Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.5.11.97 par Nicolas Coolman, Update du 11.05.2013
Run by usseglio at 12.05.2013 21:50:42
State : Your version is update.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 20.0.1 (Defaut)
---\\ Windows Product Information
~ Langage: Allemand
Windows 7 Enterprise Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Malwarebytes Anti-Malware version 1.75.0.1300
Trend Micro OfficeScan Client v10.0.0.3071
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader XI MUI
Java 7 Update 17
---\\ System Information
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3497 MB (50% free)
System Restore: Activ� (Enable)
System drive C: has 168 GB (56%) free of 298 GB
---\\ Logged in mode
~ Computer Name: MUCNR9EL2N6
~ User Name: usseglio
~ All Users Names: local_adm, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as User
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\usseglio\AppData\Roaming\
~ %Desktop% : C:\Users\usseglio\Desktop\
~ %Favorites% : \\mucsdn32.eu.infineon.com\usseglio\Favorites\
~ %LocalAppData% : C:\Users\usseglio\AppData\Local\
~ %StartMenu% : C:\Users\usseglio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 168 Go of 298 Go)
---\\ Security Center & Tools Informations
~ Security Center: 36 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25.02.2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14.07.2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C3D43E21FA49657BC1645E9D745656C6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02.03.2013 - 05:58:26.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20.11.2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20.11.2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25.04.2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14.07.2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - NT File System Driver.) (.31.08.2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14.07.2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14.07.2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20.11.2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 02s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3555
~ Mes musiques (My Musics) : 1/76
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 16/514
~ Mon Bureau (My Desktop) : 3/1040
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 23s
---\\ Running Processes
[MD5.6F4A630434695EFE2E1605E26486C14D] - (.DameWare Development - DameWare Mini Remote Control User Interface.) -- C:\Windows\system32\DWRCST.exe [85528] [PID.4168]
[MD5.A588AE303C640164875C588EF9C88380] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe [138680] [PID.4408]
[MD5.9737420C783190202089FCCF2396AFAC] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [328040] [PID.4416]
[MD5.D5EEEF4502EF89782D7AC6C73CFFE599] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [887384] [PID.5068]
[MD5.F5005A238995EAF113D62DD2540C5A38] - (.Lenovo Group Limited - ThinkVantage AutoLock Resident module.) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960] [PID.5080]
[MD5.DC9C9C409D096F8280546F010A8392A5] - (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744] [PID.5100]
[MD5.2E7D604A1172A7573186887BB2E8E05F] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [176664] [PID.5148]
[MD5.642AC2F4FDF7F37ED1687C147460C1F6] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178200] [PID.5180]
[MD5.CCA408A93DE11D9E72891861FD0AE655] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2270504] [PID.5292]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.4388]
[MD5.B48664A15DD6D80AA674480D5495F52D] - (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [41320] [PID.5352]
[MD5.06ED439C583DA3B2533CA3A32553B6B5] - (.Infineon Technologies - SoftwareDistributionClient.) -- C:\Program Files\SoftwareDistribution\Client\SoftwareDistributionClient.exe [738304] [PID.5404]
[MD5.692C7BA298075DC36DB6F18A275F2A61] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [132392] [PID.5600]
[MD5.8E881EB0D03B4CFF141D748A5004758A] - (.Microsoft Corporation - Microsoft Office Communicator 2007 R2.) -- C:\Program Files\Microsoft Office Communicator\communicator.exe [5164624] [PID.5668]
[MD5.D861D6380E65368E799EB87EB79DB9C6] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [107816] [PID.5728]
[MD5.71200E7924D30860F032C7BE3EDDCB3B] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [901800] [PID.5736]
[MD5.BB0E3DF60286758532F423361461C775] - (.Copiun Inc. - Monitors system for changed files that need.) -- C:\Program Files\Copiun\Notificationexe.exe [78336] [PID.5764]
[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.5780]
[MD5.C7FF2C2155EAA81C0489FBFD24FB23C6] - (.Lenovo Group Limited - Power Manager Power Agenda.) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.exe [62824] [PID.5852]
[MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.5932]
[MD5.0586D31F3AC6829B49ECFE20A451C16B] - (.Intel Corporation - Intel(R) Management and Security Status.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1923096] [PID.3724]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.1936]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.7076]
[MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.1920]
[MD5.0B240862B214F86170013B9CC1A9E108] - (.Copiun Inc. - Backup and Recovery Agent.) -- C:\Program Files\Copiun\Agentexe.exe [547840] [PID.7488]
[MD5.44B23B3FA81CD7E0197D5F1AA3611A8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7307264] [PID.4468]
~ Processes Running: Scanned in 00mn 07s
---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\prefs.js
C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\user.js
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\amazondotcom-de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\leo_ende_de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-de.xml
M0 - MFSP: prefs.js [usseglio - 9eab7hbe.default] http://iweb.infineon.com
M2 - MFEP: prefs.js [usseglio - 9eab7hbe.default\toolbar@ask.com] [] v (..)
~ Firefox Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>Toolbar.Babylon
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: IEBrowserHelperObject Class - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} . (.Scalable Software, Inc. - No comment.) -- C:\Windows\system32\SSIBrowserHook6.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ BHO: 7 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Sopcast Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
O4 - HKLM\..\Run: [ALCKRESI.EXE] . (.Lenovo Group Limited - ThinkVantage AutoLock Resident module.) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
O4 - HKLM\..\Run: [RotateImage] . (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
O4 - HKLM\..\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.)
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] . (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [SwDistLogin] . (.Infineon Technologies - SoftwareDistributionClient.) -- C:\Program Files\SoftwareDistribution\Client\SoftwareDistributionClient.exe
O4 - HKLM\..\Run: [EmAgentGui.exe] C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgentGui.exe (.not file.)
O4 - HKLM\..\Run: [Communicator] . (.Microsoft Corporation - Microsoft Office Communicator 2007 R2.) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.)
O4 - HKLM\..\Run: [Copiun Notification Manager] . (.Copiun Inc. - Monitors system for changed files that need.) -- C:\Program Files\Copiun\notificationexe.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [DameWare MRC Agent] . (.DameWare Development - DameWare Mini Remote Control User Interface.) -- C:\Windows\system32\DWRCST.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-2052111302-842925246-682003330-466258\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2052111302-842925246-682003330-466258\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
~ Winsock: 8 Legitimates Filtered in 00mn 00s
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKLM\...\Domains] *.adp.com
O15 - Trusted Zone: [HKLM\...\Domains] *.agenziadogane.it
O15 - Trusted Zone: [HKLM\...\Domains] *.alphaclick.ro
O15 - Trusted Zone: [HKLM\...\Domains] *.altissemiconductor.com
O15 - Trusted Zone: [HKLM\...\Domains] *.americanexpress.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ardentec.com
O15 - Trusted Zone: [HKLM\...\Domains] *.arm.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ats.net
O15 - Trusted Zone: [HKLM\...\Domains] *.bankaustria.at
O15 - Trusted Zone: [HKLM\...\Domains] *.bosch.com
O15 - Trusted Zone: [HKLM\...\Domains] *.bradesco.com.br
O15 - Trusted Zone: [HKLM\...\Domains] *.buerohandel.net
O15 - Trusted Zone: [HKLM\...\Domains] *.catalog-gate.de
O15 - Trusted Zone: [HKLM\...\Domains] *.catalogus.de
O15 - Trusted Zone: [HKLM\...\Domains] *.citicorp.com
O15 - Trusted Zone: [HKLM\...\Domains] *.concursolutions.com
O15 - Trusted Zone: [HKLM\...\Domains] *.conrad.de
O15 - Trusted Zone: [HKLM\...\Domains] *.csminc.com
O15 - Trusted Zone: [HKLM\...\Domains] *.dagangnet.com
O15 - Trusted Zone: [HKLM\...\Domains] *.dasoertliche.de
O15 - Trusted Zone: [HKLM\...\Domains] *.dpma.de
O15 - Trusted Zone: [HKLM\...\Domains] *.dpv-elektronik.de
O15 - Trusted Zone: [HKLM\...\Domains] *.e-control.at
O15 - Trusted Zone: [HKLM\...\Domains] *.ecmlibra.com
O15 - Trusted Zone: [HKLM\...\Domains] *.electrocomponents.com
O15 - Trusted Zone: [HKLM\...\Domains] *.electronics-video.com
O15 - Trusted Zone: [HKLM\...\Domains] *.elsteronline.de
O15 - Trusted Zone: [HKLM\...\Domains\www] *.evolution3.de
O15 - Trusted Zone: [HKLM\...\Domains] *.festo.com
O15 - Trusted Zone: [HKLM\...\Domains] *.flextronics.com
O15 - Trusted Zone: [HKLM\...\Domains] *.flife.de
O15 - Trusted Zone: [HKLM\...\Domains] *.geldkarte-laden.de
