Update your flash player
Fermé
dadmoh
Messages postés
1
Date d'inscription
dimanche 11 mai 2014
Statut
Membre
Dernière intervention
11 mai 2014
-
11 mai 2014 à 09:16
¡El Desaparecido! Messages postés 1521 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 - 11 mai 2014 à 10:34
¡El Desaparecido! Messages postés 1521 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 - 11 mai 2014 à 10:34
probleme avec update your flash player , j'ai utilisé ZHPDiag 2014.5.11.59 et voila le resultat de mon analyse
~ Report of ZHPDiag v2014.5.11.59 - Nicolas Coolman (11/05/2014)
~ Launched by home (11/05/2014 07:54:03)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, RETAIL channel
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Free Antivirus v9.0.2018
McAfee Security Scan Plus v3.8.141.11
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ System optimization software
CCleaner v4.13
---\\ Sharing software PeerToPeer
Vuze v5.3.0.0 =>P2P.Azureus
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (37% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (27%) free of 38 GB
---\\ Connection to the system mode
~ Computer Name: HOME-PC
~ User Name: home
~ All Users Names: HomeGroupUser$, home, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\home\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\home\AppData\Roaming\
~ %Desktop% : C:\Users\home\Desktop\
~ %Favorites% : C:\Users\home\Favorites\
~ %LocalAppData% : C:\Users\home\AppData\Local\
~ %StartMenu% : C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 38 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 33 Go)
---\\ State of the Windows Security Center
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.6DD03008047432CD4192DD869CBBC485] - (.Microsoft Corporation - Microsoft Tablet PC Component.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [1536]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 4/33
~ Mes musiques (My Musics) : 1/26
~ Mes Videos (My Videos) : 5/76
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/130
~ Mon Bureau (My Desktop) : 2/348
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 04s
---\\ Process running
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.200]
[MD5.317FCC0A1F599A7B7ACCAF1C852561E5] - (.Vimicro - Vimicro.) -- C:\Windows\VM303_STI.exe [61440] [PID.216]
[MD5.0B1E2A37AAB87034314D8014F23221B2] - (.Vimicro - Vimicro.) -- C:\Windows\vmsnap3.exe [49152] [PID.232]
[MD5.F9CAAC9D8C767E51AFFD396EDFD20C96] - (...) -- C:\Windows\Domino.exe [49152] [PID.664]
[MD5.4063847213190D3C1871636416D05CDA] - (.Vimisoft Studio - IM Magician Camera Monitor.) -- C:\Program Files\IM Magician\vicamon.exe [118784] [PID.1032]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1192]
[MD5.1FC71A719B45A6A90BAFE2387EA07984] - (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe [233472] [PID.1300]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.1596]
[MD5.57C635C41750117D206C90DA9C599777] - (.No owner - Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264] [PID.1640]
[MD5.A043F2DCB3DE6A01317FD7DDDAA53736] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\home\AppData\Local\VNT\vntldr.exe [202192] [PID.1540] =>Toolbar.Ask
[MD5.69F509A8A4A3FB81CB809E60B0BEAC2E] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.2088]
[MD5.4EF5E08AEBBEFFB9B7D79E9F3B2CF7BA] - (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624] [PID.2324]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.2420]
[MD5.490F9A7948EF661DF32A9F0DC8534284] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.2592]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.3932]
[MD5.11DD7724D652731761CE8DE4B1F5217C] - (.Speedbit Ltd. - SBUpdate Module.) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [92800] [PID.4160]
[MD5.4E36C444397A1C7FDFB9A10D4852CA55] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7872512] [PID.5768]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\prefs.js
M3 - MFPP: Plugins - [home] -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\searchplugins\fissa.xml =>PUP.OfferBox
M0 - MFSP: prefs.js [home - lw9x082l.default] http://home.speedbit.com
M2 - MFEP: prefs.js [home - lw9x082l.default\@FissaPlugin] [] Fissa v1.0 (..) =>PUP.OfferBox
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://go.speedbit.com
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{472734EA-242A-422B-ADF8-83D1E48CC825} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\QuickLaunch [home]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
~ Global Startup: 2 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [90875d2a12174bfc72e61095963ba405] C:\Users\home\AppData\Roaming\Bloc-notes.exe (.not file.) =>.Microsoft Corporation
O4 - HKLM\..\Run: [BigDog303] . (.Vimicro - Vimicro.) -- C:\Windows\VM303_STI.exe
O4 - HKLM\..\Run: [VMSnap3] . (.Vimicro - Vimicro.) -- C:\Windows\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] . (...) -- C:\Windows\Domino.exe
O4 - HKLM\..\Run: [IMMON] . (.Vimisoft Studio - IM Magician Camera Monitor.) -- C:\Program Files\IM Magician\Vicamon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HSPALauncher] . (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe
O4 - HKLM\..\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [BrMfcWnd] . (.No owner - Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [90875d2a12174bfc72e61095963ba405] C:\Users\home\AppData\Roaming\Bloc-notes.exe (.not file.) =>.Microsoft Corporation
