Rapport de ZHPDiag v2013.5.11.97 par Nicolas Coolman, Update du 11.05.2013 Run by usseglio at 12.05.2013 21:50:42 State : Your version is update. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v8.0.7601.17514 MFIE: Mozilla Firefox 20.0.1 (Defaut) ---\\ Windows Product Information ~ Langage: Allemand Windows 7 Enterprise Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, VOLUME_KMSCLIENT channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Malwarebytes Anti-Malware version 1.75.0.1300 Trend Micro OfficeScan Client v10.0.0.3071 Windows Defender W7 ---\\ System Optimizer ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 ActiveX Adobe Reader XI MUI Java 7 Update 17 ---\\ System Information ~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3497 MB (50% free) System Restore: Activé (Enable) System drive C: has 168 GB (56%) free of 298 GB ---\\ Logged in mode ~ Computer Name: MUCNR9EL2N6 ~ User Name: usseglio ~ All Users Names: local_adm, Guest, Administrator, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as User ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\usseglio\AppData\Roaming\ ~ %Desktop% : C:\Users\usseglio\Desktop\ ~ %Favorites% : \\mucsdn32.eu.infineon.com\usseglio\Favorites\ ~ %LocalAppData% : C:\Users\usseglio\AppData\Local\ ~ %StartMenu% : C:\Users\usseglio\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 168 Go of 298 Go) ---\\ Security Center & Tools Informations ~ Security Center: 36 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25.02.2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14.07.2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.C3D43E21FA49657BC1645E9D745656C6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02.03.2013 - 05:58:26.) -- C:\Windows\System32\wininet.dll [981504] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20.11.2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20.11.2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25.04.2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14.07.2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - NT File System Driver.) (.31.08.2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14.07.2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14.07.2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20.11.2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 02s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/3555 ~ Mes musiques (My Musics) : 1/76 ~ Mes Favoris (My Favorites) : 1/46 ~ Mes Documents (My Documents) : 16/514 ~ Mon Bureau (My Desktop) : 3/1040 ~ Menu demarrer (Programs) : 1/30 ~ Hidden Files: Scanned in 00mn 23s ---\\ Running Processes [MD5.6F4A630434695EFE2E1605E26486C14D] - (.DameWare Development - DameWare Mini Remote Control User Interface.) -- C:\Windows\system32\DWRCST.exe [85528] [PID.4168] [MD5.A588AE303C640164875C588EF9C88380] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe [138680] [PID.4408] [MD5.9737420C783190202089FCCF2396AFAC] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [328040] [PID.4416] [MD5.D5EEEF4502EF89782D7AC6C73CFFE599] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [887384] [PID.5068] [MD5.F5005A238995EAF113D62DD2540C5A38] - (.Lenovo Group Limited - ThinkVantage AutoLock Resident module.) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960] [PID.5080] [MD5.DC9C9C409D096F8280546F010A8392A5] - (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744] [PID.5100] [MD5.2E7D604A1172A7573186887BB2E8E05F] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [176664] [PID.5148] [MD5.642AC2F4FDF7F37ED1687C147460C1F6] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178200] [PID.5180] [MD5.CCA408A93DE11D9E72891861FD0AE655] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2270504] [PID.5292] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.4388] [MD5.B48664A15DD6D80AA674480D5495F52D] - (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [41320] [PID.5352] [MD5.06ED439C583DA3B2533CA3A32553B6B5] - (.Infineon Technologies - SoftwareDistributionClient.) -- C:\Program Files\SoftwareDistribution\Client\SoftwareDistributionClient.exe [738304] [PID.5404] [MD5.692C7BA298075DC36DB6F18A275F2A61] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [132392] [PID.5600] [MD5.8E881EB0D03B4CFF141D748A5004758A] - (.Microsoft Corporation - Microsoft Office Communicator 2007 R2.) -- C:\Program Files\Microsoft Office Communicator\communicator.exe [5164624] [PID.5668] [MD5.D861D6380E65368E799EB87EB79DB9C6] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [107816] [PID.5728] [MD5.71200E7924D30860F032C7BE3EDDCB3B] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [901800] [PID.5736] [MD5.BB0E3DF60286758532F423361461C775] - (.Copiun Inc. - Monitors system for changed files that need.) -- C:\Program Files\Copiun\Notificationexe.exe [78336] [PID.5764] [MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.5780] [MD5.C7FF2C2155EAA81C0489FBFD24FB23C6] - (.Lenovo Group Limited - Power Manager Power Agenda.) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.exe [62824] [PID.5852] [MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.5932] [MD5.0586D31F3AC6829B49ECFE20A451C16B] - (.Intel Corporation - Intel(R) Management and Security Status.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1923096] [PID.3724] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.1936] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.7076] [MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.1920] [MD5.0B240862B214F86170013B9CC1A9E108] - (.Copiun Inc. - Backup and Recovery Agent.) -- C:\Program Files\Copiun\Agentexe.exe [547840] [PID.7488] [MD5.44B23B3FA81CD7E0197D5F1AA3611A8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7307264] [PID.4468] ~ Processes Running: Scanned in 00mn 07s ---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3) C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\prefs.js C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\user.js M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\amazondotcom-de.xml M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-de.xml M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\leo_ende_de.xml M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-de.xml M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-de.xml M0 - MFSP: prefs.js [usseglio - 9eab7hbe.default] http://iweb.infineon.com M2 - MFEP: prefs.js [usseglio - 9eab7hbe.default\toolbar@ask.com] [] v (..) ~ Firefox Browser: 18 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4) R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>Toolbar.Babylon R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects (O2) O2 - BHO: IEBrowserHelperObject Class - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} . (.Scalable Software, Inc. - No comment.) -- C:\Windows\system32\SSIBrowserHook6.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask ~ BHO: 7 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Sopcast Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask ~ Toolbar: Scanned in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe O4 - HKLM\..\Run: [ALCKRESI.EXE] . (.Lenovo Group Limited - ThinkVantage AutoLock Resident module.) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe O4 - HKLM\..\Run: [RotateImage] . (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe O4 - HKLM\..\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.) O4 - HKLM\..\Run: [LENOVO.TPKNRRES] . (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe O4 - HKLM\..\Run: [SwDistLogin] . (.Infineon Technologies - SoftwareDistributionClient.) -- C:\Program Files\SoftwareDistribution\Client\SoftwareDistributionClient.exe O4 - HKLM\..\Run: [EmAgentGui.exe] C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgentGui.exe (.not file.) O4 - HKLM\..\Run: [Communicator] . (.Microsoft Corporation - Microsoft Office Communicator 2007 R2.) -- C:\Program Files\Microsoft Office Communicator\communicator.exe O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.) O4 - HKLM\..\Run: [Copiun Notification Manager] . (.Copiun Inc. - Monitors system for changed files that need.) -- C:\Program Files\Copiun\notificationexe.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [DameWare MRC Agent] . (.DameWare Development - DameWare Mini Remote Control User Interface.) -- C:\Windows\system32\DWRCST.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe O4 - HKUS\S-1-5-21-2052111302-842925246-682003330-466258\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-2052111302-842925246-682003330-466258\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll ~ Winsock: 8 Legitimates Filtered in 00mn 00s ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKLM\...\Domains] *.adp.com O15 - Trusted Zone: [HKLM\...\Domains] *.agenziadogane.it O15 - Trusted Zone: [HKLM\...\Domains] *.alphaclick.ro O15 - Trusted Zone: [HKLM\...\Domains] *.altissemiconductor.com O15 - Trusted Zone: [HKLM\...\Domains] *.americanexpress.com O15 - Trusted Zone: [HKLM\...\Domains] *.ardentec.com O15 - Trusted Zone: [HKLM\...\Domains] *.arm.com O15 - Trusted Zone: [HKLM\...\Domains] *.ats.net O15 - Trusted Zone: [HKLM\...\Domains] *.bankaustria.at O15 - Trusted Zone: [HKLM\...\Domains] *.bosch.com O15 - Trusted Zone: [HKLM\...\Domains] *.bradesco.com.br O15 - Trusted Zone: [HKLM\...\Domains] *.buerohandel.net O15 - Trusted Zone: [HKLM\...\Domains] *.catalog-gate.de O15 - Trusted Zone: [HKLM\...\Domains] *.catalogus.de O15 - Trusted Zone: [HKLM\...\Domains] *.citicorp.com O15 - Trusted Zone: [HKLM\...\Domains] *.concursolutions.com O15 - Trusted Zone: [HKLM\...\Domains] *.conrad.de O15 - Trusted Zone: [HKLM\...\Domains] *.csminc.com O15 - Trusted Zone: [HKLM\...\Domains] *.dagangnet.com O15 - Trusted Zone: [HKLM\...\Domains] *.dasoertliche.de O15 - Trusted Zone: [HKLM\...\Domains] *.dpma.de O15 - Trusted Zone: [HKLM\...\Domains] *.dpv-elektronik.de O15 - Trusted Zone: [HKLM\...\Domains] *.e-control.at O15 - Trusted Zone: [HKLM\...\Domains] *.ecmlibra.com O15 - Trusted Zone: [HKLM\...\Domains] *.electrocomponents.com O15 - Trusted Zone: [HKLM\...\Domains] *.electronics-video.com O15 - Trusted Zone: [HKLM\...\Domains] *.elsteronline.de O15 - Trusted Zone: [HKLM\...