O15 - Trusted Zone: [HKLM\...\Domains] *.globalfoundries.com
O15 - Trusted Zone: [HKLM\...\Domains] *.icbc.com.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.imec.be
O15 - Trusted Zone: [HKLM\...\Domains] *.infineon-designlink.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.infineon-newsletter.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ingplans.com
O15 - Trusted Zone: [HKLM\...\Domains] *.insight.de
O15 - Trusted Zone: [HKLM\...\Domains] *.intel.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ipworks.de
O15 - Trusted Zone: [HKLM\...\Domains] *.jabil.com
O15 - Trusted Zone: [HKLM\...\Domains] *.jsciq.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.kaiserkraft.de
O15 - Trusted Zone: [HKLM\...\Domains\www] *.kumpulan.com.sg
O15 - Trusted Zone: [HKLM\...\Domains] *.lear.com
O15 - Trusted Zone: [HKLM\...\Domains] *.lntinfotech.com
O15 - Trusted Zone: [HKLM\...\Domains] *.lsl.de
O15 - Trusted Zone: [HKLM\...\Domains] *.lufthansa.com
O15 - Trusted Zone: [HKLM\...\Domains] *.managementdynamics.com
O15 - Trusted Zone: [HKLM\...\Domains] *.map24.com
O15 - Trusted Zone: [HKLM\...\Domains] *.mediaflow.ch
O15 - Trusted Zone: [HKLM\...\Domains] *.meeting-stream.com
O15 - Trusted Zone: [HKLM\...\Domains] *.mexperts.tv
O15 - Trusted Zone: [HKLM\...\Domains] *.mobis.co.kr
O15 - Trusted Zone: [HKLM\...\Domains] *.mom.gov.sg
O15 - Trusted Zone: [HKLM\...\Domains] *.nc3.biz
O15 - Trusted Zone: [HKLM\...\Domains] *.nchr.com.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.nedstat.de
O15 - Trusted Zone: [HKLM\...\Domains] *.nokia.com
O15 - Trusted Zone: [HKLM\...\Domains] *.pixel.de
O15 - Trusted Zone: [HKLM\...\Domains] *.procareline.com
O15 - Trusted Zone: [HKLM\...\Domains] *.promeas.com
O15 - Trusted Zone: [HKLM\...\Domains] *.pudong.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains\www] *.pudong.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.rbsm.com
O15 - Trusted Zone: [HKLM\...\Domains] *.rbworld.lv
O15 - Trusted Zone: [HKLM\...\Domains\www] http.reichelt.de
O15 - Trusted Zone: [HKLM\...\Domains] *.revenue.ie
O15 - Trusted Zone: [HKLM\...\Domains] *.rfxix.com
O15 - Trusted Zone: [HKLM\...\Domains] *.rockwell.com
O15 - Trusted Zone: [HKLM\...\Domains] *.rockwellautomation.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ros.ie
O15 - Trusted Zone: [HKLM\...\Domains] *.rs-online.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.rtda.com
O15 - Trusted Zone: [HKLM\...\Domains] *.samsungsemi.co.kr
O15 - Trusted Zone: [HKLM\...\Domains] *.samsungsemi.com
O15 - Trusted Zone: [HKLM\...\Domains] *.sandata.de
O15 - Trusted Zone: [HKLM\...\Domains] *.sanmina-sci.com
O15 - Trusted Zone: [HKLM\...\Domains] *.santander.com.br
O15 - Trusted Zone: [HKLM\...\Domains] *.security-news.tv
O15 - Trusted Zone: [HKLM\...\Domains] *.semi-dnp.com
O15 - Trusted Zone: [HKLM\...\Domains] *.seoul.go.kr
O15 - Trusted Zone: [HKLM\...\Domains] *.shareholder.com
O15 - Trusted Zone: [HKLM\...\Domains] *.siemens.de
O15 - Trusted Zone: [HKLM\...\Domains] *.sixt.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.smart-supply.at
O15 - Trusted Zone: [HKLM\...\Domains] *.smartmediapres.com
O15 - Trusted Zone: [HKLM\...\Domains] *.snds.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.sonicwall.com
O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.at
O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.com
O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.it
O15 - Trusted Zone: [HKLM\...\Domains] *.supplywin.com
O15 - Trusted Zone: [HKLM\...\Domains] *.synopsys.com
O15 - Trusted Zone: [HKLM\...\Domains] *.t-mobile.at
O15 - Trusted Zone: [HKLM\...\Domains] *.telekom.at
O15 - Trusted Zone: [HKLM\...\Domains] *.teradyne.com
O15 - Trusted Zone: [HKLM\...\Domains] *.thomson-webcast.net
O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.biz
O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.com
O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.net
O15 - Trusted Zone: [HKLM\...\Domains\www] *.ti.com
O15 - Trusted Zone: [HKLM\...\Domains] *.trw.com
O15 - Trusted Zone: [HKLM\...\Domains] *.tsmc.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ubs.com
O15 - Trusted Zone: [HKLM\...\Domains] *.umc.com
O15 - Trusted Zone: [HKLM\...\Domains] *.viewtrip.com
O15 - Trusted Zone: [HKLM\...\Domains] *.vwr.com
O15 - Trusted Zone: [HKLM\...\Domains] *.wdr.de
O15 - Trusted Zone: [HKLM\...\Domains] *.wolfsonmicro.com
O15 - Trusted Zone: [HKLM\...\Domains] *.zedal.de
O15 - Trusted Zone: [HKLM\...\Domains] *.zte.com.cn
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5certchk.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - ((no name)) - (.not file.) - file:\\C:\Program Files\F5 VPN\F5_TMP\cachecleaner.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxvpn.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\InstallerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5InspectionHost.cab
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - ((no name)) - (.not file.) - file:\\C:\Program Files\F5 VPN\F5_TMP\f5GroupPolicyAgent.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxhost.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5syschk.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} ((no name)) - https://euconnect.arrow.com/dana-cached/sc/JuniperSetupClient.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain
O17 - HKLM\System\CS1\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain
O17 - HKLM\System\CS2\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Copiun Administrative Service (Copiun Administrative Service) . (.Copiun Inc - Copiun Administrative Service.) - C:\Program Files\Copiun\AgtAdmSvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) . (.DameWare Development LLC - DameWare Mini Remote Client Agent.) - C:\Windows\system32\DWRCS.exe
O23 - Service: F5 Networks Component Installer (F5 Networks Component Installer) . (.F5 Networks, Inc. - Component Installer Windows Service.) - C:\Windows\system32\F5InstallerService.exe
O23 - Service: F5 Networks DNS Relay Proxy Service (F5FltSrv) . (.F5 Networks, Inc. - F5 DNS Relay Proxy for Windows.) - C:\Windows\system32\F5FltSrv.exe
O23 - Service: HyperW7 Service (HyperW7Svc) . (.Lenovo Group Limited - HyperW7 Service.) - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo. - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) . (.Juniper Networks, Inc. - Juniper Access Service.) - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) . (.Lenovo Group Limited - Camera Mute Control Service for ThinkPad.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) . (.Lenovo Group Limited - Microphone volume control service.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited - Auto Scroll Start Service.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: M42EmAgent (M42EmAgent) . (...) - C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgent.exe (.not file.)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) . (.Lenovo Group Limited - Power Manager Cisco EnergyWise Enabler.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
O23 - Service: SSI Survey Client (SSI Survey Client) . (.Scalable Software, Inc. - No comment.) - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.exe
O23 - Service: System Update (SUService) . (.Lenovo Group Limited - ThinkVantage System Update Service.) - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited - ThinkPad Message Client Loader.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 26 Legitimates Filtered in 00mn 25s
---\\ Eintr�ge in Windows' Aufgabenplaner(039)
[MD5.6FD59835879A0DE7B9F9F61D86F9B6FB] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [529768]
[MD5.14426438EDA546F331650854F4CD63A8] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [134824] =>Toolbar.Ask
[MD5.6995D9C2A6AB8CC4902D3A293EA3E77B] [APT] [{59264E20-6214-4E98-8905-1B5216AF15D6}] (.Infineon Technologies.) -- C:\Users\usseglio\AppData\Local\{723775A7-8FA0-4A7D-9FDB-F9693D7F4E47}\easyAPE.exe [2123827]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 11s
---\\ Automatisch gestartete Treiber und Dienste (O41)
O41 - Driver: (dwvkbd) . (.DameWare - DameWare Virtual Keyboard Driver.) - C:\Windows\System32\DRIVERS\dwvkbd.sys
O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys
O41 - Driver: (PHCORE) . (.Lenovo Group Limited - RapidBoot Driver.) - C:\Program Files\Lenovo\RapidBoot\PHCORE.sys
O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys
~ Drivers: 84 Legitimates Filtered in 00mn 02s
---\\ Installierte Programme (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: BIG-IP Edge Client Components (All Users) - (.F5 Networks, Inc..) [HKLM] -- F5 Networks Client Components
O42 - Logiciel: FloTHERM PCB - (.Mentor Graphics Corporation.) [HKLM] -- {49F29C70-3ACD-43EF-AC38-7F87EB351467}
O42 - Logiciel: Integrated Camera Driver Installer Package Ver.1.1.0.1147 - (.RICOH.) [HKLM] -- {B2CA6F37-1602-4823-81B5-0384B6888AA6}
O42 - Logiciel: Integrated Camera TWAIN - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {9CA0DEE4-E84B-466F-9B96-FC255F3A929F}
O42 - Logiciel: Matrix42 Enterprise Manager Agent - (.Matrix42.) [HKLM] -- {B8C82791-23AF-484C-BEE1-29D5E973F2D5}
O42 - Logiciel: On Screen Display - (...) [HKLM] -- OnScreenDisplay
O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver
O42 - Logiciel: ThinkPad Power Manager - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405}
O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: easyAPE - (.Infineon.) [HKCU] -- easyAPE
~ Logic: 73 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5bed78ae53fee12]
[HKCU\Software\APN]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Ask.com]
[HKCU\Software\Copiun]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\F5 Networks]
[HKCU\Software\Glueckkanja]
[HKCU\Software\KVS]
