C33F707A4D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE0CF14-F574-4E6F-9ED5-1530B5F93186}: DhcpNameServer = 212.71.128.8 212.71.133.6 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BAEC7D7-813A-426C-A90C-42C33F707A4D}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{92C754A9-9FBF-41C9-9AFF-041053B2B60B}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA4915D6-4D97-4622-BC68-5A3955E8494E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BAEC7D7-813A-426C-A90C-42C33F707A4D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DE0CF14-F574-4E6F-9ED5-1530B5F93186}: DhcpNameServer = 212.71.128.8 212.71.133.6 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BAEC7D7-813A-426C-A90C-42C33F707A4D}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{92C754A9-9FBF-41C9-9AFF-041053B2B60B}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA4915D6-4D97-4622-BC68-5A3955E8494E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BAEC7D7-813A-426C-A90C-42C33F707A4D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DE0CF14-F574-4E6F-9ED5-1530B5F93186}: DhcpNameServer = 212.71.128.8 212.71.133.6 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\WinSpeed\WINSPE~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Limitation du temps d'utilisation d'internet v2.0.5 (eLimit) . (...) - C:\Program Files (x86)\eLimit\maeLimit.exe
O23 - Service: WinSpeed (f1f78e38) . (...) - c:\progra~3\winspeed\WinSpeedSvc.dll
O23 - Service: TGCM_ImportWiFiSvc (TGCM_ImportWiFiSvc) . (.Telefónica I+D - ImpWiFiSvc Aplicación.) - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
~ Services: 12 Legitimates Filtered in 00mn 06s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FoxTab.job [292]
[MD5.00000000000000000000000000000000] [APT] [bho_update] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe (.not file.) [0] =>Adware.Boxore
[MD5.00000000000000000000000000000000] [APT] [FoxTab] (...) -- C:\Users\Adrien\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.CEC66E3CA216A4783C6FC54B4FE36DBD] [APT] [ProgramRefresh-ATFST] (...) -- C:\Program Files (x86)\File Type Assistant\tsasetup.exe [1492080]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{0C0C880C-E5BD-4325-96E8-8B0E27E8348B}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{1CE38E45-FDA7-43C5-95F2-D100FC09D658}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{25B94267-259A-4470-A40D-E7ECF9C72542}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.00000000000000000000000000000000] [APT] [{2A8287DE-5E88-4225-B056-C4297A56D807}] (...) -- C:\Desktop\VideoSpin_2_0_Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{384ACAF8-0114-4379-A4EE-F56FD1B3CD12}] (...) -- C:\Desktop\creatvalsetup.exe (.not file.) [0]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{3B4E9010-1D9B-41EA-AA9B-4BE2EC68C34D}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.00000000000000000000000000000000] [APT] [{5158BCCA-CD58-46B5-94CE-F2D33B4A4802}] (...) -- C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe (.not file.) [0]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{53015318-C1D8-4897-B039-35FE6DCB0B2A}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.00000000000000000000000000000000] [APT] [{5A243D39-A67C-444F-BD9F-E84E9117A620}] (...) -- C:\Desktop\videospin_videospin_2.0.0.699_francais_199872.exe (.not file.) [0]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{60C6D0C3-FBEA-4A11-A1DC-445FF9003ECF}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.00000000000000000000000000000000] [APT] [{60CEACC9-24C5-4269-A939-14ACEC140F13}] (...) -- E:\install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6CA86A89-111A-4F7B-B44C-2D3FEB75A53A}] (...) -- C:\Users\Adrien\Desktop\Windows_Movie_Maker_2.0.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{786AEDFF-F348-4245-AEC6-BA5B14134B63}] (...) -- C:\Desktop\wpsetup(1).exe (.not file.) [0]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{7E973217-B050-4286-B88E-A4910B8CB1B1}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.00000000000000000000000000000000] [APT] [{8ABAE131-3FA0-441A-9562-5D9D534F32CF}] (...) -- C:\Desktop\SelfishRacer.exe (.not file.) [0]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{9525F1FB-34F9-42E2-AFE6-BD4FBC54C851}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{C70CD123-3677-4E22-B457-A37ED1CAED46}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
[MD5.00000000000000000000000000000000] [APT] [{D2FD456A-6B47-4F0D-B973-8F030E2813C6}] (...) -- C:\Desktop\le_seigneur_des_anneaux_la_bataille_pour_la_terre_du_milieu_2_RCModInstaller(2).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E3963FAC-8F4F-4DF5-8002-2382625C0BF6}] (...) -- C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E9CCBA76-12A1-4A62-ADA6-D0EE97F976EE}] (...) -- C:\Desktop\logiciel-dd944b07b0a93e33fe3024fa14f8a46e.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F21FA1D1-23C2-4000-9490-17D68D5A9D1E}] (...) -- C:\Program Files (x86)\Steam\Steam.exe (.not file.) [0]
[MD5.10B575DD9F52184D5E3EF810EC3B2F31] [APT] [{F8A3998A-C99A-4F0E-BA0E-3710F8DF0670}] (...) -- C:\Program Files (x86)\Canta\canta.exe [336897]
~ Scheduled Task: 50 Legitimates Filtered in 00mn 02s