O4 - HKCU\..\Run: [jhhjxjvkvo] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [90875d2a12174bfc72e61095963ba405] C:\Users\home\AppData\Roaming\Bloc-notes.exe (.not file.) =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [jhhjxjvkvo] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F0653F3-CEE3-46CF-A58C-C1F00A3101AE}: DhcpNameServer = 23.253.94.129 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F0653F3-CEE3-46CF-A58C-C1F00A3101AE}: DhcpNameServer = 23.253.94.129 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F0653F3-CEE3-46CF-A58C-C1F00A3101AE}: DhcpNameServer = 23.253.94.129 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 23.253.94.129 8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: SpeedBit Update (SBUpd) . (.Speedbit Ltd. - SpeedBit Update Service.) - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
O23 - Service: (vToolbarUpdater17.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 8 Legitimates Filtered in 00mn 06s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [ARhome] (...) -- C:\Program Files\NoVooIT\ARhome\Updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SBW_UpdateTask_Time_3535313331323130312d3437415a556c2a3223346c41] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [wp_update] (...) -- C:\Users\home\AppData\Roaming\~mvnrrdd.exe (.not file.) [0] =>PUP.WpManager
[MD5.00000000000000000000000000000000] [APT] [{6921C5E9-9906-4ECE-82C1-F8F232EEEA9B}] (...) -- C:\Users\home\Downloads\Compressed\DzMA 18 by hakim.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{75E147F7-F41D-4AB0-8569-7F7FA4C20ADB}] (...) -- C:\Users\home\Desktop\sharing\DzMA 10 by hakim.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{94CE723A-C49E-43D9-A927-1A83B26622C7}] (...) -- C:\Users\home\Downloads\epson317832eu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B6E4F058-C294-45F4-876B-38E65B988199}] (...) -- C:\Users\home\Desktop\sharing\DzMA by biensat.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D48402B1-A147-422B-992B-17BDA050D441}] (...) -- C:\Users\home\Desktop\sharing\DzMA 11 by hakim.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EDEAE693-0028-4969-87B3-B49BF36AA418}] (...) -- C:\Users\home\Desktop\sharing\DzMA 20 by hakim.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 07s
---\\ Drivers launched at startup (O41)
O41 - Driver: (aswKbd) . (. - .) - C:\Windows\system32\drivers\aswKbd.sys (.not file.)
O41 - Driver: (wStLib) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLib.sys =>PUP.LinkiDoo
O41 - Driver: ({ef8714df-a44b-464c-9034-549a70dc4cd7}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys =>PUP.LinkiDoo
~ Drivers: 93 Legitimates Filtered in 00mn 01s
---\\ Software installed (O42)
O42 - Logiciel: 1000 Lettres, contrats et actes types - Version 1.0 - (...) [HKLM] -- 1000 Lettres, contrats et actes types - Version
O42 - Logiciel: ARhome - (.NoVooIT.) [HKLM] -- ARhome
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM] -- {5347542D-5637-006A-76A7-A758B70C0700} =>Adware.Bandoo
O42 - Logiciel: IM Magician - (.IM Magician Studio.) [HKLM] -- {EFD75031-ABBC-4B99-B7BE-6D32FBB345AF}
O42 - Logiciel: NoVooIT - (.NoVooITSet.) [HKLM] -- NoVooIT
O42 - Logiciel: Virtual Serial Ports Emulator - (.Eterlogic.com.) [HKLM] -- {8F3F769D-E9C4-42E5-9B35-82DDCE0790C1}
~ Logic: 18 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARhome]
[HKCU\Software\NoVooIT]
[HKCU\Software\SpeedBit]
[HKCU\Software\VNT]
[HKCU\Software\keepvid Company] =>PUP.KeepVid
[HKLM\Software\IM Magician Studio]
[HKLM\Software\NoVooITSet]
[HKLM\Software\PCTools]
[HKLM\Software\SpeedBit]
~ Key Software: 315 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/05/2013 - 00:18:29 - [] ----D C:\Program Files\CollageMaker
O43 - CFD: 04/05/2014 - 15:04:24 - [] ----D C:\Program Files\Eterlogic.com
O43 - CFD: 16/10/2013 - 00:29:57 - [] ----D C:\Program Files\GUM6D98.tmp
O43 - CFD: 07/10/2013 - 21:53:59 - [] ----D C:\Program Files\IM Magician
O43 - CFD: 21/03/2014 - 20:58:15 - [] ----D C:\Program Files\keepvid =>PUP.KeepVid
O43 - CFD: 13/12/2013 - 19:43:04 - [] ----D C:\Program Files\VNT
O43 - CFD: 07/10/2013 - 21:53:19 - [] ----D C:\Program Files\Common Files\IM Magician Studio
O43 - CFD: 12/04/2014 - 15:32:45 - [] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 22/10/2013 - 20:57:58 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 12/04/2014 - 15:46:11 - [] ----D C:\ProgramData\SpeedBit
O43 - CFD: 11/05/2013 - 01:41:57 - [] ----D C:\Users\home\AppData\Roaming\PCTools
O43 - CFD: 13/12/2013 - 19:43:13 - [] ----D C:\Users\home\AppData\Local\VNT
O43 - CFD: 30/03/2014 - 12:43:45 - [] R---D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques et imprimantes - Raccourci
O43 - CFD: 04/05/2014 - 15:04:27 - [] ----D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator
~ Program Folder: 207 Legitimates Filtered in 00mn 02s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CB5CA1EA11F2AFBAE75883F6A22EAD29] - 05/05/2014 - 16:34:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys [52920] =>PUP.LinkiDoo
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 08/05/2014 - 20:53:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 08/05/2014 - 21:30:19 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.C39B9BCBC14067A7799B8A4AD07067CA] - 08/05/2014 - 21:33:45 ---A- . (...) -- C:\Windows\win.ini [580]
~ Files: 25 Legitimates Filtered in 00mn 07s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{5d0ae630-a2cf-11e3-91e0-001641b6d43d}\AutoRun\command. (...) -- F:\USBAutoRun.exe (.not file.)