\Domains\www] *.evolution3.de O15 - Trusted Zone: [HKLM\...\Domains] *.festo.com O15 - Trusted Zone: [HKLM\...\Domains] *.flextronics.com O15 - Trusted Zone: [HKLM\...\Domains] *.flife.de O15 - Trusted Zone: [HKLM\...\Domains] *.geldkarte-laden.de O15 - Trusted Zone: [HKLM\...\Domains] *.globalfoundries.com O15 - Trusted Zone: [HKLM\...\Domains] *.icbc.com.cn O15 - Trusted Zone: [HKLM\...\Domains] *.imec.be O15 - Trusted Zone: [HKLM\...\Domains] *.infineon-designlink.com O15 - Trusted Zone: [HKLM\...\Domains\www] *.infineon-newsletter.com O15 - Trusted Zone: [HKLM\...\Domains] *.ingplans.com O15 - Trusted Zone: [HKLM\...\Domains] *.insight.de O15 - Trusted Zone: [HKLM\...\Domains] *.intel.com O15 - Trusted Zone: [HKLM\...\Domains] *.ipworks.de O15 - Trusted Zone: [HKLM\...\Domains] *.jabil.com O15 - Trusted Zone: [HKLM\...\Domains] *.jsciq.gov.cn O15 - Trusted Zone: [HKLM\...\Domains] *.kaiserkraft.de O15 - Trusted Zone: [HKLM\...\Domains\www] *.kumpulan.com.sg O15 - Trusted Zone: [HKLM\...\Domains] *.lear.com O15 - Trusted Zone: [HKLM\...\Domains] *.lntinfotech.com O15 - Trusted Zone: [HKLM\...\Domains] *.lsl.de O15 - Trusted Zone: [HKLM\...\Domains] *.lufthansa.com O15 - Trusted Zone: [HKLM\...\Domains] *.managementdynamics.com O15 - Trusted Zone: [HKLM\...\Domains] *.map24.com O15 - Trusted Zone: [HKLM\...\Domains] *.mediaflow.ch O15 - Trusted Zone: [HKLM\...\Domains] *.meeting-stream.com O15 - Trusted Zone: [HKLM\...\Domains] *.mexperts.tv O15 - Trusted Zone: [HKLM\...\Domains] *.mobis.co.kr O15 - Trusted Zone: [HKLM\...\Domains] *.mom.gov.sg O15 - Trusted Zone: [HKLM\...\Domains] *.nc3.biz O15 - Trusted Zone: [HKLM\...\Domains] *.nchr.com.cn O15 - Trusted Zone: [HKLM\...\Domains] *.nedstat.de O15 - Trusted Zone: [HKLM\...\Domains] *.nokia.com O15 - Trusted Zone: [HKLM\...\Domains] *.pixel.de O15 - Trusted Zone: [HKLM\...\Domains] *.procareline.com O15 - Trusted Zone: [HKLM\...\Domains] *.promeas.com O15 - Trusted Zone: [HKLM\...\Domains] *.pudong.gov.cn O15 - Trusted Zone: [HKLM\...\Domains\www] *.pudong.gov.cn O15 - Trusted Zone: [HKLM\...\Domains] *.rbsm.com O15 - Trusted Zone: [HKLM\...\Domains] *.rbworld.lv O15 - Trusted Zone: [HKLM\...\Domains\www] http.reichelt.de O15 - Trusted Zone: [HKLM\...\Domains] *.revenue.ie O15 - Trusted Zone: [HKLM\...\Domains] *.rfxix.com O15 - Trusted Zone: [HKLM\...\Domains] *.rockwell.com O15 - Trusted Zone: [HKLM\...\Domains] *.rockwellautomation.com O15 - Trusted Zone: [HKLM\...\Domains] *.ros.ie O15 - Trusted Zone: [HKLM\...\Domains] *.rs-online.com O15 - Trusted Zone: [HKLM\...\Domains\www] *.rtda.com O15 - Trusted Zone: [HKLM\...\Domains] *.samsungsemi.co.kr O15 - Trusted Zone: [HKLM\...\Domains] *.samsungsemi.com O15 - Trusted Zone: [HKLM\...\Domains] *.sandata.de O15 - Trusted Zone: [HKLM\...\Domains] *.sanmina-sci.com O15 - Trusted Zone: [HKLM\...\Domains] *.santander.com.br O15 - Trusted Zone: [HKLM\...\Domains] *.security-news.tv O15 - Trusted Zone: [HKLM\...\Domains] *.semi-dnp.com O15 - Trusted Zone: [HKLM\...\Domains] *.seoul.go.kr O15 - Trusted Zone: [HKLM\...\Domains] *.shareholder.com O15 - Trusted Zone: [HKLM\...\Domains] *.siemens.de O15 - Trusted Zone: [HKLM\...\Domains] *.sixt.com O15 - Trusted Zone: [HKLM\...\Domains\www] *.smart-supply.at O15 - Trusted Zone: [HKLM\...\Domains] *.smartmediapres.com O15 - Trusted Zone: [HKLM\...\Domains] *.snds.gov.cn O15 - Trusted Zone: [HKLM\...\Domains] *.sonicwall.com O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.at O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.com O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.it O15 - Trusted Zone: [HKLM\...\Domains] *.supplywin.com O15 - Trusted Zone: [HKLM\...\Domains] *.synopsys.com O15 - Trusted Zone: [HKLM\...\Domains] *.t-mobile.at O15 - Trusted Zone: [HKLM\...\Domains] *.telekom.at O15 - Trusted Zone: [HKLM\...\Domains] *.teradyne.com O15 - Trusted Zone: [HKLM\...\Domains] *.thomson-webcast.net O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.biz O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.com O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.net O15 - Trusted Zone: [HKLM\...\Domains\www] *.ti.com O15 - Trusted Zone: [HKLM\...\Domains] *.trw.com O15 - Trusted Zone: [HKLM\...\Domains] *.tsmc.com O15 - Trusted Zone: [HKLM\...\Domains] *.ubs.com O15 - Trusted Zone: [HKLM\...\Domains] *.umc.com O15 - Trusted Zone: [HKLM\...\Domains] *.viewtrip.com O15 - Trusted Zone: [HKLM\...\Domains] *.vwr.com O15 - Trusted Zone: [HKLM\...\Domains] *.wdr.de O15 - Trusted Zone: [HKLM\...\Domains] *.wolfsonmicro.com O15 - Trusted Zone: [HKLM\...\Domains] *.zedal.de O15 - Trusted Zone: [HKLM\...\Domains] *.zte.com.cn ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5certchk.cab O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - ((no name)) - (.not file.) - file:\\C:\Program Files\F5 VPN\F5_TMP\cachecleaner.cab O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxvpn.cab O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5tunsrv.cab O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\InstallerControl.cab O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5InspectionHost.cab O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - ((no name)) - (.not file.) - file:\\C:\Program Files\F5 VPN\F5_TMP\f5GroupPolicyAgent.cab O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxshost.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxhost.cab O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5syschk.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} ((no name)) - https://euconnect.arrow.com/dana-cached/sc/JuniperSetupClient.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com O17 - HKLM\System\CCS\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain O17 - HKLM\System\CS1\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com O17 - HKLM\System\CS1\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain O17 - HKLM\System\CS2\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com O17 - HKLM\System\CS2\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.infineon.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Copiun Administrative Service (Copiun Administrative Service) . (.Copiun Inc - Copiun Administrative Service.) - C:\Program Files\Copiun\AgtAdmSvc.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) . (.DameWare Development LLC - DameWare Mini Remote Client Agent.) - C:\Windows\system32\DWRCS.exe O23 - Service: F5 Networks Component Installer (F5 Networks Component Installer) . (.F5 Networks, Inc. - Component Installer Windows Service.) - C:\Windows\system32\F5InstallerService.exe O23 - Service: F5 Networks DNS Relay Proxy Service (F5FltSrv) . (.F5 Networks, Inc. - F5 DNS Relay Proxy for Windows.) - C:\Windows\system32\F5FltSrv.exe O23 - Service: HyperW7 Service (HyperW7Svc) . (.Lenovo Group Limited - HyperW7 Service.) - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo. - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) . (.Juniper Networks, Inc. - Juniper Access Service.) - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) . (.Lenovo Group Limited - Camera Mute Control Service for ThinkPad.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) . (.Lenovo Group Limited - Microphone volume control service.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited - Auto Scroll Start Service.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: M42EmAgent (M42EmAgent) . (...) - C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgent.exe (.not file.) O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) . (.Lenovo Group Limited - Power Manager Cisco EnergyWise Enabler.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe O23 - Service: SSI Survey Client (SSI Survey Client) . (.Scalable Software, Inc. - No comment.) - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.exe O23 - Service: System Update (SUService) . (.Lenovo Group Limited - ThinkVantage System Update Service.) - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited - ThinkPad Message Client Loader.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: On Screen Display (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ~ Services: 26 Legitimates Filtered in 00mn 25s ---\\ Einträge in Windows' Aufgabenplaner(039) [MD5.6FD59835879A0DE7B9F9F61D86F9B6FB] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [529768] [MD5.14426438EDA546F331650854F4CD63A8] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [134824] =>Toolbar.Ask [MD5.6995D9C2A6AB8CC4902D3A293EA3E77B] [APT] [{59264E20-6214-4E98-8905-1B5216AF15D6}] (.Infineon Technologies.) -- C:\Users\usseglio\AppData\Local\{723775A7-8FA0-4A7D-9FDB-F9693D7F4E47}\easyAPE.exe [2123827] ~ Scheduled Task: 5 Legitimates Filtered in 00mn 11s ---\\ Automatisch gestartete Treiber und Dienste (O41) O41 - Driver: (dwvkbd) . (.DameWare - DameWare Virtual Keyboard Driver.) - C:\Windows\System32\DRIVERS\dwvkbd.sys O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys O41 - Driver: (PHCORE) . (.Lenovo Group Limited - RapidBoot Driver.) - C:\Program Files\Lenovo\RapidBoot\PHCORE.sys O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys ~ Drivers: 84 Legitimates Filtered in 00mn 02s ---\\ Installierte Programme (O42) O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask O42 - Logiciel: BIG-IP Edge Client Components (All Users) - (.F5 Networks, Inc..) [HKLM] -- F5 Networks Client Components O42 - Logiciel: FloTHERM PCB - (.Mentor Graphics Corporation.) [HKLM] -- {49F29C70-3ACD-43EF-AC38-7F87EB351467} O42 - Logiciel: Integrated Camera Driver Installer Package Ver.1.1.0.1147 - (.RICOH.) [HKLM] -- {B2CA6F37-1602-4823-81B5-0384B6888AA6} O42 - Logiciel: Integrated Camera TWAIN - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {9CA0DEE4-E84B-466F-9B96-FC255F3A929F} O42 - Logiciel: Matrix42 Enterprise Manager Agent - (.Matrix42.) [HKLM] -- {B8C82791-23AF-484C-BEE1-29D5E973F2D5} O42 - Logiciel: On Screen Display - (...) [HKLM] -- OnScreenDisplay O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver O42 - Logiciel: ThinkPad Power Manager - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405} O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey O42 - Logiciel: easyAPE - (.Infineon.) [HKCU] -- easyAPE ~ Logic: 73 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5bed78ae53fee12] [HKCU\Software\APN] [HKCU\Software\AppDataLow\Software\AskToolbar] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Ask.com] [HKCU\Software\Copiun] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\F5 Networks] [HKCU\Software\Glueckkanja] [HKCU\Software\KVS] [HKCU\Software\MGC] [HKCU\Software\Softonic] [HKLM\Software\5bed78ae53fee12] [HKLM\Software\APN] [HKLM\Software\AskToolbar] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\Copiun] [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Glueckkanja] [HKLM\Software\KSOL] [HKLM\Software\Mentor Graphics Corporation] [HKLM\Software\ThinkVantage] ~ Key Software: 150 Legitimates Filtered in 00mn 01s ---\\ Inhalte der gemeinsamen Dateien (O43) O43 - CFD: 06.12.2012 - 10:25:57 - [24,131] ----D C:\Program Files\88888chat O43 - CFD: 27.11.2011 - 21:14:19 - [2,878] ----D C:\Program Files\Ask.com O43 - CFD: 26.08.2011 - 13:00:21 - [1,060] ----D C:\Program Files\ConfigMgr 2007 Toolkit O43 - CFD: 27.09.2012 - 10:11:11 - [25,963] ----D C:\Program Files\Copiun O43 - CFD: 29.11.2011 - 11:34:09 - [3,236] ----D C:\Program Files\CryptoEx O43 - CFD: 07.02.2012 - 19:09:32 - [357,977] ----D C:\Program Files\easyAPE O43 - CFD: 26.08.2011 - 13:31:42 - [7,215] ----D C:\Program Files\F5 VPN O43 - CFD: 01.12.2011 - 14:00:23 - [0,063] ----D C:\Program Files\Idea-Management O43 - CFD: 26.08.2011 - 12:21:17 - [14,959] ----D C:\Program Files\Integrated Camera Driver O43 - CFD: 26.08.2011 - 13:30:31 - [2,070] ----D C:\Program Files\KSOL O43 - CFD: 26.08.2011 - 12:58:30 - [0] ----D C:\Program Files\Matrix42 O43 - CFD: 27.02.2013 - 09:37:55 - [143,451] ----D C:\Program Files\MentorMA O43 - CFD: 03.05.2013 - 10:27:32 - [0] ----D C:\Program Files\TheTool O43 - CFD: 26.08.2011 - 12:27:02 - [39,882] ----D C:\Program Files\ThinkPad O43 - CFD: 03.11.2012 - 21:33:01 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 26.08.2011 - 13:32:30 - [1,086] ----D C:\ProgramData\F5 Networks O43 - CFD: 19.03.2013 - 11:50:31 - [45,574] --H-D C:\ProgramData\{6A0D33F3-2378-4E4A-AAC6-8C7DE4FBE74E} O43 - CFD: 03.11.2012 - 21:33:01 - [0,008] ----D C:\Users\usseglio\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 11.05.2013 - 19:14:56 - [0] ----D C:\Users\usseglio\AppData\Roaming\Isuzaq O43 - CFD: 11.05.2013 - 19:06:44 - [0,381] ----D C:\Users\usseglio\AppData\Roaming\Nuik O43 - CFD: 11.05.2013 - 19:06:44 - [0,223] ----D C:\Users\usseglio\AppData\Roaming\Ohug O43 - CFD: 01.09.2011 - 16:20:50 - [0,000] ----D C:\Users\usseglio\AppData\Roaming\PwrMgr O43 - CFD: 08.10.2012 - 09:55:46 - [1221,281] ----D C:\Users\usseglio\AppData\Local\Copiun O43 - CFD: 03.02.2012 - 10:01:48 - [4,889] ----D C:\Users\usseglio\AppData\Local\{723775A7-8FA0-4A7D-9FDB-F9693D7F4E47} O43 - CFD: 03.02.2012 - 10:01:42 - [0,002] ----D C:\Users\usseglio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easyAPE ~ Program Folder: 158 Legitimates Filtered in 00mn 25s ---\\ Zuletzt veränderte und erstellte Dateien in Windows und System32 (O44) O44 - LFC:[MD5.358089C72BC563FABE973780807A8EC1] - 12.05.2013 - 11:46:42 ---A- . (...) -- C:\Windows\SMSCFG.ini [463] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 12.05.2013 - 11:44:32 ---A- . (...) -- C:\Windows\MBR.exe [208896] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 12.05.2013 - 11:44:31 ---A- . (...) -- C:\Windows\PEV.exe [256000] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\zip.exe [68096] O44 - LFC:[MD5.BC2F44781E0A324E5276E32BB6408261] - 12.05.2013 - 06:58:05 ---A- . (...) -- C:\Windows\RegBootClean.exe [181808] O44 - LFC:[MD5.DDF7E19851E8E8ACB7AA4FD310005AFA] - 11.05.2013 - 21:17:44 ---A- . (...) -- C:\Windows\ntbtlog.txt [1365036] O44 - LFC:[MD5.538D781831E27122F248556BE4967DA6] - 10.05.2013 - 13:30:56 ---A- . (...) -- C:\Windows\cfgall.ini [16535] O44 - LFC:[MD5.2775AA8A1F7DC5C50D70BE1797E69D7B] - 02.05.2013 - 07:53:39 ---A- . (...) -- C:\Windows\TMFilter.log [664] ~ Files: 24 Legitimates Filtered in 03mn 22s ---\\ Ausgeführte Handlungen beim Start von Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Registryeinträge für den abgesicherten Modus (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.) ~ CSB: 17 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - beyondexecv.exe - NULL O50 - IFEO:Image File Execution Options - hYDguxl.exe - calc.exe O50 - IFEO:Image File Execution Options - mimikatz.exe - NULL O50 - IFEO:Image File Execution Options - rexesvr.exe - NULL O50 - IFEO:Image File Execution Options - testenter.exe - NULL O50 - IFEO:Image File Execution Options - wce.exe - NULL ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{0817afb3-8df8-11e1-a3c9-463500000031}\AutoRun\command. (...) -- D:\Startme.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=0 O55 - MWPS:[HKLM\...\Policies\System] - "LocalAccountTokenFilterPolicy"=1 O55 - MWPS:[HKCU\...\Policies\System] - "HideLogonScripts"=0 O55 - MWPS:[HKCU\...