[HKCU\Software\MGC]
[HKCU\Software\Softonic]
[HKLM\Software\5bed78ae53fee12]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Copiun]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Glueckkanja]
[HKLM\Software\KSOL]
[HKLM\Software\Mentor Graphics Corporation]
[HKLM\Software\ThinkVantage]
~ Key Software: 150 Legitimates Filtered in 00mn 01s
---\\ Inhalte der gemeinsamen Dateien (O43)
O43 - CFD: 06.12.2012 - 10:25:57 - [24,131] ----D C:\Program Files\88888chat
O43 - CFD: 27.11.2011 - 21:14:19 - [2,878] ----D C:\Program Files\Ask.com
O43 - CFD: 26.08.2011 - 13:00:21 - [1,060] ----D C:\Program Files\ConfigMgr 2007 Toolkit
O43 - CFD: 27.09.2012 - 10:11:11 - [25,963] ----D C:\Program Files\Copiun
O43 - CFD: 29.11.2011 - 11:34:09 - [3,236] ----D C:\Program Files\CryptoEx
O43 - CFD: 07.02.2012 - 19:09:32 - [357,977] ----D C:\Program Files\easyAPE
O43 - CFD: 26.08.2011 - 13:31:42 - [7,215] ----D C:\Program Files\F5 VPN
O43 - CFD: 01.12.2011 - 14:00:23 - [0,063] ----D C:\Program Files\Idea-Management
O43 - CFD: 26.08.2011 - 12:21:17 - [14,959] ----D C:\Program Files\Integrated Camera Driver
O43 - CFD: 26.08.2011 - 13:30:31 - [2,070] ----D C:\Program Files\KSOL
O43 - CFD: 26.08.2011 - 12:58:30 - [0] ----D C:\Program Files\Matrix42
O43 - CFD: 27.02.2013 - 09:37:55 - [143,451] ----D C:\Program Files\MentorMA
O43 - CFD: 03.05.2013 - 10:27:32 - [0] ----D C:\Program Files\TheTool
O43 - CFD: 26.08.2011 - 12:27:02 - [39,882] ----D C:\Program Files\ThinkPad
O43 - CFD: 03.11.2012 - 21:33:01 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 26.08.2011 - 13:32:30 - [1,086] ----D C:\ProgramData\F5 Networks
O43 - CFD: 19.03.2013 - 11:50:31 - [45,574] --H-D C:\ProgramData\{6A0D33F3-2378-4E4A-AAC6-8C7DE4FBE74E}
O43 - CFD: 03.11.2012 - 21:33:01 - [0,008] ----D C:\Users\usseglio\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 11.05.2013 - 19:14:56 - [0] ----D C:\Users\usseglio\AppData\Roaming\Isuzaq
O43 - CFD: 11.05.2013 - 19:06:44 - [0,381] ----D C:\Users\usseglio\AppData\Roaming\Nuik
O43 - CFD: 11.05.2013 - 19:06:44 - [0,223] ----D C:\Users\usseglio\AppData\Roaming\Ohug
O43 - CFD: 01.09.2011 - 16:20:50 - [0,000] ----D C:\Users\usseglio\AppData\Roaming\PwrMgr
O43 - CFD: 08.10.2012 - 09:55:46 - [1221,281] ----D C:\Users\usseglio\AppData\Local\Copiun
O43 - CFD: 03.02.2012 - 10:01:48 - [4,889] ----D C:\Users\usseglio\AppData\Local\{723775A7-8FA0-4A7D-9FDB-F9693D7F4E47}
O43 - CFD: 03.02.2012 - 10:01:42 - [0,002] ----D C:\Users\usseglio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easyAPE
~ Program Folder: 158 Legitimates Filtered in 00mn 25s
---\\ Zuletzt ver�nderte und erstellte Dateien in Windows und System32 (O44)
O44 - LFC:[MD5.358089C72BC563FABE973780807A8EC1] - 12.05.2013 - 11:46:42 ---A- . (...) -- C:\Windows\SMSCFG.ini [463]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 12.05.2013 - 11:44:32 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 12.05.2013 - 11:44:31 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.BC2F44781E0A324E5276E32BB6408261] - 12.05.2013 - 06:58:05 ---A- . (...) -- C:\Windows\RegBootClean.exe [181808]
O44 - LFC:[MD5.DDF7E19851E8E8ACB7AA4FD310005AFA] - 11.05.2013 - 21:17:44 ---A- . (...) -- C:\Windows\ntbtlog.txt [1365036]
O44 - LFC:[MD5.538D781831E27122F248556BE4967DA6] - 10.05.2013 - 13:30:56 ---A- . (...) -- C:\Windows\cfgall.ini [16535]
O44 - LFC:[MD5.2775AA8A1F7DC5C50D70BE1797E69D7B] - 02.05.2013 - 07:53:39 ---A- . (...) -- C:\Windows\TMFilter.log [664]
~ Files: 24 Legitimates Filtered in 03mn 22s
---\\ Ausgef�hrte Handlungen beim Start von Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Registryeintr�ge f�r den abgesicherten Modus (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 17 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - beyondexecv.exe - NULL
O50 - IFEO:Image File Execution Options - hYDguxl.exe - calc.exe
O50 - IFEO:Image File Execution Options - mimikatz.exe - NULL
O50 - IFEO:Image File Execution Options - rexesvr.exe - NULL
O50 - IFEO:Image File Execution Options - testenter.exe - NULL
O50 - IFEO:Image File Execution Options - wce.exe - NULL
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{0817afb3-8df8-11e1-a3c9-463500000031}\AutoRun\command. (...) -- D:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=0
O55 - MWPS:[HKLM\...\Policies\System] - "LocalAccountTokenFilterPolicy"=1
O55 - MWPS:[HKCU\...\Policies\System] - "HideLogonScripts"=0
O55 - MWPS:[HKCU\...\Policies\System] - "RunLogonScriptSync"=1
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisablePersonalDirChange"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceRunOnStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAutoUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStrCmpLogical"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoMSAppLogo5ChannelNotify"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.1875F492C399DB858E77C1B29366D54B] - 04.03.2011 - 17:14:34 ---A- . (.Ricoh co.,Ltd. - Ricoh USB Camera driver.) -- C:\Windows\System32\Drivers\5U877.sys [132096]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13.07.2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 13.07.2010 - C:\Windows\system32\drivers\F5FltDrv.sys (F5FltDrv) .(.F5 Networks, Inc. - F5 Filter Driver for Windows.) - LEGACY_F5FLTDRV
O64 - Services: CurCS - 07.09.2010 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI
O64 - Services: CurCS - 03.12.2010 - C:\Program Files\Lenovo\RapidBoot\PHCORE.sys (PHCORE) .(.Lenovo Group Limited - RapidBoot Driver.) - LEGACY_PHCORE
O64 - Services: CurCS - 02.06.2011 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.id", "089ca32c000000000000cc52af82a056"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.instlDay", "15647"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=089ca32c000000000000cc52af82a0[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:33:22"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {6021E954-1AF7-4DF6-AA14-25362657BB70} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.F8B8154D7C12BEB56F4249C89B89AFFF] [SPRF][12.05.2013] (...) -- C:\ProgramData\SSIHistory.dat [1848]
[MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [SPRF][12.05.2013] (...) -- C:\Users\usseglio\AppData\Local\Temp\ExchangePerflog_8484fa3156ca4db4dcd6c672.dat [28]
[MD5.C887D8045CF77654D370057980D2D640] [SPRF][11.06.2010] (.F5 Networks, Inc. - No comment.) -- C:\Windows\Downloaded Program Files\cachecleaner.dll [319096]
[MD5.70C56F98BA22BD3922E761F53855D2CA] [SPRF][11.06.2010] (.F5 Networks, Inc. - CacheCleaner.) -- C:\Windows\Downloaded Program Files\cachecleaner.exe [45688]
[MD5.255B8E933F115F0F8DF65D0A02903374] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 CertCheck Module.) -- C:\Windows\Downloaded Program Files\f5certchk.dll [328352]
[MD5.399871572A5515F6707283FFC02A3ADA] [SPRF][19.10.2012] (.F5 Networks, Inc. - CertHelper Module.) -- C:\Windows\Downloaded Program Files\F5CertHelper.dll [37536]
[MD5.EBE870ACA1A6BF81E2CEE355A0EDE2B0] [SPRF][19.10.2012] (.F5 Networks, Inc. - CertHelper Module.) -- C:\Windows\Downloaded Program Files\F5CertHelper.exe [152224]
[MD5.3F35216D3E426AA78F9B8C0FDF0840D9] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper.dll [66208]
[MD5.0F67A0B541BBA69185D7230E12E6AA12] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper.exe [358560]
[MD5.344915DD864701AC967486CE82B8F803] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper64.dll [72864]
[MD5.E64A99F89DE1F09507911DF997525BA3] [SPRF][11.06.2010] (.F5 Networks, Inc. - F5 Networks Windows Group Policy Agent Module.) -- C:\Windows\Downloaded Program Files\f5GroupPolicyAgent.dll [242296]
[MD5.EF7B8A70319D077C9918BFF4644D28FE] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Endpoint Inspection Control.) -- C:\Windows\Downloaded Program Files\f5InspectionHost.dll [479904]
[MD5.F20EF99CB7B79C5E5F0444D9C6134E66] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks BIG-IP� Edge Client� ....) -- C:\Windows\Downloaded Program Files\f5instd.exe [373408]
[MD5.1E8773EB7A827FDD28BD22257475E1BF] [SPRF][19.10.2012] (.F5 Networks, Inc. - InstallerHelper Module.) -- C:\Windows\Downloaded Program Files\F5InstH.exe [233120]
[MD5.31A9AD551DDCA5F820A0608B1C7F824E] [SPRF][19.10.2012] (.F5 Networks, Inc. - InstallerHelper Module.) -- C:\Windows\Downloaded Program Files\F5InstP.dll [42144]
[MD5.807F3B246CB30F7FC2A61E458809F837] [SPRF][19.10.2012] (.F5 Networks Inc. - F5 Components Troubleshooting.) -- C:\Windows\Downloaded Program Files\f5unistall.exe [1131168]
[MD5.33FA522B123B901964583FDF65017BA4] [SPRF][19.10.2012] (.F5 Networks, Inc. - System Check Helper.) -- C:\Windows\Downloaded Program Files\F5Win32CheckHelper.dll [37536]
[MD5.9FA797CE84E2AE0AA682A5FC24FEE990] [SPRF][19.10.2012] (.F5 Networks, Inc. - System Check Helper.) -- C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe [156320]
[MD5.58C519AB35CAE6B950CA749C9328F970] [SPRF][19.10.2012] (.F5 Networks, Inc. - Trusted Sites.) -- C:\Windows\Downloaded Program Files\ietrust.exe [107168]
[MD5.9FC961497D2B31570380C49D6320FF47] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Auto Update Module.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [381600]
[MD5.E4FECCBD352F6502FB7D1B70695B8A68] [SPRF][30.04.2012] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [407416]
[MD5.BEF9B4E9F99D6E8741AB205B275531F6] [SPRF][11.06.2010] (.F5 Networks, Inc. - XML Parser based on SCEW/EXPAT.) -- C:\Windows\Downloaded Program Files\scew_uls.dll [168056]
[MD5.7A0F723B5111D99D1EC1A96AE396A3F0] [SPRF][14.12.2005] (...) -- C:\Windows\Downloaded Program Files\set9x16.dll [22304]
[MD5.68615B3EE28AF451A635349538CEF8D2] [SPRF][19.10.2012] (...) -- C:\Windows\Downloaded Program Files\set9x32.dll [15520]
[MD5.43A462B4A306B03A303BC80F3BD19EB1] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\setup2000.dll [118432]