O51 - MPSK:{a2af93c6-454e-11e3-bf3e-001641b6d43d}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:08/05/2014 - 20:53:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:08/05/2014 - 20:53:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:08/05/2014 - 20:53:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:29/08/2008 - 17:54:40 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmusbser.sys [103552]
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:24/04/2013 - 20:12:34 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [40648]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:24/04/2013 - 20:25:44 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [37064]
O58 - SDL:06/04/2014 - 23:04:47 ---A- . (...) -- C:\Windows\System32\Drivers\VSPE.sys [25984]
O58 - SDL:05/04/2014 - 14:28:29 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib.sys [52928] =>PUP.LinkiDoo
O58 - SDL:05/05/2014 - 16:34:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys [52920] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:06/05/2011 - 14:30:00 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [16472]
O58 - SDL:06/05/2011 - 14:29:50 ----- . (...) -- C:\Windows\System32\pwdspio.sys [11104]
~ Drivers: 84 Legitimates Filtered in 00mn 06s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 08/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 05/04/2014 - C:\Windows\System32\drivers\wStLib.sys (wStLib) .(.StdLib - StdLib.) - LEGACY_WSTLIB =>PUP.LinkiDoo
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys ({ef8714df-a44b-464c-9034-549a70dc4cd7}Gw) .(.StdLib - StdLib.) - LEGACY_{EF8714DF-A44B-464C-9034-549A70DC4CD7}GW =>PUP.LinkiDoo
~ Legacy: 103 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML.4XWEUZGOXFCSA3CHVCOBESBQSQ>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.4XWEUZGOXFCSA3CHVCOBESBQSQ> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.disableHPGuard", false);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.disableSPGuard", false);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guard_xpcom", 0);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guards_inactive", 1);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("extensions.Fissa.lastRunTime", "Sat, 10 May 2014 21:13:06 GMT"); =>PUP.OfferBox
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] 5ABC86EFD185481497E4758406B4D690 - (AVG Secure Search) - https://mysearch.avg.com/ =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://ww12.arabyonline.com
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit Search) - http://go.speedbit.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.D991832FA90ED93DAC8BA44B478C1CE4] [SPRF][02/11/2013] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.0535EBAB4F2786D33C16A6F9109C7EFF] [SPRF][14/02/2014] (...) -- C:\Users\home\Desktop\Tiranium_antivirus_setup.exe [77836633]
~ Files: 6 Legitimates Filtered in 00mn 02s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira
O90 - PUC: "BA172DB42E6685D4FA8808EFB370074C" . (.Fissa.) -- C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.3B08089E1ED6046F2183A7A38FBD553C] [WIS][28/11/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\113ed20.msi [21504] =>Adware.SocialSkinz
[MD5.EACFF4CBE1EC3A8212663F0FF397034F] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\30c05.msi [813568] =>Adware.Bandoo
[MD5.D826506F024CA0F8FF93F3F1A98E688C] [WIS][07/11/2013] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\35d821.msi [467456] =>Adware.Bandoo
[MD5.368378DB09895B7A5B9189B68AA99974] [WIS][23/04/2013] (.Aedge Performance BCN - Fissa.) -- C:\Windows\Installer\f8915.msi [1290240] =>PUP.OfferBox
~ WIS: 4 Legitimates Filtered in 00mn 07s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10315_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10315_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10742_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10742_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup23590_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup23590_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup25769_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup25769_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup26026_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup26026_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup27205_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup27205_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup31358_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup31358_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34365_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34365_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34420_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34420_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup37898_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup37898_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup39036_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup39036_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup45373_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup45373_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup47237_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup47237_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48035_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48035_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48357_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48357_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup51179_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup51179_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup52570_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup52570_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53168_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53168_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53195_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53195_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup58202_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup58202_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup59662_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup59662_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60135_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60135_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60340_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60340_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60356_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60356_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60431_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60431_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60758_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60758_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup61690_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup61690_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup62280_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup62280_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock AddonsUI_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock AddonsUI_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\DefaultTabSearch_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\DefaultTabSearch_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\KREAPIXEL_RASAPI32 =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\KREAPIXEL_RASMANCS =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\maucampoSetup_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampoSetup_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_Setup_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_Setup_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\mlv_ar_qvo6_RASAPI32 =>Hijacker.Qvo6
HKLM\SOFTWARE\Microsoft\Tracing\mlv_ar_qvo6_RASMANCS =>Hijacker.Qvo6
HKLM\SOFTWARE\Microsoft\Tracing\MoviesToolbarSetup_Somoto_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\MoviesToolbarSetup_Somoto_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Microsoft\Tracing\Pricora 2_RASAPI32 =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\Pricora 2_RASMANCS =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectionStub_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectionStub_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\updatemaucampo_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\updatemaucampo_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\updatewisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\utilDiVapton_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utilDiVapton_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utilmaucampo_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\utilmaucampo_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\utilWhilokii_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\utilWhilokii_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\utilwisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\utilwisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV3_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV3_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WAJAM_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WAJAM_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\whilokii_is_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\whilokii_is_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\Whilokii_Setup_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\Whilokii_Setup_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_Setup_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_Setup_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wp_update_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wp_update_RASMANCS =>PUP.WpManager
~ BTK: 685 Legitimates Filtered in 00mn 01s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{338a754c-b46e-4bf2-8ac8-23de36862ad3}] (SafetyNut) =>PUP.MoviesToolbar
[HKCR\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2}] (webget) =>PUP.WebGet
~ BCK: 6499 Legitimates Filtered in 00mn 14s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/01/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 20/01/2014 103936 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (vToolbarUpdater17.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 04/03/2014 1751672 | (SBUpd) . (.Speedbit Ltd..) - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s
---\\ Scan Additionnel (O88)
Database Version : 13045 - (11/05/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 9
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.2.0] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5347542D-5637-006A-76A7-A758B70C0700}] =>Adware.Bandoo^
[HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Trojan.Adclicker
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\extensions\@FissaPlugin =>PUP.OfferBox^
C:\Program Files\keepvid =>PUP.KeepVid^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Program Files\Ad-Remover\Quarantine\C\Users\home\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\SearchPlugins\fissa.xml =>PUP.OfferBox
C:\Users\home\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^
[HKCU\Software\keepvid Company] =>PUP.KeepVid^
C:\Windows\Installer\113ed20.msi =>Adware.SocialSkinz^
C:\Windows\Installer\30c05.msi =>Adware.Bandoo^
C:\Windows\Installer\35d821.msi =>Adware.Bandoo^
C:\Windows\Installer\f8915.msi =>PUP.OfferBox^
[HKCR\CLSID\{338a754c-b46e-4bf2-8ac8-23de36862ad3}] (SafetyNut) =>PUP.MoviesToolbar^
[HKCR\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2}] (webget) =>PUP.WebGet^
~ Additionnel Scan: 260202 Items scanned in 01mn 05s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.byethost7.com/wordpress/toolbar-ask/ =>Toolbar.Ask
http://nicolascoolman.byethost7.com/wordpress/pup-offerbox/ =>PUP.OfferBox
http://nicolascoolman.byethost7.com/wordpress/pup-wpmanager/ =>PUP.WpManager
http://nicolascoolman.byethost7.com/wordpress/pup-linkidoo/ =>PUP.LinkiDoo
http://nicolascoolman.byethost7.com/wordpress/adware-bandoo/ =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/36614246-pup-keepvid =>PUP.KeepVid
http://nicolascoolman.byethost7.com/wordpress/pup-tarma =>PUP.Tarma
http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/ =>Adware.MyWebSearch
http://nicolascoolman.byethost7.com/wordpress/adware-socialskinz/ =>Adware.SocialSkinz
http://nicolascoolman.byethost7.com/wordpress/hijacker-babsolution/ =>Hijacker.BabSolution
http://nicolascoolman.byethost7.com/wordpress/adware-megasearch/ =>Adware.MegaSearch
http://nicolascoolman.byethost7.com/wordpress/pup-bubbledock/ =>PUP.BubbleDock
http://nicolascoolman.webs.com/apps/blog/show/34598282-pup-divapton =>PUP.DiVapton
http://nicolascoolman.byethost7.com/wordpress/adware-predictad/ =>Adware.PredictAd
http://nicolascoolman.byethost7.com/wordpress/adware-opencandy/ =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/40869827-pup-maucampo =>PUP.Maucampo
http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
http://nicolascoolman.byethost7.com/wordpress/rogue-pcspeedmaximizer/ =>Rogue.PCSpeedMaximizer
http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
http://nicolascoolman.byethost7.com/wordpress/pup-webget/ =>PUP.WebGet
http://nicolascoolman.webs.com/apps/blog/show/33413667-pup-whilokii =>PUP.Whilokii
http://nicolascoolman.byethost7.com/wordpress/pup-wajam/ =>PUP.Wajam
http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
http://nicolascoolman.webs.com/apps/blog/show/29563527-trojan-adclicker =>Trojan.Adclicker
http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ MSI: 26 link(s) detected in 00mn 00s
~ 889 Legitimates filtered by white list
End of the scan (689 lines in 02mn 39s)(0)
~ Report of ZHPDiag v2014.5.11.59 - Nicolas Coolman (11/05/2014)
~ Launched by home (11/05/2014 07:54:03)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, RETAIL channel
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Free Antivirus v9.0.2018
McAfee Security Scan Plus v3.8.141.11
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ System optimization software
CCleaner v4.13
---\\ Sharing software PeerToPeer
Vuze v5.3.0.0 =>P2P.Azureus
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (37% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (27%) free of 38 GB
---\\ Connection to the system mode
~ Computer Name: HOME-PC
~ User Name: home
~ All Users Names: HomeGroupUser$, home, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\home\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\home\AppData\Roaming\
~ %Desktop% : C:\Users\home\Desktop\
~ %Favorites% : C:\Users\home\Favorites\
~ %LocalAppData% : C:\Users\home\AppData\Local\
~ %StartMenu% : C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 38 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 33 Go)
---\\ State of the Windows Security Center
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.6DD03008047432CD4192DD869CBBC485] - (.Microsoft Corporation - Microsoft Tablet PC Component.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [1536]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 4/33
~ Mes musiques (My Musics) : 1/26
~ Mes Videos (My Videos) : 5/76
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/130
~ Mon Bureau (My Desktop) : 2/348
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 04s
---\\ Process running
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.200]
[MD5.317FCC0A1F599A7B7ACCAF1C852561E5] - (.Vimicro - Vimicro.) -- C:\Windows\VM303_STI.exe [61440] [PID.216]
[MD5.0B1E2A37AAB87034314D8014F23221B2] - (.Vimicro - Vimicro.) -- C:\Windows\vmsnap3.exe [49152] [PID.232]
[MD5.F9CAAC9D8C767E51AFFD396EDFD20C96] - (...) -- C:\Windows\Domino.exe [49152] [PID.664]
[MD5.4063847213190D3C1871636416D05CDA] - (.Vimisoft Studio - IM Magician Camera Monitor.) -- C:\Program Files\IM Magician\vicamon.exe [118784] [PID.1032]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1192]
[MD5.1FC71A719B45A6A90BAFE2387EA07984] - (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe [233472] [PID.1300]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.1596]
[MD5.57C635C41750117D206C90DA9C599777] - (.No owner - Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264] [PID.1640]
[MD5.A043F2DCB3DE6A01317FD7DDDAA53736] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\home\AppData\Local\VNT\vntldr.exe [202192] [PID.1540] =>Toolbar.Ask
[MD5.69F509A8A4A3FB81CB809E60B0BEAC2E] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.2088]
[MD5.4EF5E08AEBBEFFB9B7D79E9F3B2CF7BA] - (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624] [PID.2324]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.2420]
[MD5.490F9A7948EF661DF32A9F0DC8534284] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.2592]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.3932]
[MD5.11DD7724D652731761CE8DE4B1F5217C] - (.Speedbit Ltd. - SBUpdate Module.) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [92800] [PID.4160]
[MD5.4E36C444397A1C7FDFB9A10D4852CA55] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7872512] [PID.5768]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\prefs.js
M3 - MFPP: Plugins - [home] -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\searchplugins\fissa.xml =>PUP.OfferBox
M0 - MFSP: prefs.js [home - lw9x082l.default] http://home.speedbit.com
M2 - MFEP: prefs.js [home - lw9x082l.default\@FissaPlugin] [] Fissa v1.0 (..) =>PUP.OfferBox
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://go.speedbit.com
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{472734EA-242A-422B-ADF8-83D1E48CC825} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\QuickLaunch [home]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
~ Global Startup: 2 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [90875d2a12174bfc72e61095963ba405] C:\Users\home\AppData\Roaming\Bloc-notes.exe (.not file.) =>.Microsoft Corporation
O4 - HKLM\..\Run: [BigDog303] . (.Vimicro - Vimicro.) -- C:\Windows\VM303_STI.exe
O4 - HKLM\..\Run: [VMSnap3] . (.Vimicro - Vimicro.) -- C:\Windows\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] . (...) -- C:\Windows\Domino.exe
O4 - HKLM\..\Run: [IMMON] . (.Vimisoft Studio - IM Magician Camera Monitor.) -- C:\Program Files\IM Magician\Vicamon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HSPALauncher] . (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe
O4 - HKLM\..\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [BrMfcWnd] . (.No owner - Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [90875d2a12174bfc72e61095963ba405] C:\Users\home\AppData\Roaming\Bloc-notes.exe (.not file.) =>.Microsoft Corporation
O4 - HKCU\..\Run: [jhhjxjvkvo] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [90875d2a12174bfc72e61095963ba405] C:\Users\home\AppData\Roaming\Bloc-notes.exe (.not file.) =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [jhhjxjvkvo] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-2845125807-2210741877-3492183382-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F0653F3-CEE3-46CF-A58C-C1F00A3101AE}: DhcpNameServer = 23.253.94.129 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F0653F3-CEE3-46CF-A58C-C1F00A3101AE}: DhcpNameServer = 23.253.94.129 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F0653F3-CEE3-46CF-A58C-C1F00A3101AE}: DhcpNameServer = 23.253.94.129 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 23.253.94.129 8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: SpeedBit Update (SBUpd) . (.Speedbit Ltd. - SpeedBit Update Service.) - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
O23 - Service: (vToolbarUpdater17.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 8 Legitimates Filtered in 00mn 06s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [ARhome] (...) -- C:\Program Files\NoVooIT\ARhome\Updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SBW_UpdateTask_Time_3535313331323130312d3437415a556c2a3223346c41] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [wp_update] (...) -- C:\Users\home\AppData\Roaming\~mvnrrdd.exe (.not file.) [0] =>PUP.WpManager
[MD5.00000000000000000000000000000000] [APT] [{6921C5E9-9906-4ECE-82C1-F8F232EEEA9B}] (...) -- C:\Users\home\Downloads\Compressed\DzMA 18 by hakim.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{75E147F7-F41D-4AB0-8569-7F7FA4C20ADB}] (...) -- C:\Users\home\Desktop\sharing\DzMA 10 by hakim.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{94CE723A-C49E-43D9-A927-1A83B26622C7}] (...) -- C:\Users\home\Downloads\epson317832eu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B6E4F058-C294-45F4-876B-38E65B988199}] (...) -- C:\Users\home\Desktop\sharing\DzMA by biensat.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D48402B1-A147-422B-992B-17BDA050D441}] (...) -- C:\Users\home\Desktop\sharing\DzMA 11 by hakim.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EDEAE693-0028-4969-87B3-B49BF36AA418}] (...) -- C:\Users\home\Desktop\sharing\DzMA 20 by hakim.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 07s
---\\ Drivers launched at startup (O41)
O41 - Driver: (aswKbd) . (. - .) - C:\Windows\system32\drivers\aswKbd.sys (.not file.)
O41 - Driver: (wStLib) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLib.sys =>PUP.LinkiDoo
O41 - Driver: ({ef8714df-a44b-464c-9034-549a70dc4cd7}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys =>PUP.LinkiDoo
~ Drivers: 93 Legitimates Filtered in 00mn 01s
---\\ Software installed (O42)
O42 - Logiciel: 1000 Lettres, contrats et actes types - Version 1.0 - (...) [HKLM] -- 1000 Lettres, contrats et actes types - Version
O42 - Logiciel: ARhome - (.NoVooIT.) [HKLM] -- ARhome
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM] -- {5347542D-5637-006A-76A7-A758B70C0700} =>Adware.Bandoo
O42 - Logiciel: IM Magician - (.IM Magician Studio.) [HKLM] -- {EFD75031-ABBC-4B99-B7BE-6D32FBB345AF}
O42 - Logiciel: NoVooIT - (.NoVooITSet.) [HKLM] -- NoVooIT
O42 - Logiciel: Virtual Serial Ports Emulator - (.Eterlogic.com.) [HKLM] -- {8F3F769D-E9C4-42E5-9B35-82DDCE0790C1}
~ Logic: 18 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARhome]
[HKCU\Software\NoVooIT]
[HKCU\Software\SpeedBit]
[HKCU\Software\VNT]
[HKCU\Software\keepvid Company] =>PUP.KeepVid
[HKLM\Software\IM Magician Studio]
[HKLM\Software\NoVooITSet]
[HKLM\Software\PCTools]
[HKLM\Software\SpeedBit]
~ Key Software: 315 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/05/2013 - 00:18:29 - [] ----D C:\Program Files\CollageMaker
O43 - CFD: 04/05/2014 - 15:04:24 - [] ----D C:\Program Files\Eterlogic.com
O43 - CFD: 16/10/2013 - 00:29:57 - [] ----D C:\Program Files\GUM6D98.tmp
O43 - CFD: 07/10/2013 - 21:53:59 - [] ----D C:\Program Files\IM Magician
O43 - CFD: 21/03/2014 - 20:58:15 - [] ----D C:\Program Files\keepvid =>PUP.KeepVid
O43 - CFD: 13/12/2013 - 19:43:04 - [] ----D C:\Program Files\VNT
O43 - CFD: 07/10/2013 - 21:53:19 - [] ----D C:\Program Files\Common Files\IM Magician Studio
O43 - CFD: 12/04/2014 - 15:32:45 - [] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 22/10/2013 - 20:57:58 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 12/04/2014 - 15:46:11 - [] ----D C:\ProgramData\SpeedBit
O43 - CFD: 11/05/2013 - 01:41:57 - [] ----D C:\Users\home\AppData\Roaming\PCTools
O43 - CFD: 13/12/2013 - 19:43:13 - [] ----D C:\Users\home\AppData\Local\VNT
O43 - CFD: 30/03/2014 - 12:43:45 - [] R---D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques et imprimantes - Raccourci
O43 - CFD: 04/05/2014 - 15:04:27 - [] ----D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator
~ Program Folder: 207 Legitimates Filtered in 00mn 02s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CB5CA1EA11F2AFBAE75883F6A22EAD29] - 05/05/2014 - 16:34:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys [52920] =>PUP.LinkiDoo
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 08/05/2014 - 20:53:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 08/05/2014 - 21:30:19 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.C39B9BCBC14067A7799B8A4AD07067CA] - 08/05/2014 - 21:33:45 ---A- . (...) -- C:\Windows\win.ini [580]
~ Files: 25 Legitimates Filtered in 00mn 07s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{5d0ae630-a2cf-11e3-91e0-001641b6d43d}\AutoRun\command. (...) -- F:\USBAutoRun.exe (.not file.)
O51 - MPSK:{a2af93c6-454e-11e3-bf3e-001641b6d43d}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:08/05/2014 - 20:53:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:08/05/2014 - 20:53:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:08/05/2014 - 20:53:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:29/08/2008 - 17:54:40 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmusbser.sys [103552]
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:24/04/2013 - 20:12:34 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [40648]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:24/04/2013 - 20:25:44 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [37064]
O58 - SDL:06/04/2014 - 23:04:47 ---A- . (...) -- C:\Windows\System32\Drivers\VSPE.sys [25984]
O58 - SDL:05/04/2014 - 14:28:29 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib.sys [52928] =>PUP.LinkiDoo
O58 - SDL:05/05/2014 - 16:34:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys [52920] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:06/05/2011 - 14:30:00 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [16472]
O58 - SDL:06/05/2011 - 14:29:50 ----- . (...) -- C:\Windows\System32\pwdspio.sys [11104]
~ Drivers: 84 Legitimates Filtered in 00mn 06s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 08/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 05/04/2014 - C:\Windows\System32\drivers\wStLib.sys (wStLib) .(.StdLib - StdLib.) - LEGACY_WSTLIB =>PUP.LinkiDoo
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}Gw.sys ({ef8714df-a44b-464c-9034-549a70dc4cd7}Gw) .(.StdLib - StdLib.) - LEGACY_{EF8714DF-A44B-464C-9034-549A70DC4CD7}GW =>PUP.LinkiDoo
~ Legacy: 103 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML.4XWEUZGOXFCSA3CHVCOBESBQSQ>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.4XWEUZGOXFCSA3CHVCOBESBQSQ> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.disableHPGuard", false);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.disableSPGuard", false);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guard_xpcom", 0);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("avg.install.guards_inactive", 1);
O69 - SBI: prefs.js [home - lw9x082l.default] user_pref("extensions.Fissa.lastRunTime", "Sat, 10 May 2014 21:13:06 GMT"); =>PUP.OfferBox
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] 5ABC86EFD185481497E4758406B4D690 - (AVG Secure Search) - https://mysearch.avg.com/ =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://ww12.arabyonline.com
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit Search) - http://go.speedbit.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.D991832FA90ED93DAC8BA44B478C1CE4] [SPRF][02/11/2013] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.0535EBAB4F2786D33C16A6F9109C7EFF] [SPRF][14/02/2014] (...) -- C:\Users\home\Desktop\Tiranium_antivirus_setup.exe [77836633]
~ Files: 6 Legitimates Filtered in 00mn 02s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira
O90 - PUC: "BA172DB42E6685D4FA8808EFB370074C" . (.Fissa.) -- C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.3B08089E1ED6046F2183A7A38FBD553C] [WIS][28/11/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\113ed20.msi [21504] =>Adware.SocialSkinz
[MD5.EACFF4CBE1EC3A8212663F0FF397034F] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\30c05.msi [813568] =>Adware.Bandoo
[MD5.D826506F024CA0F8FF93F3F1A98E688C] [WIS][07/11/2013] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\35d821.msi [467456] =>Adware.Bandoo
[MD5.368378DB09895B7A5B9189B68AA99974] [WIS][23/04/2013] (.Aedge Performance BCN - Fissa.) -- C:\Windows\Installer\f8915.msi [1290240] =>PUP.OfferBox
~ WIS: 4 Legitimates Filtered in 00mn 07s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10315_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10315_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10742_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup10742_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup23590_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup23590_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup25769_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup25769_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup26026_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup26026_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup27205_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup27205_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup31358_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup31358_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34365_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34365_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34420_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup34420_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup37898_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup37898_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup39036_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup39036_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup45373_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup45373_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup47237_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup47237_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48035_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48035_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48357_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup48357_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup51179_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup51179_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup52570_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup52570_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53168_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53168_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53195_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup53195_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup58202_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup58202_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup59662_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup59662_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60135_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60135_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60340_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60340_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60356_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60356_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60431_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60431_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60758_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup60758_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup61690_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup61690_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup62280_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup62280_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock AddonsUI_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock AddonsUI_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\DefaultTabSearch_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\DefaultTabSearch_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\KREAPIXEL_RASAPI32 =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\KREAPIXEL_RASMANCS =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\maucampoSetup_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampoSetup_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_Setup_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\maucampo_Setup_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\mlv_ar_qvo6_RASAPI32 =>Hijacker.Qvo6
HKLM\SOFTWARE\Microsoft\Tracing\mlv_ar_qvo6_RASMANCS =>Hijacker.Qvo6
HKLM\SOFTWARE\Microsoft\Tracing\MoviesToolbarSetup_Somoto_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\MoviesToolbarSetup_Somoto_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Microsoft\Tracing\Pricora 2_RASAPI32 =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\Pricora 2_RASMANCS =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectionStub_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectionStub_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\updatemaucampo_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\updatemaucampo_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\updatewisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\utilDiVapton_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utilDiVapton_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utilmaucampo_RASAPI32 =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\utilmaucampo_RASMANCS =>PUP.Maucampo
HKLM\SOFTWARE\Microsoft\Tracing\utilWhilokii_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\utilWhilokii_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\utilwisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\utilwisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV3_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV3_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WAJAM_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WAJAM_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\whilokii_is_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\whilokii_is_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\Whilokii_Setup_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\Whilokii_Setup_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_Setup_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wisenwizard_Setup_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Microsoft\Tracing\wp_update_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wp_update_RASMANCS =>PUP.WpManager
~ BTK: 685 Legitimates Filtered in 00mn 01s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{338a754c-b46e-4bf2-8ac8-23de36862ad3}] (SafetyNut) =>PUP.MoviesToolbar
[HKCR\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2}] (webget) =>PUP.WebGet
~ BCK: 6499 Legitimates Filtered in 00mn 14s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/01/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 20/01/2014 103936 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (vToolbarUpdater17.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 04/03/2014 1751672 | (SBUpd) . (.Speedbit Ltd..) - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s
---\\ Scan Additionnel (O88)
Database Version : 13045 - (11/05/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 9
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.2.0] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5347542D-5637-006A-76A7-A758B70C0700}] =>Adware.Bandoo^
[HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Trojan.Adclicker
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\extensions\@FissaPlugin =>PUP.OfferBox^
C:\Program Files\keepvid =>PUP.KeepVid^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Program Files\Ad-Remover\Quarantine\C\Users\home\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\lw9x082l.default\SearchPlugins\fissa.xml =>PUP.OfferBox
C:\Users\home\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^
[HKCU\Software\keepvid Company] =>PUP.KeepVid^
C:\Windows\Installer\113ed20.msi =>Adware.SocialSkinz^
C:\Windows\Installer\30c05.msi =>Adware.Bandoo^
C:\Windows\Installer\35d821.msi =>Adware.Bandoo^
C:\Windows\Installer\f8915.msi =>PUP.OfferBox^
[HKCR\CLSID\{338a754c-b46e-4bf2-8ac8-23de36862ad3}] (SafetyNut) =>PUP.MoviesToolbar^
[HKCR\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2}] (webget) =>PUP.WebGet^
~ Additionnel Scan: 260202 Items scanned in 01mn 05s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.byethost7.com/wordpress/toolbar-ask/ =>Toolbar.Ask
http://nicolascoolman.byethost7.com/wordpress/pup-offerbox/ =>PUP.OfferBox
http://nicolascoolman.byethost7.com/wordpress/pup-wpmanager/ =>PUP.WpManager
http://nicolascoolman.byethost7.com/wordpress/pup-linkidoo/ =>PUP.LinkiDoo
http://nicolascoolman.byethost7.com/wordpress/adware-bandoo/ =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/36614246-pup-keepvid =>PUP.KeepVid
http://nicolascoolman.byethost7.com/wordpress/pup-tarma =>PUP.Tarma
http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/ =>Adware.MyWebSearch
http://nicolascoolman.byethost7.com/wordpress/adware-socialskinz/ =>Adware.SocialSkinz
http://nicolascoolman.byethost7.com/wordpress/hijacker-babsolution/ =>Hijacker.BabSolution
http://nicolascoolman.byethost7.com/wordpress/adware-megasearch/ =>Adware.MegaSearch
http://nicolascoolman.byethost7.com/wordpress/pup-bubbledock/ =>PUP.BubbleDock
http://nicolascoolman.webs.com/apps/blog/show/34598282-pup-divapton =>PUP.DiVapton
http://nicolascoolman.byethost7.com/wordpress/adware-predictad/ =>Adware.PredictAd
http://nicolascoolman.byethost7.com/wordpress/adware-opencandy/ =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/40869827-pup-maucampo =>PUP.Maucampo
http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
http://nicolascoolman.byethost7.com/wordpress/rogue-pcspeedmaximizer/ =>Rogue.PCSpeedMaximizer
http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
http://nicolascoolman.byethost7.com/wordpress/pup-webget/ =>PUP.WebGet
http://nicolascoolman.webs.com/apps/blog/show/33413667-pup-whilokii =>PUP.Whilokii
http://nicolascoolman.byethost7.com/wordpress/pup-wajam/ =>PUP.Wajam
http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
http://nicolascoolman.webs.com/apps/blog/show/29563527-trojan-adclicker =>Trojan.Adclicker
http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ MSI: 26 link(s) detected in 00mn 00s
~ 889 Legitimates filtered by white list
End of the scan (689 lines in 02mn 39s)(0)
A voir également:
- Update your flash player
- Flash player download - Télécharger - Divers Web & Internet
- Flash drive tester - Télécharger - Divers Utilitaires
- Windows update 0x80070643 - Guide
- Windows update bloqué - Guide
- Swf file player - Télécharger - Lecture
2 réponses
lilidurhone
Messages postés
43343
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
18 septembre 2023
3 804
11 mai 2014 à 09:20
11 mai 2014 à 09:20
Hello
Plusieurs choses qui vont pas
Pas de sp1 pour windows 7
Zhpdiag incomplet
Superantispyware et macfee à désinstaller
Infection USB et quelques adwares
Plusieurs choses qui vont pas
Pas de sp1 pour windows 7
Zhpdiag incomplet
Superantispyware et macfee à désinstaller
Infection USB et quelques adwares
¡El Desaparecido!
Messages postés
1521
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
195
11 mai 2014 à 10:34
11 mai 2014 à 10:34
Hello ,
# Télécharge AdwCleaner par Xplode sur ton bureau.
# Exécute AdwCleaner.exe.
# Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
# Choisi l'option Scanner
# Choisi l'option Nettoyer
# Accepte l'avertissement en cliquant sur OK
# Une fois le scan fini, un rapport s'ouvrira. Poste son contenu dans ta prochaine réponse.
# Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
#######
# Télécharge UsbFix par El Desaparecido sur ton Bureau.
# Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement.
# Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
# Double clique sur UsbFix.exe.
# Clique sur Suppression.
# Note : L'ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.
# Laisse travailler l'outil, ton bureau ne sera pas accessible durant la phase de nettoyage, c'est normal.
# À la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum.
# Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix [Clean ?] Nom de l'ordinateur.txt ).
( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )
# ->> Tutoriel (aide) en images sur le site de l'auteur.
# Télécharge AdwCleaner par Xplode sur ton bureau.
# Exécute AdwCleaner.exe.
# Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
# Choisi l'option Scanner
# Choisi l'option Nettoyer
# Accepte l'avertissement en cliquant sur OK
# Une fois le scan fini, un rapport s'ouvrira. Poste son contenu dans ta prochaine réponse.
# Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
#######
# Télécharge UsbFix par El Desaparecido sur ton Bureau.
# Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement.
# Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
# Double clique sur UsbFix.exe.
# Clique sur Suppression.
# Note : L'ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.
# Laisse travailler l'outil, ton bureau ne sera pas accessible durant la phase de nettoyage, c'est normal.
# À la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum.
# Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix [Clean ?] Nom de l'ordinateur.txt ).
( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )
# ->> Tutoriel (aide) en images sur le site de l'auteur.