\Policies\System] - "RunLogonScriptSync"=1 ~ MWPS: 21 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "DisablePersonalDirChange"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceRunOnStartMenu"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAutoUpdate"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStrCmpLogical"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoMSAppLogo5ChannelNotify"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1 ~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.1875F492C399DB858E77C1B29366D54B] - 04.03.2011 - 17:14:34 ---A- . (.Ricoh co.,Ltd. - Ricoh USB Camera driver.) -- C:\Windows\System32\Drivers\5U877.sys [132096] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13.07.2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 13.07.2010 - C:\Windows\system32\drivers\F5FltDrv.sys (F5FltDrv) .(.F5 Networks, Inc. - F5 Filter Driver for Windows.) - LEGACY_F5FLTDRV O64 - Services: CurCS - 07.09.2010 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI O64 - Services: CurCS - 03.12.2010 - C:\Program Files\Lenovo\RapidBoot\PHCORE.sys (PHCORE) .(.Lenovo Group Limited - RapidBoot Driver.) - LEGACY_PHCORE O64 - Services: CurCS - 02.06.2011 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF ~ Legacy: 82 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.id", "089ca32c000000000000cc52af82a056"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.instlDay", "15647"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=089ca32c000000000000cc52af82a0[...] =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:33:22"); =>Toolbar.Babylon O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.asktb.ff-original-keyword-url", ""); O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {6021E954-1AF7-4DF6-AA14-25362657BB70} - (Ask Search) - http://websearch.ask.com ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.F8B8154D7C12BEB56F4249C89B89AFFF] [SPRF][12.05.2013] (...) -- C:\ProgramData\SSIHistory.dat [1848] [MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [SPRF][12.05.2013] (...) -- C:\Users\usseglio\AppData\Local\Temp\ExchangePerflog_8484fa3156ca4db4dcd6c672.dat [28] [MD5.C887D8045CF77654D370057980D2D640] [SPRF][11.06.2010] (.F5 Networks, Inc. - No comment.) -- C:\Windows\Downloaded Program Files\cachecleaner.dll [319096] [MD5.70C56F98BA22BD3922E761F53855D2CA] [SPRF][11.06.2010] (.F5 Networks, Inc. - CacheCleaner.) -- C:\Windows\Downloaded Program Files\cachecleaner.exe [45688] [MD5.255B8E933F115F0F8DF65D0A02903374] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 CertCheck Module.) -- C:\Windows\Downloaded Program Files\f5certchk.dll [328352] [MD5.399871572A5515F6707283FFC02A3ADA] [SPRF][19.10.2012] (.F5 Networks, Inc. - CertHelper Module.) -- C:\Windows\Downloaded Program Files\F5CertHelper.dll [37536] [MD5.EBE870ACA1A6BF81E2CEE355A0EDE2B0] [SPRF][19.10.2012] (.F5 Networks, Inc. - CertHelper Module.) -- C:\Windows\Downloaded Program Files\F5CertHelper.exe [152224] [MD5.3F35216D3E426AA78F9B8C0FDF0840D9] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper.dll [66208] [MD5.0F67A0B541BBA69185D7230E12E6AA12] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper.exe [358560] [MD5.344915DD864701AC967486CE82B8F803] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper64.dll [72864] [MD5.E64A99F89DE1F09507911DF997525BA3] [SPRF][11.06.2010] (.F5 Networks, Inc. - F5 Networks Windows Group Policy Agent Module.) -- C:\Windows\Downloaded Program Files\f5GroupPolicyAgent.dll [242296] [MD5.EF7B8A70319D077C9918BFF4644D28FE] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Endpoint Inspection Control.) -- C:\Windows\Downloaded Program Files\f5InspectionHost.dll [479904] [MD5.F20EF99CB7B79C5E5F0444D9C6134E66] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks BIG-IP® Edge Client™ ....) -- C:\Windows\Downloaded Program Files\f5instd.exe [373408] [MD5.1E8773EB7A827FDD28BD22257475E1BF] [SPRF][19.10.2012] (.F5 Networks, Inc. - InstallerHelper Module.) -- C:\Windows\Downloaded Program Files\F5InstH.exe [233120] [MD5.31A9AD551DDCA5F820A0608B1C7F824E] [SPRF][19.10.2012] (.F5 Networks, Inc. - InstallerHelper Module.) -- C:\Windows\Downloaded Program Files\F5InstP.dll [42144] [MD5.807F3B246CB30F7FC2A61E458809F837] [SPRF][19.10.2012] (.F5 Networks Inc. - F5 Components Troubleshooting.) -- C:\Windows\Downloaded Program Files\f5unistall.exe [1131168] [MD5.33FA522B123B901964583FDF65017BA4] [SPRF][19.10.2012] (.F5 Networks, Inc. - System Check Helper.) -- C:\Windows\Downloaded Program Files\F5Win32CheckHelper.dll [37536] [MD5.9FA797CE84E2AE0AA682A5FC24FEE990] [SPRF][19.10.2012] (.F5 Networks, Inc. - System Check Helper.) -- C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe [156320] [MD5.58C519AB35CAE6B950CA749C9328F970] [SPRF][19.10.2012] (.F5 Networks, Inc. - Trusted Sites.) -- C:\Windows\Downloaded Program Files\ietrust.exe [107168] [MD5.9FC961497D2B31570380C49D6320FF47] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Auto Update Module.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [381600] [MD5.E4FECCBD352F6502FB7D1B70695B8A68] [SPRF][30.04.2012] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [407416] [MD5.BEF9B4E9F99D6E8741AB205B275531F6] [SPRF][11.06.2010] (.F5 Networks, Inc. - XML Parser based on SCEW/EXPAT.) -- C:\Windows\Downloaded Program Files\scew_uls.dll [168056] [MD5.7A0F723B5111D99D1EC1A96AE396A3F0] [SPRF][14.12.2005] (...) -- C:\Windows\Downloaded Program Files\set9x16.dll [22304] [MD5.68615B3EE28AF451A635349538CEF8D2] [SPRF][19.10.2012] (...) -- C:\Windows\Downloaded Program Files\set9x32.dll [15520] [MD5.43A462B4A306B03A303BC80F3BD19EB1] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\setup2000.dll [118432] [MD5.448E03B537671CEE36B4F3DD0FD02272] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\setupdrvdll.dll [142496] [MD5.2065805823FBBCED4D107281B3656D5F] [SPRF][19.10.2012] (.F5 Networks, Inc - TunnelServer.) -- C:\Windows\Downloaded Program Files\TunnelServer.exe [1329824] [MD5.EEC800630746721BA6C9A5A35EAC473D] [SPRF][19.10.2012] (.F5 Networks, Inc - Dynamic Application Tunnel Control.) -- C:\Windows\Downloaded Program Files\TunnelServerX.dll [311968] [MD5.A48EA04EEF22988786F56F4F2BAC5873] [SPRF][19.10.2012] (.F5 Networks, Inc. - ActiveX register.) -- C:\Windows\Downloaded Program Files\uregsvr.exe [62112] [MD5.E476CFAEB0F68B82477B8C4F4D498B60] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\urset64.exe [91296] [MD5.88FF389FC8A8DAF8572DDB80A4B3848C] [SPRF][19.10.2012] (.F5 Networks - Driver Setup for F5 Networks SSL VPN.) -- C:\Windows\Downloaded Program Files\ursetvpn.exe [127136] [MD5.858C6CFE128D6F6ECA3B03DEEA78152F] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks SuperHost.) -- C:\Windows\Downloaded Program Files\urSuperHost.dll [487072] [MD5.C37E6D00E3AB7499DACFB10E33CC966D] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Active Dialer.) -- C:\Windows\Downloaded Program Files\urxdialer.dll [675488] [MD5.1BCB92BE1AF3D43151D62C6699AF065D] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Manager.) -- C:\Windows\Downloaded Program Files\urxdialerres.dll [28832] [MD5.06908686805F378D0CA19C021B571D98] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Host Module.) -- C:\Windows\Downloaded Program Files\urxhost.dll [848544] [MD5.70ACFEA121912E760A3AD83F619EB4C2] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Host Module.) -- C:\Windows\Downloaded Program Files\urxhostres.dll [68256] [MD5.76C3577E128C205D51D8E8DA2FF51007] [SPRF][19.10.2012] (.F5 Networks, Inc. - Win32SystemCheck Module.) -- C:\Windows\Downloaded Program Files\Win32SystemCheck.dll [348832] ~ Files: Scanned in 00mn 07s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{4FFAE9C5-D8E2-4D9F-94CD-4BB7965F429D}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Chip.) -- C:\Program Files\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe O87 - FAEL: "{AB1BF0FD-3A6B-4F70-972D-E06A28B24255}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Chip.) -- C:\Program Files\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe O87 - FAEL: "{815FDCE6-9844-4AE4-AC46-32FBE562F063}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over Tantino.) -- C:\Program Files\DAS\servers\das_server_tantino\das_server_tantino.exe O87 - FAEL: "{6F5515ED-F7E8-4CD9-8D31-E23EE3618228}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over Tantino.) -- C:\Program Files\DAS\servers\das_server_tantino\das_server_tantino.exe O87 - FAEL: "{86CC3D5F-D316-4B17-9074-E0068F94A4EF}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Box.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe O87 - FAEL: "{78965123-E1B4-4056-A8CE-AFD6760E0DA5}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Box.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe O87 - FAEL: "{A01B145B-7B2D-4854-896E-59E847174722}" | In - Domain - P6 - TRUE | .(.Infineon Technologies.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe O87 - FAEL: "{9A43C951-D865-4112-A3A1-6674A7545E29}" | In - Domain - P17 - TRUE | .(.Infineon Technologies.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe O87 - FAEL: "{E9C804D3-3198-4963-BF0A-D1514386EAA0}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server UDAS.) -- C:\Program Files\DAS\servers\UDAS\UDAS.exe O87 - FAEL: "{D6776802-1D2A-403D-A99A-9AE18666F350}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server UDAS.) -- C:\Program Files\DAS\servers\UDAS\UDAS.exe O87 - FAEL: "{3D8A853D-29E2-4BC1-866C-F29B3DA371AC}" | In - Domain - P6 - TRUE | .(...) -- C:\Program Files\DAS\dashpas\das_dashpas.exe O87 - FAEL: "{80F83B2F-A45C-44D9-B4B7-8D63E65AAF58}" | In - Domain - P17 - TRUE | .