---\\ Drivers launched at startup (O41)
O41 - Driver: (PCLEPCI) . (. - .) - C:\Windows\system32\drivers\pclepci.sys (.not file.)
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
O42 - Logiciel: Canta 1.11 - (.Chaumet Software.) [HKLM][64Bits] -- Canta
O42 - Logiciel: WinSpeed - (.Succes Stream.) [HKLM][64Bits] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}
O42 - Logiciel: eLimit 2.0.5 - (.M.A..) [HKLM][64Bits] -- eLimit_is1
O42 - Logiciel: the RC Mod - (...) [HKCU][64Bits] -- the RC Mod
~ Logic: 29 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\EA-LordOfTheRings]
[HKCU\Software\KROSOFT]
[HKCU\Software\LiveSupport]
[HKLM\Software\Chew7]
[HKLM\Software\Wow6432Node\Chaumet]
[HKLM\Software\Wow6432Node\eLimit]
~ Key Software: 378 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 18.01.2011 - 15:30:25 - [2,016] ----D C:\Program Files (x86)\Canta
O43 - CFD: 27.08.2013 - 10:57:47 - [3,518] ----D C:\Program Files (x86)\eLimit
O43 - CFD: 09.05.2012 - 16:47:25 - [37,727] ----D C:\Program Files (x86)\o2
O43 - CFD: 27.12.2013 - 10:12:51 - [0] ----D C:\Program Files (x86)\Sk-Enabler
O43 - CFD: 20.01.2014 - 18:26:38 - [0,013] ----D C:\Program Files (x86)\Common Files\eLimit
O43 - CFD: 28.02.2011 - 21:55:24 - [0,004] ----D C:\ProgramData\18C5
O43 - CFD: 31.12.2013 - 19:03:52 - [0,062] ----D C:\ProgramData\94e90d860d0a9a4e
O43 - CFD: 19.01.2014 - 11:50:00 - [0,007] ----D C:\ProgramData\CeoupEExtension
O43 - CFD: 19.01.2014 - 11:50:00 - [0,007] ----D C:\ProgramData\EinjjooyiCCoupon
O43 - CFD: 19.01.2014 - 11:51:39 - [4,297] ----D C:\ProgramData\WinSpeed
O43 - CFD: 23.08.2011 - 20:37:16 - [45,266] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 26.08.2013 - 19:55:41 - [0] ----D C:\Users\Adrien\AppData\Roaming\fizzy
O43 - CFD: 29.03.2011 - 14:39:14 - [0,004] ----D C:\Users\Adrien\AppData\Roaming\T-Mobile
O43 - CFD: 29.03.2011 - 14:55:26 - [5,336] ----D C:\Users\Adrien\AppData\Roaming\T-Mobile Internet Manager
O43 - CFD: 20.08.2013 - 10:35:09 - [0] ----D C:\Users\Adrien\AppData\Local\messengerdusexe
O43 - CFD: 27.08.2013 - 16:12:52 - [0,008] ----D C:\Users\Adrien\AppData\Local\Rapider
O43 - CFD: 10.01.2011 - 11:57:29 - [0] -SH-D C:\Users\Adrien\AppData\Local\Verlauf
O43 - CFD: 14.12.2012 - 21:11:55 - [12,795] ----D C:\Users\Adrien\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
O43 - CFD: 18.01.2011 - 15:30:21 - [0] ----D C:\Users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canta
O43 - CFD: 21.01.2011 - 23:54:31 - [0,005] ----D C:\Users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Keylogger
~ 20 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 288 Legitimates Filtered in 00mn 03s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 13.01.2014 - 18:10:45 --HA- . (...) -- C:\Windows\QTFont.qfn [54156]
O44 - LFC:[MD5.D8979C14630413127E2D426C4C819211] - 20.01.2014 - 18:27:32 ---A- . (...) -- C:\Windows\System32\cwlog.dtl [36174437]
~ Files: 13 Legitimates Filtered in 00mn 01s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{12a75b85-9862-11e1-9682-001e101fe5e1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{3c302be3-1c97-11e0-9516-aa34f710b6b1}\AutoRun\command. (...) -- F:\SETUP.exe (.not file.)
O51 - MPSK:{3dbf74e1-5b9f-11e0-a099-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{3dbf74ed-5b9f-11e0-a099-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{60b82062-5a09-11e0-8ee8-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{60b8207f-5a09-11e0-8ee8-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{6af64770-a2b9-11e1-8f39-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{a063b56d-6064-11e0-94d3-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{a66d0a06-83c3-11e0-af55-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{c6fc6db0-5a20-11e0-b1ad-ede791f26a3c}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{e179de6f-4629-11e2-8435-c0cb3846e3b1}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{ecfb4c61-5b9d-11e0-a5cc-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{ecfb4c6f-5b9d-11e0-a5cc-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{f042d8f0-9fe7-11e1-aff0-c0cb3846e3b1}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
~ Keys: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Chew7Hale [Key] . (...) -- C:\Windows\System32\hale.exe
~ SMSR Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 23.12.2013 - 11:18:18 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 23.12.2013 - 11:18:18 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14.07.2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.06691B7CB86444BE0F95ACEB700F8140] - 18.01.2010 - 11:48:12 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.14908F4F9005C29DE8F5587E271390EE] - 27.08.2013 - 16:48:08 ---A- . (.GFI Software - GFI Boot Time Operations Driver.) -- C:\Windows\System32\Drivers\gfibto.sys [14456]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10.06.2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.0BB97D43299910CBFBA59C461B99B910] - 04.04.2013 - 13:50:32 ---A- . (...) -- C:\Windows\System32\Drivers\mbam.sys [25928]
O58 - SDL:[MD5.3047B186C71B082C031AEFCA783B329C] - 10.05.2010 - 07:22:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [999936]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14.07.2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.2C3AE35D52C4914C22A2D2FD5C4C8FDD] - 10.06.2008 - 19:02:40 ---A- . (...) -- C:\Windows\SysWOW64\drivers\mbam.sys [15864]
O58 - SDL:[MD5.72986186CA7A8C3F1F41681EDAD59F2B] - 10.06.2008 - 19:02:44 ---A- . (...) -- C:\Windows\SysWOW64\drivers\mbamcatchme.sys [34296]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.E1FBAB1339CF375697B494DFE365BE6F] [SPRF][10.01.2011] (.www.froggie.sk - Language Pack Installer for Windows Vista and Seven.) -- C:\Desktop\Vistalizator23.exe [970156]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore
~ Update Products: 110 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27.12.2013 177488 | c:\progra~3\winspeed\WinSpeedSvc.dll (f1f78e38) . (...) - C:\ProgramData\WinSpeed\WinSpeedSvc.dll
SS - | Auto 04.04.2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