[MD5.448E03B537671CEE36B4F3DD0FD02272] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\setupdrvdll.dll [142496]
[MD5.2065805823FBBCED4D107281B3656D5F] [SPRF][19.10.2012] (.F5 Networks, Inc - TunnelServer.) -- C:\Windows\Downloaded Program Files\TunnelServer.exe [1329824]
[MD5.EEC800630746721BA6C9A5A35EAC473D] [SPRF][19.10.2012] (.F5 Networks, Inc - Dynamic Application Tunnel Control.) -- C:\Windows\Downloaded Program Files\TunnelServerX.dll [311968]
[MD5.A48EA04EEF22988786F56F4F2BAC5873] [SPRF][19.10.2012] (.F5 Networks, Inc. - ActiveX register.) -- C:\Windows\Downloaded Program Files\uregsvr.exe [62112]
[MD5.E476CFAEB0F68B82477B8C4F4D498B60] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\urset64.exe [91296]
[MD5.88FF389FC8A8DAF8572DDB80A4B3848C] [SPRF][19.10.2012] (.F5 Networks - Driver Setup for F5 Networks SSL VPN.) -- C:\Windows\Downloaded Program Files\ursetvpn.exe [127136]
[MD5.858C6CFE128D6F6ECA3B03DEEA78152F] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks SuperHost.) -- C:\Windows\Downloaded Program Files\urSuperHost.dll [487072]
[MD5.C37E6D00E3AB7499DACFB10E33CC966D] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Active Dialer.) -- C:\Windows\Downloaded Program Files\urxdialer.dll [675488]
[MD5.1BCB92BE1AF3D43151D62C6699AF065D] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Manager.) -- C:\Windows\Downloaded Program Files\urxdialerres.dll [28832]
[MD5.06908686805F378D0CA19C021B571D98] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Host Module.) -- C:\Windows\Downloaded Program Files\urxhost.dll [848544]
[MD5.70ACFEA121912E760A3AD83F619EB4C2] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Host Module.) -- C:\Windows\Downloaded Program Files\urxhostres.dll [68256]
[MD5.76C3577E128C205D51D8E8DA2FF51007] [SPRF][19.10.2012] (.F5 Networks, Inc. - Win32SystemCheck Module.) -- C:\Windows\Downloaded Program Files\Win32SystemCheck.dll [348832]
~ Files: Scanned in 00mn 07s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{4FFAE9C5-D8E2-4D9F-94CD-4BB7965F429D}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Chip.) -- C:\Program Files\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
O87 - FAEL: "{AB1BF0FD-3A6B-4F70-972D-E06A28B24255}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Chip.) -- C:\Program Files\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
O87 - FAEL: "{815FDCE6-9844-4AE4-AC46-32FBE562F063}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over Tantino.) -- C:\Program Files\DAS\servers\das_server_tantino\das_server_tantino.exe
O87 - FAEL: "{6F5515ED-F7E8-4CD9-8D31-E23EE3618228}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over Tantino.) -- C:\Program Files\DAS\servers\das_server_tantino\das_server_tantino.exe
O87 - FAEL: "{86CC3D5F-D316-4B17-9074-E0068F94A4EF}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Box.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
O87 - FAEL: "{78965123-E1B4-4056-A8CE-AFD6760E0DA5}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Box.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
O87 - FAEL: "{A01B145B-7B2D-4854-896E-59E847174722}" | In - Domain - P6 - TRUE | .(.Infineon Technologies.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
O87 - FAEL: "{9A43C951-D865-4112-A3A1-6674A7545E29}" | In - Domain - P17 - TRUE | .(.Infineon Technologies.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
O87 - FAEL: "{E9C804D3-3198-4963-BF0A-D1514386EAA0}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server UDAS.) -- C:\Program Files\DAS\servers\UDAS\UDAS.exe
O87 - FAEL: "{D6776802-1D2A-403D-A99A-9AE18666F350}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server UDAS.) -- C:\Program Files\DAS\servers\UDAS\UDAS.exe
O87 - FAEL: "{3D8A853D-29E2-4BC1-866C-F29B3DA371AC}" | In - Domain - P6 - TRUE | .(...) -- C:\Program Files\DAS\dashpas\das_dashpas.exe
O87 - FAEL: "{80F83B2F-A45C-44D9-B4B7-8D63E65AAF58}" | In - Domain - P17 - TRUE | .(...) -- C:\Program Files\DAS\dashpas\das_dashpas.exe
~ Firewall: 205 Legitimates Filtered in 00mn 03s
---\\ Additionnal Scan (O88)
Database Version : v2.12078 - (11.05.2013)
Cl�s trouv�es (Keys found) : 62
Valeurs trouv�es (Values found) : 4
Dossiers trouv�s (Folders found) : 6
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR
[HKLM\Software\Classes\AtlBrCon.AtlBrCon.1] =>Adware.WebOffer
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\usseglio\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\usseglio\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\usseglio\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
~ Additionnel Scan: 269014 Items scanned in 00mn 19s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "1AA5D38CF1A62014F8F70C32D03DF10C" . (.RapidBoot.) -- C:\Windows\Installer\{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}\ARPPRODUCTICON.exe
O90 - PUC: "74846C52009BDA841A46B1F4B9776405" . (.System Update.) -- C:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Sopcast Ask Toolbar.) -- c:\program files\ask.com\cb_e09b.ico =>Toolbar.Ask
O90 - PUC: "BC9384D64B820704C87A16C29AC23A0D" . (.BIG-IP Edge Client.) -- C:\Windows\Installer\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}\icon.ico
O90 - PUC: "C9335768C821DD4438FBA0D5A6DB2879" . (.ThinkVantage System Update.) -- C:\Program Files\Lenovo\System Update\Tvsu.exe
O90 - PUC: "D789B57BFE1A6C04FBDB2B7212C539D8" . (.Project Reader.) -- C:\Windows\Installer\{B75B987D-A1EF-40C6-BFBD-B227215C938D}\ARPPRODUCTICON.exe
O90 - PUC: "E0794A21CD339344AB24A86E2BA12537" . (.Copiun Data Manager.) -- C:\Windows\Installer\{12A4970E-33DC-4439-BA42-8AE6B21A5273}\_6FEFF9B68218417F98F549.exe
~ Update Products: 78 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\5bed78ae53fee12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
[HKCU\Software\5bed78ae53fee12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11"
[HKCU\Software\5bed78ae53fee12] =>Toolbar.Babylon^
[HKLM\Software\5bed78ae53fee12] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (R=Running, S=Stopped)
SR - | Auto 23.09.2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 16.04.2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11.08.2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30.08.2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 12.04.2012 112640 | (Copiun Administrative Service) . (.Copiun Inc.) - C:\Program Files\Copiun\AgtAdmSvc.exe
SR - | Demand 02.06.2011 292200 | (DozeSvc) . (.Lenovo..) - C:\Program Files\ThinkPad\Utilities\DOZESVC.exe
SR - | Auto 07.04.2010 241688 | (DWMRCS) . (.DameWare Development LLC.) - C:\Windows\system32\DWRCS.exe
SR - | Auto 17.12.2010 936208 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 13.07.2010 379320 | (F5 Networks Component Installer) . (.F5 Networks, Inc..) - C:\Windows\system32\F5InstallerService.exe
SR - | Auto 13.07.2010 212088 | (F5FltSrv) . (.F5 Networks, Inc..) - C:\Windows\system32\F5FltSrv.exe
SS - | Auto 03.12.2010 107880 | (HyperW7Svc) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe
SR - | Auto 01.02.2011 38760 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Demand 12.12.2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 07.02.2011 210896 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\Services\IPT\jhi_service.exe
SR - | Auto 30.04.2012 198520 | (JuniperAccessService) . (.Juniper Networks, Inc..) - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
SR - | Auto 16.12.2010 40808 | (LENOVO.CAMMUTE) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
SR - | Auto 04.04.2011 45496 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 16.12.2010 59240 | (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
SR - | Auto 07.04.2010 93032 | (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
SR - | Auto 17.01.2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 0 | (M42EmAgent) . (...) - C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgent.exe
SS - | Demand 12.04.2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16.04.2012 1443584 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
SS - | Demand 02.06.2011 83304 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
SR - | Auto 02.06.2011 148840 | (PwmEWSvc) . (.Lenovo Group Limited.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
SR - | Auto 17.12.2010 477456 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Demand 13.11.2012 512000 | (SSI Client Installer) . (.Scalable Software, Inc..) - C:\Windows\system32\SCInstallerNT.exe
SR - | Auto 13.11.2012 90112 | (SSI Survey Client) . (.Scalable Software, Inc..) - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.exe
SR - | Auto 18.02.2011 28672 | (SUService) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\System Update\SUService.exe
SR - | Auto 16.04.2012 1420152 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
SS - | Demand 07.01.2010 689416 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
SR - | Auto 20.04.2011 130920 | (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
SR - | Auto 29.03.2011 64952 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
SR - | Auto 17.01.2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14.07.2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14.07.2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
~ 1028 Legitimates filtered by white list
End of the scan (853 lines in 06mn 07s)(0)
Run by usseglio at 12.05.2013 21:50:42
State : Your version is update.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 20.0.1 (Defaut)
---\\ Windows Product Information
~ Langage: Allemand
Windows 7 Enterprise Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Malwarebytes Anti-Malware version 1.75.0.1300
Trend Micro OfficeScan Client v10.0.0.3071
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader XI MUI
Java 7 Update 17
---\\ System Information
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3497 MB (50% free)
System Restore: Activ� (Enable)
System drive C: has 168 GB (56%) free of 298 GB
---\\ Logged in mode
~ Computer Name: MUCNR9EL2N6
~ User Name: usseglio
~ All Users Names: local_adm, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as User
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\usseglio\AppData\Roaming\
~ %Desktop% : C:\Users\usseglio\Desktop\
~ %Favorites% : \\mucsdn32.eu.infineon.com\usseglio\Favorites\
~ %LocalAppData% : C:\Users\usseglio\AppData\Local\
~ %StartMenu% : C:\Users\usseglio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 168 Go of 298 Go)
---\\ Security Center & Tools Informations
~ Security Center: 36 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25.02.2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14.07.2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C3D43E21FA49657BC1645E9D745656C6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02.03.2013 - 05:58:26.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20.11.2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20.11.2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25.04.2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14.07.2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - NT File System Driver.) (.31.08.2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14.07.2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14.07.2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20.11.2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20.11.2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 02s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3555
~ Mes musiques (My Musics) : 1/76
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 16/514
~ Mon Bureau (My Desktop) : 3/1040
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 23s
---\\ Running Processes
[MD5.6F4A630434695EFE2E1605E26486C14D] - (.DameWare Development - DameWare Mini Remote Control User Interface.) -- C:\Windows\system32\DWRCST.exe [85528] [PID.4168]
[MD5.A588AE303C640164875C588EF9C88380] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe [138680] [PID.4408]
[MD5.9737420C783190202089FCCF2396AFAC] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [328040] [PID.4416]
[MD5.D5EEEF4502EF89782D7AC6C73CFFE599] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [887384] [PID.5068]
[MD5.F5005A238995EAF113D62DD2540C5A38] - (.Lenovo Group Limited - ThinkVantage AutoLock Resident module.) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960] [PID.5080]
[MD5.DC9C9C409D096F8280546F010A8392A5] - (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744] [PID.5100]
[MD5.2E7D604A1172A7573186887BB2E8E05F] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [176664] [PID.5148]
[MD5.642AC2F4FDF7F37ED1687C147460C1F6] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178200] [PID.5180]
[MD5.CCA408A93DE11D9E72891861FD0AE655] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2270504] [PID.5292]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.4388]
[MD5.B48664A15DD6D80AA674480D5495F52D] - (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [41320] [PID.5352]
[MD5.06ED439C583DA3B2533CA3A32553B6B5] - (.Infineon Technologies - SoftwareDistributionClient.) -- C:\Program Files\SoftwareDistribution\Client\SoftwareDistributionClient.exe [738304] [PID.5404]
[MD5.692C7BA298075DC36DB6F18A275F2A61] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [132392] [PID.5600]
[MD5.8E881EB0D03B4CFF141D748A5004758A] - (.Microsoft Corporation - Microsoft Office Communicator 2007 R2.) -- C:\Program Files\Microsoft Office Communicator\communicator.exe [5164624] [PID.5668]
[MD5.D861D6380E65368E799EB87EB79DB9C6] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [107816] [PID.5728]
[MD5.71200E7924D30860F032C7BE3EDDCB3B] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [901800] [PID.5736]
[MD5.BB0E3DF60286758532F423361461C775] - (.Copiun Inc. - Monitors system for changed files that need.) -- C:\Program Files\Copiun\Notificationexe.exe [78336] [PID.5764]
[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.5780]
[MD5.C7FF2C2155EAA81C0489FBFD24FB23C6] - (.Lenovo Group Limited - Power Manager Power Agenda.) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.exe [62824] [PID.5852]
[MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.5932]
[MD5.0586D31F3AC6829B49ECFE20A451C16B] - (.Intel Corporation - Intel(R) Management and Security Status.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1923096] [PID.3724]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.1936]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.7076]
[MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.1920]
[MD5.0B240862B214F86170013B9CC1A9E108] - (.Copiun Inc. - Backup and Recovery Agent.) -- C:\Program Files\Copiun\Agentexe.exe [547840] [PID.7488]
[MD5.44B23B3FA81CD7E0197D5F1AA3611A8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7307264] [PID.4468]
~ Processes Running: Scanned in 00mn 07s
---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\prefs.js
C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\user.js
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\amazondotcom-de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\leo_ende_de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-de.xml
M3 - MFPP: Plugins - [usseglio] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-de.xml
M0 - MFSP: prefs.js [usseglio - 9eab7hbe.default] http://iweb.infineon.com
M2 - MFEP: prefs.js [usseglio - 9eab7hbe.default\toolbar@ask.com] [] v (..)
~ Firefox Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>Toolbar.Babylon
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: IEBrowserHelperObject Class - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} . (.Scalable Software, Inc. - No comment.) -- C:\Windows\system32\SSIBrowserHook6.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ BHO: 7 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Sopcast Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
O4 - HKLM\..\Run: [ALCKRESI.EXE] . (.Lenovo Group Limited - ThinkVantage AutoLock Resident module.) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
O4 - HKLM\..\Run: [RotateImage] . (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
O4 - HKLM\..\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.)
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] . (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [SwDistLogin] . (.Infineon Technologies - SoftwareDistributionClient.) -- C:\Program Files\SoftwareDistribution\Client\SoftwareDistributionClient.exe
O4 - HKLM\..\Run: [EmAgentGui.exe] C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgentGui.exe (.not file.)
O4 - HKLM\..\Run: [Communicator] . (.Microsoft Corporation - Microsoft Office Communicator 2007 R2.) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.)
O4 - HKLM\..\Run: [Copiun Notification Manager] . (.Copiun Inc. - Monitors system for changed files that need.) -- C:\Program Files\Copiun\notificationexe.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [DameWare MRC Agent] . (.DameWare Development - DameWare Mini Remote Control User Interface.) -- C:\Windows\system32\DWRCST.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-2052111302-842925246-682003330-466258\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2052111302-842925246-682003330-466258\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
~ Winsock: 8 Legitimates Filtered in 00mn 00s
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKLM\...\Domains] *.adp.com
O15 - Trusted Zone: [HKLM\...\Domains] *.agenziadogane.it
O15 - Trusted Zone: [HKLM\...\Domains] *.alphaclick.ro
O15 - Trusted Zone: [HKLM\...\Domains] *.altissemiconductor.com
O15 - Trusted Zone: [HKLM\...\Domains] *.americanexpress.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ardentec.com
O15 - Trusted Zone: [HKLM\...\Domains] *.arm.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ats.net
O15 - Trusted Zone: [HKLM\...\Domains] *.bankaustria.at
O15 - Trusted Zone: [HKLM\...\Domains] *.bosch.com
O15 - Trusted Zone: [HKLM\...\Domains] *.bradesco.com.br
O15 - Trusted Zone: [HKLM\...\Domains] *.buerohandel.net
O15 - Trusted Zone: [HKLM\...\Domains] *.catalog-gate.de
O15 - Trusted Zone: [HKLM\...\Domains] *.catalogus.de
O15 - Trusted Zone: [HKLM\...\Domains] *.citicorp.com
O15 - Trusted Zone: [HKLM\...\Domains] *.concursolutions.com
O15 - Trusted Zone: [HKLM\...\Domains] *.conrad.de
O15 - Trusted Zone: [HKLM\...\Domains] *.csminc.com
O15 - Trusted Zone: [HKLM\...\Domains] *.dagangnet.com
O15 - Trusted Zone: [HKLM\...\Domains] *.dasoertliche.de
O15 - Trusted Zone: [HKLM\...\Domains] *.dpma.de
O15 - Trusted Zone: [HKLM\...\Domains] *.dpv-elektronik.de
O15 - Trusted Zone: [HKLM\...\Domains] *.e-control.at
O15 - Trusted Zone: [HKLM\...\Domains] *.ecmlibra.com
O15 - Trusted Zone: [HKLM\...\Domains] *.electrocomponents.com
O15 - Trusted Zone: [HKLM\...\Domains] *.electronics-video.com
O15 - Trusted Zone: [HKLM\...\Domains] *.elsteronline.de
O15 - Trusted Zone: [HKLM\...\Domains\www] *.evolution3.de
O15 - Trusted Zone: [HKLM\...\Domains] *.festo.com
O15 - Trusted Zone: [HKLM\...\Domains] *.flextronics.com
O15 - Trusted Zone: [HKLM\...\Domains] *.flife.de
O15 - Trusted Zone: [HKLM\...\Domains] *.geldkarte-laden.de
O15 - Trusted Zone: [HKLM\...\Domains] *.globalfoundries.com
O15 - Trusted Zone: [HKLM\...\Domains] *.icbc.com.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.imec.be
O15 - Trusted Zone: [HKLM\...\Domains] *.infineon-designlink.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.infineon-newsletter.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ingplans.com
O15 - Trusted Zone: [HKLM\...\Domains] *.insight.de
O15 - Trusted Zone: [HKLM\...\Domains] *.intel.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ipworks.de
O15 - Trusted Zone: [HKLM\...\Domains] *.jabil.com
O15 - Trusted Zone: [HKLM\...\Domains] *.jsciq.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.kaiserkraft.de
O15 - Trusted Zone: [HKLM\...\Domains\www] *.kumpulan.com.sg
O15 - Trusted Zone: [HKLM\...\Domains] *.lear.com
O15 - Trusted Zone: [HKLM\...\Domains] *.lntinfotech.com
O15 - Trusted Zone: [HKLM\...\Domains] *.lsl.de
O15 - Trusted Zone: [HKLM\...\Domains] *.lufthansa.com
O15 - Trusted Zone: [HKLM\...\Domains] *.managementdynamics.com
O15 - Trusted Zone: [HKLM\...\Domains] *.map24.com
O15 - Trusted Zone: [HKLM\...\Domains] *.mediaflow.ch
O15 - Trusted Zone: [HKLM\...\Domains] *.meeting-stream.com
O15 - Trusted Zone: [HKLM\...\Domains] *.mexperts.tv
O15 - Trusted Zone: [HKLM\...\Domains] *.mobis.co.kr
O15 - Trusted Zone: [HKLM\...\Domains] *.mom.gov.sg
O15 - Trusted Zone: [HKLM\...\Domains] *.nc3.biz
O15 - Trusted Zone: [HKLM\...\Domains] *.nchr.com.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.nedstat.de
O15 - Trusted Zone: [HKLM\...\Domains] *.nokia.com
O15 - Trusted Zone: [HKLM\...\Domains] *.pixel.de
O15 - Trusted Zone: [HKLM\...\Domains] *.procareline.com
O15 - Trusted Zone: [HKLM\...\Domains] *.promeas.com
O15 - Trusted Zone: [HKLM\...\Domains] *.pudong.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains\www] *.pudong.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.rbsm.com
O15 - Trusted Zone: [HKLM\...\Domains] *.rbworld.lv
O15 - Trusted Zone: [HKLM\...\Domains\www] http.reichelt.de
O15 - Trusted Zone: [HKLM\...\Domains] *.revenue.ie
O15 - Trusted Zone: [HKLM\...\Domains] *.rfxix.com
O15 - Trusted Zone: [HKLM\...\Domains] *.rockwell.com
O15 - Trusted Zone: [HKLM\...\Domains] *.rockwellautomation.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ros.ie
O15 - Trusted Zone: [HKLM\...\Domains] *.rs-online.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.rtda.com
O15 - Trusted Zone: [HKLM\...\Domains] *.samsungsemi.co.kr
O15 - Trusted Zone: [HKLM\...\Domains] *.samsungsemi.com
O15 - Trusted Zone: [HKLM\...\Domains] *.sandata.de
O15 - Trusted Zone: [HKLM\...\Domains] *.sanmina-sci.com
O15 - Trusted Zone: [HKLM\...\Domains] *.santander.com.br
O15 - Trusted Zone: [HKLM\...\Domains] *.security-news.tv
O15 - Trusted Zone: [HKLM\...\Domains] *.semi-dnp.com
O15 - Trusted Zone: [HKLM\...\Domains] *.seoul.go.kr
O15 - Trusted Zone: [HKLM\...\Domains] *.shareholder.com
O15 - Trusted Zone: [HKLM\...\Domains] *.siemens.de
O15 - Trusted Zone: [HKLM\...\Domains] *.sixt.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.smart-supply.at
O15 - Trusted Zone: [HKLM\...\Domains] *.smartmediapres.com
O15 - Trusted Zone: [HKLM\...\Domains] *.snds.gov.cn
O15 - Trusted Zone: [HKLM\...\Domains] *.sonicwall.com
O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.at
O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.com
O15 - Trusted Zone: [HKLM\...\Domains] *.staplesadvantage.it
O15 - Trusted Zone: [HKLM\...\Domains] *.supplywin.com
O15 - Trusted Zone: [HKLM\...\Domains] *.synopsys.com
O15 - Trusted Zone: [HKLM\...\Domains] *.t-mobile.at
O15 - Trusted Zone: [HKLM\...\Domains] *.telekom.at
O15 - Trusted Zone: [HKLM\...\Domains] *.teradyne.com
O15 - Trusted Zone: [HKLM\...\Domains] *.thomson-webcast.net
O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.biz
O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.com
O15 - Trusted Zone: [HKLM\...\Domains] *.thomsonreuters.net
O15 - Trusted Zone: [HKLM\...\Domains\www] *.ti.com
O15 - Trusted Zone: [HKLM\...\Domains] *.trw.com
O15 - Trusted Zone: [HKLM\...\Domains] *.tsmc.com
O15 - Trusted Zone: [HKLM\...\Domains] *.ubs.com
O15 - Trusted Zone: [HKLM\...\Domains] *.umc.com
O15 - Trusted Zone: [HKLM\...\Domains] *.viewtrip.com
O15 - Trusted Zone: [HKLM\...\Domains] *.vwr.com
O15 - Trusted Zone: [HKLM\...\Domains] *.wdr.de
O15 - Trusted Zone: [HKLM\...\Domains] *.wolfsonmicro.com
O15 - Trusted Zone: [HKLM\...\Domains] *.zedal.de
O15 - Trusted Zone: [HKLM\...\Domains] *.zte.com.cn
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5certchk.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - ((no name)) - (.not file.) - file:\\C:\Program Files\F5 VPN\F5_TMP\cachecleaner.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxvpn.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\InstallerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5InspectionHost.cab
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - ((no name)) - (.not file.) - file:\\C:\Program Files\F5 VPN\F5_TMP\f5GroupPolicyAgent.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\urxhost.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - ((no name)) - (.not file.) - C:\Windows\TEMP\f5tmp\f5syschk.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} ((no name)) - https://euconnect.arrow.com/dana-cached/sc/JuniperSetupClient.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain
O17 - HKLM\System\CS1\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain
O17 - HKLM\System\CS2\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpNameServer = 172.23.0.10 172.23.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{80999CC0-4978-4DCD-9729-93D3DF52C33F}: DhcpDomain = muc.infineon.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{B4669F23-7B87-4578-BD10-7FA3958E54B5}: DhcpDomain = localdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Copiun Administrative Service (Copiun Administrative Service) . (.Copiun Inc - Copiun Administrative Service.) - C:\Program Files\Copiun\AgtAdmSvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) . (.DameWare Development LLC - DameWare Mini Remote Client Agent.) - C:\Windows\system32\DWRCS.exe
O23 - Service: F5 Networks Component Installer (F5 Networks Component Installer) . (.F5 Networks, Inc. - Component Installer Windows Service.) - C:\Windows\system32\F5InstallerService.exe
O23 - Service: F5 Networks DNS Relay Proxy Service (F5FltSrv) . (.F5 Networks, Inc. - F5 DNS Relay Proxy for Windows.) - C:\Windows\system32\F5FltSrv.exe
O23 - Service: HyperW7 Service (HyperW7Svc) . (.Lenovo Group Limited - HyperW7 Service.) - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo. - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) . (.Juniper Networks, Inc. - Juniper Access Service.) - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) . (.Lenovo Group Limited - Camera Mute Control Service for ThinkPad.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) . (.Lenovo Group Limited - Microphone volume control service.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited - Auto Scroll Start Service.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: M42EmAgent (M42EmAgent) . (...) - C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgent.exe (.not file.)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) . (.Lenovo Group Limited - Power Manager Cisco EnergyWise Enabler.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
O23 - Service: SSI Survey Client (SSI Survey Client) . (.Scalable Software, Inc. - No comment.) - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.exe
O23 - Service: System Update (SUService) . (.Lenovo Group Limited - ThinkVantage System Update Service.) - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited - ThinkPad Message Client Loader.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 26 Legitimates Filtered in 00mn 25s
---\\ Eintr�ge in Windows' Aufgabenplaner(039)
[MD5.6FD59835879A0DE7B9F9F61D86F9B6FB] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [529768]
[MD5.14426438EDA546F331650854F4CD63A8] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [134824] =>Toolbar.Ask
[MD5.6995D9C2A6AB8CC4902D3A293EA3E77B] [APT] [{59264E20-6214-4E98-8905-1B5216AF15D6}] (.Infineon Technologies.) -- C:\Users\usseglio\AppData\Local\{723775A7-8FA0-4A7D-9FDB-F9693D7F4E47}\easyAPE.exe [2123827]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 11s
---\\ Automatisch gestartete Treiber und Dienste (O41)
O41 - Driver: (dwvkbd) . (.DameWare - DameWare Virtual Keyboard Driver.) - C:\Windows\System32\DRIVERS\dwvkbd.sys
O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys
O41 - Driver: (PHCORE) . (.Lenovo Group Limited - RapidBoot Driver.) - C:\Program Files\Lenovo\RapidBoot\PHCORE.sys
O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys
~ Drivers: 84 Legitimates Filtered in 00mn 02s
---\\ Installierte Programme (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: BIG-IP Edge Client Components (All Users) - (.F5 Networks, Inc..) [HKLM] -- F5 Networks Client Components
O42 - Logiciel: FloTHERM PCB - (.Mentor Graphics Corporation.) [HKLM] -- {49F29C70-3ACD-43EF-AC38-7F87EB351467}
O42 - Logiciel: Integrated Camera Driver Installer Package Ver.1.1.0.1147 - (.RICOH.) [HKLM] -- {B2CA6F37-1602-4823-81B5-0384B6888AA6}
O42 - Logiciel: Integrated Camera TWAIN - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {9CA0DEE4-E84B-466F-9B96-FC255F3A929F}
O42 - Logiciel: Matrix42 Enterprise Manager Agent - (.Matrix42.) [HKLM] -- {B8C82791-23AF-484C-BEE1-29D5E973F2D5}
O42 - Logiciel: On Screen Display - (...) [HKLM] -- OnScreenDisplay
O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver
O42 - Logiciel: ThinkPad Power Manager - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405}
O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: easyAPE - (.Infineon.) [HKCU] -- easyAPE
~ Logic: 73 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5bed78ae53fee12]
[HKCU\Software\APN]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Ask.com]
[HKCU\Software\Copiun]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\F5 Networks]
[HKCU\Software\Glueckkanja]
[HKCU\Software\KVS]
[HKCU\Software\MGC]
[HKCU\Software\Softonic]
[HKLM\Software\5bed78ae53fee12]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Copiun]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Glueckkanja]
[HKLM\Software\KSOL]
[HKLM\Software\Mentor Graphics Corporation]
[HKLM\Software\ThinkVantage]
~ Key Software: 150 Legitimates Filtered in 00mn 01s
---\\ Inhalte der gemeinsamen Dateien (O43)
O43 - CFD: 06.12.2012 - 10:25:57 - [24,131] ----D C:\Program Files\88888chat
O43 - CFD: 27.11.2011 - 21:14:19 - [2,878] ----D C:\Program Files\Ask.com
O43 - CFD: 26.08.2011 - 13:00:21 - [1,060] ----D C:\Program Files\ConfigMgr 2007 Toolkit
O43 - CFD: 27.09.2012 - 10:11:11 - [25,963] ----D C:\Program Files\Copiun
O43 - CFD: 29.11.2011 - 11:34:09 - [3,236] ----D C:\Program Files\CryptoEx
O43 - CFD: 07.02.2012 - 19:09:32 - [357,977] ----D C:\Program Files\easyAPE
O43 - CFD: 26.08.2011 - 13:31:42 - [7,215] ----D C:\Program Files\F5 VPN
O43 - CFD: 01.12.2011 - 14:00:23 - [0,063] ----D C:\Program Files\Idea-Management
O43 - CFD: 26.08.2011 - 12:21:17 - [14,959] ----D C:\Program Files\Integrated Camera Driver
O43 - CFD: 26.08.2011 - 13:30:31 - [2,070] ----D C:\Program Files\KSOL
O43 - CFD: 26.08.2011 - 12:58:30 - [0] ----D C:\Program Files\Matrix42
O43 - CFD: 27.02.2013 - 09:37:55 - [143,451] ----D C:\Program Files\MentorMA
O43 - CFD: 03.05.2013 - 10:27:32 - [0] ----D C:\Program Files\TheTool
O43 - CFD: 26.08.2011 - 12:27:02 - [39,882] ----D C:\Program Files\ThinkPad
O43 - CFD: 03.11.2012 - 21:33:01 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 26.08.2011 - 13:32:30 - [1,086] ----D C:\ProgramData\F5 Networks
O43 - CFD: 19.03.2013 - 11:50:31 - [45,574] --H-D C:\ProgramData\{6A0D33F3-2378-4E4A-AAC6-8C7DE4FBE74E}
O43 - CFD: 03.11.2012 - 21:33:01 - [0,008] ----D C:\Users\usseglio\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 11.05.2013 - 19:14:56 - [0] ----D C:\Users\usseglio\AppData\Roaming\Isuzaq
O43 - CFD: 11.05.2013 - 19:06:44 - [0,381] ----D C:\Users\usseglio\AppData\Roaming\Nuik
O43 - CFD: 11.05.2013 - 19:06:44 - [0,223] ----D C:\Users\usseglio\AppData\Roaming\Ohug
O43 - CFD: 01.09.2011 - 16:20:50 - [0,000] ----D C:\Users\usseglio\AppData\Roaming\PwrMgr
O43 - CFD: 08.10.2012 - 09:55:46 - [1221,281] ----D C:\Users\usseglio\AppData\Local\Copiun
O43 - CFD: 03.02.2012 - 10:01:48 - [4,889] ----D C:\Users\usseglio\AppData\Local\{723775A7-8FA0-4A7D-9FDB-F9693D7F4E47}
O43 - CFD: 03.02.2012 - 10:01:42 - [0,002] ----D C:\Users\usseglio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easyAPE
~ Program Folder: 158 Legitimates Filtered in 00mn 25s
---\\ Zuletzt ver�nderte und erstellte Dateien in Windows und System32 (O44)
O44 - LFC:[MD5.358089C72BC563FABE973780807A8EC1] - 12.05.2013 - 11:46:42 ---A- . (...) -- C:\Windows\SMSCFG.ini [463]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 12.05.2013 - 11:44:32 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 12.05.2013 - 11:44:31 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 12.05.2013 - 11:44:30 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.BC2F44781E0A324E5276E32BB6408261] - 12.05.2013 - 06:58:05 ---A- . (...) -- C:\Windows\RegBootClean.exe [181808]
O44 - LFC:[MD5.DDF7E19851E8E8ACB7AA4FD310005AFA] - 11.05.2013 - 21:17:44 ---A- . (...) -- C:\Windows\ntbtlog.txt [1365036]
O44 - LFC:[MD5.538D781831E27122F248556BE4967DA6] - 10.05.2013 - 13:30:56 ---A- . (...) -- C:\Windows\cfgall.ini [16535]
O44 - LFC:[MD5.2775AA8A1F7DC5C50D70BE1797E69D7B] - 02.05.2013 - 07:53:39 ---A- . (...) -- C:\Windows\TMFilter.log [664]
~ Files: 24 Legitimates Filtered in 03mn 22s
---\\ Ausgef�hrte Handlungen beim Start von Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Registryeintr�ge f�r den abgesicherten Modus (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 17 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - beyondexecv.exe - NULL
O50 - IFEO:Image File Execution Options - hYDguxl.exe - calc.exe
O50 - IFEO:Image File Execution Options - mimikatz.exe - NULL
O50 - IFEO:Image File Execution Options - rexesvr.exe - NULL
O50 - IFEO:Image File Execution Options - testenter.exe - NULL
O50 - IFEO:Image File Execution Options - wce.exe - NULL
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{0817afb3-8df8-11e1-a3c9-463500000031}\AutoRun\command. (...) -- D:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=0
O55 - MWPS:[HKLM\...\Policies\System] - "LocalAccountTokenFilterPolicy"=1
O55 - MWPS:[HKCU\...\Policies\System] - "HideLogonScripts"=0
O55 - MWPS:[HKCU\...\Policies\System] - "RunLogonScriptSync"=1
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisablePersonalDirChange"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceRunOnStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAutoUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStrCmpLogical"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoMSAppLogo5ChannelNotify"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.1875F492C399DB858E77C1B29366D54B] - 04.03.2011 - 17:14:34 ---A- . (.Ricoh co.,Ltd. - Ricoh USB Camera driver.) -- C:\Windows\System32\Drivers\5U877.sys [132096]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13.07.2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 13.07.2010 - C:\Windows\system32\drivers\F5FltDrv.sys (F5FltDrv) .(.F5 Networks, Inc. - F5 Filter Driver for Windows.) - LEGACY_F5FLTDRV
O64 - Services: CurCS - 07.09.2010 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI
O64 - Services: CurCS - 03.12.2010 - C:\Program Files\Lenovo\RapidBoot\PHCORE.sys (PHCORE) .(.Lenovo Group Limited - RapidBoot Driver.) - LEGACY_PHCORE
O64 - Services: CurCS - 02.06.2011 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.id", "089ca32c000000000000cc52af82a056"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.instlDay", "15647"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=089ca32c000000000000cc52af82a0[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:33:22"); =>Toolbar.Babylon
O69 - SBI: prefs.js [usseglio - 9eab7hbe.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {6021E954-1AF7-4DF6-AA14-25362657BB70} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.F8B8154D7C12BEB56F4249C89B89AFFF] [SPRF][12.05.2013] (...) -- C:\ProgramData\SSIHistory.dat [1848]
[MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [SPRF][12.05.2013] (...) -- C:\Users\usseglio\AppData\Local\Temp\ExchangePerflog_8484fa3156ca4db4dcd6c672.dat [28]
[MD5.C887D8045CF77654D370057980D2D640] [SPRF][11.06.2010] (.F5 Networks, Inc. - No comment.) -- C:\Windows\Downloaded Program Files\cachecleaner.dll [319096]
[MD5.70C56F98BA22BD3922E761F53855D2CA] [SPRF][11.06.2010] (.F5 Networks, Inc. - CacheCleaner.) -- C:\Windows\Downloaded Program Files\cachecleaner.exe [45688]
[MD5.255B8E933F115F0F8DF65D0A02903374] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 CertCheck Module.) -- C:\Windows\Downloaded Program Files\f5certchk.dll [328352]
[MD5.399871572A5515F6707283FFC02A3ADA] [SPRF][19.10.2012] (.F5 Networks, Inc. - CertHelper Module.) -- C:\Windows\Downloaded Program Files\F5CertHelper.dll [37536]
[MD5.EBE870ACA1A6BF81E2CEE355A0EDE2B0] [SPRF][19.10.2012] (.F5 Networks, Inc. - CertHelper Module.) -- C:\Windows\Downloaded Program Files\F5CertHelper.exe [152224]
[MD5.3F35216D3E426AA78F9B8C0FDF0840D9] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper.dll [66208]
[MD5.0F67A0B541BBA69185D7230E12E6AA12] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper.exe [358560]
[MD5.344915DD864701AC967486CE82B8F803] [SPRF][19.10.2012] (.F5 Networks, Inc. - Network Access Helper.) -- C:\Windows\Downloaded Program Files\F5ElHelper64.dll [72864]
[MD5.E64A99F89DE1F09507911DF997525BA3] [SPRF][11.06.2010] (.F5 Networks, Inc. - F5 Networks Windows Group Policy Agent Module.) -- C:\Windows\Downloaded Program Files\f5GroupPolicyAgent.dll [242296]
[MD5.EF7B8A70319D077C9918BFF4644D28FE] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Endpoint Inspection Control.) -- C:\Windows\Downloaded Program Files\f5InspectionHost.dll [479904]
[MD5.F20EF99CB7B79C5E5F0444D9C6134E66] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks BIG-IP� Edge Client� ....) -- C:\Windows\Downloaded Program Files\f5instd.exe [373408]
[MD5.1E8773EB7A827FDD28BD22257475E1BF] [SPRF][19.10.2012] (.F5 Networks, Inc. - InstallerHelper Module.) -- C:\Windows\Downloaded Program Files\F5InstH.exe [233120]
[MD5.31A9AD551DDCA5F820A0608B1C7F824E] [SPRF][19.10.2012] (.F5 Networks, Inc. - InstallerHelper Module.) -- C:\Windows\Downloaded Program Files\F5InstP.dll [42144]
[MD5.807F3B246CB30F7FC2A61E458809F837] [SPRF][19.10.2012] (.F5 Networks Inc. - F5 Components Troubleshooting.) -- C:\Windows\Downloaded Program Files\f5unistall.exe [1131168]
[MD5.33FA522B123B901964583FDF65017BA4] [SPRF][19.10.2012] (.F5 Networks, Inc. - System Check Helper.) -- C:\Windows\Downloaded Program Files\F5Win32CheckHelper.dll [37536]
[MD5.9FA797CE84E2AE0AA682A5FC24FEE990] [SPRF][19.10.2012] (.F5 Networks, Inc. - System Check Helper.) -- C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe [156320]
[MD5.58C519AB35CAE6B950CA749C9328F970] [SPRF][19.10.2012] (.F5 Networks, Inc. - Trusted Sites.) -- C:\Windows\Downloaded Program Files\ietrust.exe [107168]
[MD5.9FC961497D2B31570380C49D6320FF47] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Auto Update Module.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [381600]
[MD5.E4FECCBD352F6502FB7D1B70695B8A68] [SPRF][30.04.2012] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [407416]
[MD5.BEF9B4E9F99D6E8741AB205B275531F6] [SPRF][11.06.2010] (.F5 Networks, Inc. - XML Parser based on SCEW/EXPAT.) -- C:\Windows\Downloaded Program Files\scew_uls.dll [168056]
[MD5.7A0F723B5111D99D1EC1A96AE396A3F0] [SPRF][14.12.2005] (...) -- C:\Windows\Downloaded Program Files\set9x16.dll [22304]
[MD5.68615B3EE28AF451A635349538CEF8D2] [SPRF][19.10.2012] (...) -- C:\Windows\Downloaded Program Files\set9x32.dll [15520]
[MD5.43A462B4A306B03A303BC80F3BD19EB1] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\setup2000.dll [118432]
[MD5.448E03B537671CEE36B4F3DD0FD02272] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\setupdrvdll.dll [142496]
[MD5.2065805823FBBCED4D107281B3656D5F] [SPRF][19.10.2012] (.F5 Networks, Inc - TunnelServer.) -- C:\Windows\Downloaded Program Files\TunnelServer.exe [1329824]
[MD5.EEC800630746721BA6C9A5A35EAC473D] [SPRF][19.10.2012] (.F5 Networks, Inc - Dynamic Application Tunnel Control.) -- C:\Windows\Downloaded Program Files\TunnelServerX.dll [311968]
[MD5.A48EA04EEF22988786F56F4F2BAC5873] [SPRF][19.10.2012] (.F5 Networks, Inc. - ActiveX register.) -- C:\Windows\Downloaded Program Files\uregsvr.exe [62112]
[MD5.E476CFAEB0F68B82477B8C4F4D498B60] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Adapter Setup.) -- C:\Windows\Downloaded Program Files\urset64.exe [91296]
[MD5.88FF389FC8A8DAF8572DDB80A4B3848C] [SPRF][19.10.2012] (.F5 Networks - Driver Setup for F5 Networks SSL VPN.) -- C:\Windows\Downloaded Program Files\ursetvpn.exe [127136]
[MD5.858C6CFE128D6F6ECA3B03DEEA78152F] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks SuperHost.) -- C:\Windows\Downloaded Program Files\urSuperHost.dll [487072]
[MD5.C37E6D00E3AB7499DACFB10E33CC966D] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Active Dialer.) -- C:\Windows\Downloaded Program Files\urxdialer.dll [675488]
[MD5.1BCB92BE1AF3D43151D62C6699AF065D] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks VPN Manager.) -- C:\Windows\Downloaded Program Files\urxdialerres.dll [28832]
[MD5.06908686805F378D0CA19C021B571D98] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Host Module.) -- C:\Windows\Downloaded Program Files\urxhost.dll [848544]
[MD5.70ACFEA121912E760A3AD83F619EB4C2] [SPRF][19.10.2012] (.F5 Networks, Inc. - F5 Networks Host Module.) -- C:\Windows\Downloaded Program Files\urxhostres.dll [68256]
[MD5.76C3577E128C205D51D8E8DA2FF51007] [SPRF][19.10.2012] (.F5 Networks, Inc. - Win32SystemCheck Module.) -- C:\Windows\Downloaded Program Files\Win32SystemCheck.dll [348832]
~ Files: Scanned in 00mn 07s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{4FFAE9C5-D8E2-4D9F-94CD-4BB7965F429D}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Chip.) -- C:\Program Files\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
O87 - FAEL: "{AB1BF0FD-3A6B-4F70-972D-E06A28B24255}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Chip.) -- C:\Program Files\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
O87 - FAEL: "{815FDCE6-9844-4AE4-AC46-32FBE562F063}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over Tantino.) -- C:\Program Files\DAS\servers\das_server_tantino\das_server_tantino.exe
O87 - FAEL: "{6F5515ED-F7E8-4CD9-8D31-E23EE3618228}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over Tantino.) -- C:\Program Files\DAS\servers\das_server_tantino\das_server_tantino.exe
O87 - FAEL: "{86CC3D5F-D316-4B17-9074-E0068F94A4EF}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Box.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
O87 - FAEL: "{78965123-E1B4-4056-A8CE-AFD6760E0DA5}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server JTAG over USB Box.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
O87 - FAEL: "{A01B145B-7B2D-4854-896E-59E847174722}" | In - Domain - P6 - TRUE | .(.Infineon Technologies.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
O87 - FAEL: "{9A43C951-D865-4112-A3A1-6674A7545E29}" | In - Domain - P17 - TRUE | .(.Infineon Technologies.) -- C:\Program Files\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
O87 - FAEL: "{E9C804D3-3198-4963-BF0A-D1514386EAA0}" | In - Domain - P6 - TRUE | .(.Infineon Technologies - DAS Server UDAS.) -- C:\Program Files\DAS\servers\UDAS\UDAS.exe
O87 - FAEL: "{D6776802-1D2A-403D-A99A-9AE18666F350}" | In - Domain - P17 - TRUE | .(.Infineon Technologies - DAS Server UDAS.) -- C:\Program Files\DAS\servers\UDAS\UDAS.exe
O87 - FAEL: "{3D8A853D-29E2-4BC1-866C-F29B3DA371AC}" | In - Domain - P6 - TRUE | .(...) -- C:\Program Files\DAS\dashpas\das_dashpas.exe
O87 - FAEL: "{80F83B2F-A45C-44D9-B4B7-8D63E65AAF58}" | In - Domain - P17 - TRUE | .(...) -- C:\Program Files\DAS\dashpas\das_dashpas.exe
~ Firewall: 205 Legitimates Filtered in 00mn 03s
---\\ Additionnal Scan (O88)
Database Version : v2.12078 - (11.05.2013)
Cl�s trouv�es (Keys found) : 62
Valeurs trouv�es (Values found) : 4
Dossiers trouv�s (Folders found) : 6
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR
[HKLM\Software\Classes\AtlBrCon.AtlBrCon.1] =>Adware.WebOffer
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\usseglio\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\usseglio\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\usseglio\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\usseglio\AppData\Roaming\Mozilla\Firefox\Profiles\9eab7hbe.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
~ Additionnel Scan: 269014 Items scanned in 00mn 19s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "1AA5D38CF1A62014F8F70C32D03DF10C" . (.RapidBoot.) -- C:\Windows\Installer\{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}\ARPPRODUCTICON.exe
O90 - PUC: "74846C52009BDA841A46B1F4B9776405" . (.System Update.) -- C:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Sopcast Ask Toolbar.) -- c:\program files\ask.com\cb_e09b.ico =>Toolbar.Ask
O90 - PUC: "BC9384D64B820704C87A16C29AC23A0D" . (.BIG-IP Edge Client.) -- C:\Windows\Installer\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}\icon.ico
O90 - PUC: "C9335768C821DD4438FBA0D5A6DB2879" . (.ThinkVantage System Update.) -- C:\Program Files\Lenovo\System Update\Tvsu.exe
O90 - PUC: "D789B57BFE1A6C04FBDB2B7212C539D8" . (.Project Reader.) -- C:\Windows\Installer\{B75B987D-A1EF-40C6-BFBD-B227215C938D}\ARPPRODUCTICON.exe
O90 - PUC: "E0794A21CD339344AB24A86E2BA12537" . (.Copiun Data Manager.) -- C:\Windows\Installer\{12A4970E-33DC-4439-BA42-8AE6B21A5273}\_6FEFF9B68218417F98F549.exe
~ Update Products: 78 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\5bed78ae53fee12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
[HKCU\Software\5bed78ae53fee12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11"
[HKCU\Software\5bed78ae53fee12] =>Toolbar.Babylon^
[HKLM\Software\5bed78ae53fee12] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (R=Running, S=Stopped)
SR - | Auto 23.09.2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 16.04.2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11.08.2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30.08.2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 12.04.2012 112640 | (Copiun Administrative Service) . (.Copiun Inc.) - C:\Program Files\Copiun\AgtAdmSvc.exe
SR - | Demand 02.06.2011 292200 | (DozeSvc) . (.Lenovo..) - C:\Program Files\ThinkPad\Utilities\DOZESVC.exe
SR - | Auto 07.04.2010 241688 | (DWMRCS) . (.DameWare Development LLC.) - C:\Windows\system32\DWRCS.exe
SR - | Auto 17.12.2010 936208 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 13.07.2010 379320 | (F5 Networks Component Installer) . (.F5 Networks, Inc..) - C:\Windows\system32\F5InstallerService.exe
SR - | Auto 13.07.2010 212088 | (F5FltSrv) . (.F5 Networks, Inc..) - C:\Windows\system32\F5FltSrv.exe
SS - | Auto 03.12.2010 107880 | (HyperW7Svc) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe
SR - | Auto 01.02.2011 38760 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Demand 12.12.2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 07.02.2011 210896 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\Services\IPT\jhi_service.exe
SR - | Auto 30.04.2012 198520 | (JuniperAccessService) . (.Juniper Networks, Inc..) - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
SR - | Auto 16.12.2010 40808 | (LENOVO.CAMMUTE) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
SR - | Auto 04.04.2011 45496 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 16.12.2010 59240 | (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
SR - | Auto 07.04.2010 93032 | (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
SR - | Auto 17.01.2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 0 | (M42EmAgent) . (...) - C:\Program Files\Matrix42\Matrix42 Enterprise Manager Agent\EmAgent.exe
SS - | Demand 12.04.2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16.04.2012 1443584 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
SS - | Demand 02.06.2011 83304 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
SR - | Auto 02.06.2011 148840 | (PwmEWSvc) . (.Lenovo Group Limited.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
SR - | Auto 17.12.2010 477456 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Demand 13.11.2012 512000 | (SSI Client Installer) . (.Scalable Software, Inc..) - C:\Windows\system32\SCInstallerNT.exe
SR - | Auto 13.11.2012 90112 | (SSI Survey Client) . (.Scalable Software, Inc..) - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.exe
SR - | Auto 18.02.2011 28672 | (SUService) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\System Update\SUService.exe
SR - | Auto 16.04.2012 1420152 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
SS - | Demand 07.01.2010 689416 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
SR - | Auto 20.04.2011 130920 | (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
SR - | Auto 29.03.2011 64952 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
SR - | Auto 17.01.2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14.07.2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14.07.2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
~ 1028 Legitimates filtered by white list
End of the scan (853 lines in 06mn 07s)(0)