(...) -- C:\Program Files\DAS\dashpas\das_dashpas.exe ~ Firewall: 205 Legitimates Filtered in 00mn 03s ---\\ Additionnal Scan (O88) Database Version : v2.12078 - (11.05.2013) Clés trouvées (Keys found) : 62 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR [HKLM\Software\Classes\AtlBrCon.AtlBrCon.1] =>Adware.WebOffer [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR [HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKCU\Software\APN] =>Toolbar.Ask [HKLM\Software\APN] =>Toolbar.Ask [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar [HKLM\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade C:\Program Files\Ask.com =>Toolbar.AskBar C:\ProgramData\Babylon =>Toolbar.Babylon C:\Users\usseglio\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\usseglio\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar C:\Users\usseglio\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar ~ Additionnel Scan: 269014 Items scanned in 00mn 19s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1AA5D38CF1A62014F8F70C32D03DF10C" . (.RapidBoot.) -- C:\Windows\Installer\{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}\ARPPRODUCTICON.exe O90 - PUC: "74846C52009BDA841A46B1F4B9776405" . (.System Update.) -- C:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Sopcast Ask Toolbar.) -- c:\program files\ask.com\cb_e09b.ico =>Toolbar.Ask O90 - PUC: "BC9384D64B820704C87A16C29AC23A0D" . (.BIG-IP Edge Client.) -- C:\Windows\Installer\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}\icon.ico O90 - PUC: "C9335768C821DD4438FBA0D5A6DB2879" . (.ThinkVantage System Update.) -- C:\Program Files\Lenovo\System Update\Tvsu.exe O90 - PUC: "D789B57BFE1A6C04FBDB2B7212C539D8" . (.Project Reader.) -- C:\Windows\Installer\{B75B987D-A1EF-40C6-BFBD-B227215C938D}\ARPPRODUCTICON.exe O90 - PUC: "E0794A21CD339344AB24A86E2BA12537" . (.Copiun Data Manager.) -- C:\Windows\Installer\{12A4970E-33DC-4439-BA42-8AE6B21A5273}\_6FEFF9B68218417F98F549.exe ~ Update Products: 78 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\5bed78ae53fee12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" [HKCU\Software\5bed78ae53fee12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11" [HKCU\Software\5bed78ae53fee12] =>Toolbar.Babylon^ [HKLM\Software\5bed78ae53fee12] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (R=Running, S=Stopped) SR - | Auto 23.09.2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 16.04.2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 11.08.2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30.08.2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 12.04.2012 112640 | (Copiun Administrative Service) . (.Copiun Inc.) - C:\Program Files\Copiun\AgtAdmSvc.exe SR - | Demand 02.06.2011 292200 | (DozeSvc) . (.Lenovo..) - C:\Program Files\ThinkPad\Utilities\DOZESVC.exe SR - | Auto 07.04.2010 241688 | (DWMRCS) . (.DameWare Development LLC.) - C:\Windows\system32\DWRCS.exe SR - | Auto 17.12.2010 936208 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 13.07.2010 379320 | (F5 Networks Component Installer) . (.F5 Networks, Inc..) - C:\Windows\system32\F5InstallerService.exe SR - | Auto 13.07.2010 212088 | (F5FltSrv) . (.F5 Networks, Inc..) - C:\Windows\system32\F5FltSrv.exe SS - | Auto 03.12.2010 107880 | (HyperW7Svc) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe SR - | Auto 01.02.2011 38760 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe SR - | Demand 12.12.2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 07.02.2011 210896 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\Services\IPT\jhi_service.exe SR - | Auto 30.04.2012 198520 | (JuniperAccessService) . (.Juniper Networks, Inc..) - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe SR - | Auto 16.12.2010 40808 | (LENOVO.CAMMUTE) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe SR - | Auto 04.04.2011 45496 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe SR - | Auto 16.12.2010 59240 | (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe SR - | Auto 07.04.2010 93032 | (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe SR - | Auto 17.01.2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SS - | Auto 0 | (M42EmAgent) . (...) - C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgent.exe SS - | Demand 12.04.2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 16.04.2012 1443584 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe SS - | Demand 02.06.2011 83304 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe SR - | Auto 02.06.2011 148840 | (PwmEWSvc) . (.Lenovo Group Limited.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe SR - | Auto 17.12.2010 477456 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SS - | Demand 13.11.2012 512000 | (SSI Client Installer) . (.Scalable Software, Inc..) - C:\Windows\system32\SCInstallerNT.exe SR - | Auto 13.11.2012 90112 | (SSI Survey Client) . (.Scalable Software, Inc..) - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.exe SR - | Auto 18.02.2011 28672 | (SUService) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\System Update\SUService.exe SR - | Auto 16.04.2012 1420152 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe SS - | Demand 07.01.2010 689416 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe SR - | Auto 20.04.2011 130920 | (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe SR - | Auto 29.03.2011 64952 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe SR - | Auto 17.01.2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SS - | Demand 14.07.2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14.07.2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s ~ 1028 Legitimates filtered by white list End of the scan (853 lines in 06mn 07s)(0)