SR - | Auto 06.06.2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18.11.2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 22.06.2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 23.12.2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 10.07.1658 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 10.11.2010 1298516 | (eLimit) . (...) - C:\Program Files (x86)\eLimit\maeLimit.exe
SR - | Auto 10.07.1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Demand 05.07.2011 988216 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 02.07.2010 27192 | (HPWMISVC) . (...) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 05.04.2010 116104 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04.04.2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 17.06.2010 315392 | (RtVOsdService) . (.Realtek Semiconductor Corp..) - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
SR - | Auto 29.09.2010 200624 | (TGCM_ImportWiFiSvc) . (.Telefónica I+D.) - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
SR - | Auto 14.07.2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14.07.2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : 13024 - (17.01.2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
~ Additionnel Scan: 253986 Items scanned in 00mn 23s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 2 link(s) detected in 00mn 23s



~ 1344 Legitimates filtered by white list
End of the scan (524 lines in 00mn 59s)(0)

1 réponse

Réponse 1 / 1
AdriKN Messages postés 39 Date d'inscription lundi 20 janvier 2014 Statut Membre Dernière intervention 22 avril 2016
20 janv. 2014 à 19:06
Quelqu'un a une idée s'il vous plaît ?
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
a quoi sert vraiment ce logiciel ZHPDIAG
Utilisateur anonyme -
Utilisateur anonyme -

7 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses