You dont currently have permission to access this folder [Solved/Closed]

kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Jan 23, 2014 at 08:34 AM - Latest reply: 2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen
- Feb 13, 2014 at 12:27 PM
hello , I have trend micro antivirus ... when I plug my usb it sees all files and folders as viruses and denies access to the files and folder it gives me the error "you dont currently have permission to access this folder" click continue to permanently get access to this folder and when I click continue ... I get another error "you have been denied permission to access this folder to gain access to this folder you will need to use the security tab" and when I click on security tab which is clickable I only see General Sharing Customize ... I cant format the usb because it wont let me I cant delete cant rename cant do anything ... I formatted the usb from safe mode but the virus came back ...
HELP!!! im running windows 7 SP1 32 bit
See more 

24 replies

Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Jan 23, 2014 at 08:37 AM
0
Thank you
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.

Here is a tool to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (created by El Desaparecido) on your desktop.

http://ccm.net/download/download-24089-usbfix

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

Ambucias
Moderator/virus security contributor

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).

You can also vaccinate against any virus.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Jan 24, 2014 at 04:12 AM
0
Thank you
I followed ur instructions ... downloaded usbfix on my deskop ... deactivated my anti virus ... plugged in the usb ... opened USBFIX clicked on deletion ...
when I activated my anti virus ... the problem is still there ...
this is the logfile G:\ is the usb device name
############################## | UsbFix V 7.161 | [Deletion]

User: robert (Administrator) # TP01
Updated 15/01/2014 by El Desaparecido - Team SosVirus
Started at 09:41:26 | 24/01/2014

Website : http://www.en.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Hewlett-Packard (3048h)
CPU: Intel(R) Core(TM)2 Quad CPU Q9500 @ 2.83GHz
RAM -> [Total : 3543 Mo| Free : 1764 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Enterprise (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro OfficeScan Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ -> Fixed drive # 147 Gb (25 Mb free - 17%) [] # NTFS
D:\ -> Fixed drive # 151 Gb (99 Mb free - 65%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 59 Gb (57 Mb free - 97%) [KINGSTON] # exFAT

################## | Stopped processes |

Stopped! C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (ID: 848 |ParentID: 656)
Stopped! C:\Windows\system32\nvvsvc.exe (ID: 928 |ParentID: 656)
Stopped! C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 952 |ParentID: 656)
Stopped! C:\Program Files\Faronics\Data Igloo Standard\DIService.exe (ID: 1076 |ParentID: 656)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1656 |ParentID: 928)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1736 |ParentID: 656)
Stopped! C:\Windows\SpringSvc.exe (ID: 120 |ParentID: 656)
Stopped! C:\Windows\system32\EloSrvce.exe (ID: 488 |ParentID: 656)
Stopped! C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe (ID: 364 |ParentID: 656)
Stopped! C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (ID: 980 |ParentID: 656)
Stopped! C:\Windows\system32\HPSIsvc.exe (ID: 1492 |ParentID: 656)
Stopped! C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 1800 |ParentID: 656)
Stopped! C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe (ID: 2080 |ParentID: 656)
Stopped! C:\Program Files\OpenVPN Technologies\PrivateTunnel\core\capiws.exe (ID: 2352 |ParentID: 656)
Stopped! D:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe (ID: 2400 |ParentID: 656)
Stopped! D:\oracle\product\10.2.0\db_1\jdk\bin\java.exe (ID: 2512 |ParentID: 2400)
Stopped! C:\Windows\system32\conhost.exe (ID: 2520 |ParentID: 512)
Stopped! d:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (ID: 2532 |ParentID: 656)
Stopped! C:\Program Files\Admin Arsenal\PDQ Deploy\PDQDeployService.exe (ID: 2732 |ParentID: 656)
Stopped! C:\Program Files\OpenVPN Technologies\PrivateTunnel\etc\..\core\openvpn.exe (ID: 2808 |ParentID: 2352)
Stopped! C:\Windows\system32\conhost.exe (ID: 2884 |ParentID: 512)
Stopped! C:\Program Files\Admin Arsenal\PDQ Inventory\PDQInventoryService.exe (ID: 3500 |ParentID: 656)
Stopped! C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID: 3592 |ParentID: 656)
Stopped! C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (ID: 3704 |ParentID: 656)
Stopped! C:\Users\sarah\AppData\Local\Torch\Update\TorchCrashHandler.exe (ID: 4056 |ParentID: 656)
Stopped! C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (ID: 4080 |ParentID: 656)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2268 |ParentID: 656)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2580 |ParentID: 2268)
Stopped! C:\Windows\system32\taskhost.exe (ID: 4812 |ParentID: 656)
Stopped! C:\Program Files\TeamViewer\Version9\TeamViewer.exe (ID: 4968 |ParentID: 3704)
Stopped! C:\Windows\Explorer.EXE (ID: 4988 |ParentID: 4908)
Stopped! C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (ID: 5020 |ParentID: 4080)
Stopped! C:\Windows\System32\rundll32.exe (ID: 5388 |ParentID: 788)
Stopped! C:\Program Files\TeamViewer\Version9\tv_w32.exe (ID: 2360 |ParentID: 3704)
Stopped! C:\Windows\System32\igfxtray.exe (ID: 4960 |ParentID: 4988)
Stopped! C:\Windows\System32\hkcmd.exe (ID: 5896 |ParentID: 4988)
Stopped! C:\Program Files\HP\HP UT\bin\hppusg.exe (ID: 1688 |ParentID: 4988)
Stopped! C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (ID: 1312 |ParentID: 4988)
Stopped! C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (ID: 5560 |ParentID: 4988)
Stopped! C:\Users\sarah\AppData\Local\Akamai\netsession_win.exe (ID: 5840 |ParentID: 4988)
Stopped! C:\Users\sarah\AppData\Local\Akamai\netsession_win.exe (ID: 1700 |ParentID: 5840)
Stopped! C:\Program Files\Internet Download Manager\IDMan.exe (ID: 5172 |ParentID: 4988)
Stopped! C:\Program Files\DVR\System\DVR.exe (ID: 2584 |ParentID: 4988)
Stopped! C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 4828 |ParentID: 5172)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (ID: 5628 |ParentID: 4988)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 5180 |ParentID: 5628)
Stopped! C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (ID: 6128 |ParentID: 4988)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 4844 |ParentID: 656)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 5600 |ParentID: 656)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (ID: 4272 |ParentID: 5600)
Stopped! C:\Program Files\Internet Explorer\IELowutil.exe (ID: 548 |ParentID: 5172)
Stopped! C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe (ID: 7080 |ParentID: 1644)
Stopped! C:\Windows\system32\SearchFilterHost.exe (ID: 7620 |ParentID: 5600)

################## | Regedit Run |

04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
04 - HKLM\..\Run : [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
04 - HKLM\..\Run : [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
04 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-354577958-3784514155-1105134513-12463\..\Run : [Akamai NetSession Interface] "C:\Users\sarah\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-354577958-3784514155-1105134513-12463\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-18\..\Run : [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
04 - HKU\S-1-5-18\..\Run : [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\..\RunOnce : []
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : []

################## | Generic Research |

Deleted ! G:\SPSS_Statistics_22_TR_win32_.exe

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\DC3_FEXEC
Deleted ! HKCU\Software\Hola
Repaired ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 1
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pictureviewer.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quicktimeplayer.exe
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{13550cf8-55c2-11e3-a585-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{5971f755-6872-11e3-9b30-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{6f96436c-45d1-11e2-b3a8-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{7a93fe07-6375-11e1-b6aa-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{903cf3f6-66de-11e1-9c2c-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{9e2105ff-03aa-11e2-9b94-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{b655487c-deea-11e2-b257-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{df310cdd-3868-11e2-a094-78e3b5cff791}
Deleted ! HKU\S-1-5-21-354577958-3784514155-1105134513-12463\Software\.\.\.\.\Mountpoints2\{e0e44bfe-e074-11e0-a330-00232426f809}

################## | Listing |

[07/11/2013 - 12:01:46 | SHD] - C:\$Recycle.Bin
[18/02/2013 - 18:51:05 | N | 13 Ko] - C:\1020.log
[17/12/2013 - 13:04:21 | N | 0 Ko] - C:\1AC15024107E
[10/06/2009 - 23:42:20 | A | 0 Ko] - C:\autoexec.bat
[24/01/2014 - 09:41:12 | RASHD] - C:\Autorun.inf
[24/10/2013 - 09:30:29 | D] - C:\bd
[15/05/2012 - 12:44:35 | D] - C:\BS1sb20121
[10/06/2009 - 23:42:20 | N | 0 Ko] - C:\config.sys
[22/06/2011 - 17:07:19 | D] - C:\Dev-Cpp
[13/07/2011 - 12:15:29 | N | 0 Ko] - C:\dfinstall.log
[14/07/2009 - 06:53:55 | SHD] - C:\Documents and Settings
[11/11/2013 - 14:25:09 | D] - C:\downloads
[26/11/2013 - 17:31:42 | D] - C:\Drivers
[21/06/2011 - 16:34:48 | D] - C:\drvrtmp
[12/10/2011 - 11:25:33 | N | 8 Ko] - C:\DVRSYSTEMCONTROLMAP.data
[12/10/2011 - 11:25:33 | N | 8 Ko] - C:\DVRSYSTEMEVENTMAP.data
[12/10/2011 - 11:25:33 | N | 8 Ko] - C:\DVRSYSTEMINFOMAP.data
[12/10/2011 - 11:25:33 | N | 8 Ko] - C:\DVRSYSTEMSTATUSMAP.data
[12/10/2011 - 11:26:47 | D] - C:\DVRWWW
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 10 Ko | 99C22D4A31F4EAD4351B71D6F4E5F6A1] - C:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 0 Ko | 9B15A3A055CC6E67EA191A1B7885649A] - C:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.3082.txt
[15/02/2013 - 09:55:04 | D] - C:\exe
[20/03/2012 - 14:47:55 | D] - C:\fo_data
[20/03/2012 - 15:08:47 | D] - C:\fo_data1
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\globdata.ini
[24/01/2014 - 08:11:00 | ASH | 2721212 Ko] - C:\hiberfil.sys
[07/11/2012 - 12:47:36 | D] - C:\HP Universal Print Driver
[25/11/2013 - 15:26:26 | N | 20 Ko] - C:\HPFWUpdate.log
[27/11/2013 - 14:47:34 | D] - C:\hp_lj1020_Full_Solution
[07/11/2007 - 08:03:18 | N | 550 Ko | 520A6D1CBCC9CF642C625FE814C93C58] - C:\install.exe
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\install.ini
[22/10/2013 - 13:28:19 | N | 11 Ko] - C:\INSTALL.LOG
[07/11/2007 - 08:03:18 | N | 75 Ko | 4151A4D07640863783F837E588235837] - C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | 3B8A82E04238655EAEF97E074FB29911] - C:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 89 Ko | 9EDEB8B1C5C0A4CD3A3016B85108127D] - C:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 95 Ko | 5B6FF470CFA7087690E61F87E81EF78A] - C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 93 Ko | 6310AB8FC9E3DBEE80592FC453A34FEE] - C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 80 Ko | 13ED4517152203DE4BC52ACC0255D952] - C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 78 Ko | 0D4FB4095EA49C1EC89B9E8DB0B936A3] - C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 74 Ko | D7366B34E8AFB605C39EF56E2201FE85] - C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | 41BB37A347121F3E5E88D85100638B79] - C:\install.res.3082.dll
[21/06/2011 - 16:48:51 | D] - C:\Intel
[21/06/2011 - 15:52:00 | N | 0 Ko] - C:\IO.SYS
[26/11/2013 - 10:13:01 | D] - C:\LJP1100_P1560_P1600_Full_Solution
[23/10/2012 - 09:41:13 | N | 0 Ko] - C:\logfile.log
[25/10/2011 - 15:22:31 | D] - C:\Manuals
[10/01/2014 - 10:11:59 | D] - C:\Microsoft Forefront TMG
[21/06/2011 - 15:52:00 | N | 0 Ko] - C:\MSDOS.SYS
[14/05/2013 - 09:20:37 | RHD] - C:\MSOCache
[03/10/2013 - 15:31:39 | D] - C:\New folder
[25/07/2011 - 11:29:53 | D] - C:\NVIDIA
[17/12/2013 - 15:55:42 | D] - C:\output
[24/01/2014 - 08:11:05 | ASH | 3628284 Ko] - C:\pagefile.sys
[17/12/2013 - 16:00:04 | D] - C:\PDFZilla
[14/07/2009 - 04:37:05 | D] - C:\PerfLogs
[22/01/2014 - 08:43:47 | D] - C:\Program Files
[22/01/2014 - 10:51:53 | HD] - C:\ProgramData
[21/06/2011 - 10:17:42 | SHD] - C:\Recovery
[25/01/2012 - 12:46:11 | N | 0 Ko] - C:\RemoteInstall.log
[14/10/2011 - 16:37:45 | D] - C:\RS
[29/10/2013 - 08:14:58 | D] - C:\SecureWAMP
[21/06/2011 - 16:34:08 | D] - C:\SWSETUP
[23/01/2014 - 09:14:21 | SHD] - C:\System Volume Information
[28/11/2013 - 16:08:22 | D] - C:\temp
[25/01/2012 - 12:45:46 | N | 0 Ko] - C:\tmuninst.ini
[24/01/2014 - 09:53:14 | D] - C:\UsbFix
[09/03/2012 - 12:04:05 | N | 0 Ko] - C:\user.js
[26/11/2013 - 14:46:54 | D] - C:\Users
[07/11/2007 - 08:00:40 | N | 6 Ko] - C:\vcredist.bmp
[07/11/2007 - 08:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 08:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[21/06/2011 - 15:53:45 | D] - C:\VisOC
[14/07/2011 - 20:16:43 | D] - C:\VProRecovery
[21/01/2013 - 12:06:40 | N | 0 Ko] - C:\wakeuptoken.info
[21/02/2013 - 11:15:52 | D] - C:\wamp
[24/01/2014 - 08:15:11 | D] - C:\Windows
[18/11/2013 - 15:38:53 | D] - C:\_OTM
[07/11/2013 - 12:01:46 | SHD] - D:\$RECYCLE.BIN
[20/01/2014 - 08:43:56 | N | 40504 Ko] - D:\123123 (2).csv
[20/01/2014 - 08:49:27 | N | 7085 Ko] - D:\123123 - Copy.xlsx
[17/01/2014 - 18:04:03 | N | 40736 Ko] - D:\123123.csv
[20/01/2014 - 09:51:42 | N | 7085 Ko] - D:\123123.xlsx
[21/12/2012 - 12:32:46 | N | 9 Ko] - D:\AlbumArtSmall.jpg
[24/01/2014 - 09:41:14 | RASHD] - D:\Autorun.inf
[13/11/2013 - 15:42:17 | D] - D:\Backup Scan Maryk
[13/11/2013 - 14:45:41 | D] - D:\Celine Partiel
[02/04/2012 - 11:10:55 | N | 95213 Ko] - D:\cltptch3.msi
[03/07/2013 - 08:07:57 | D] - D:\Config.Msi
[13/06/2013 - 09:52:56 | N | 11 Ko] - D:\Contacts.xlsx
[17/09/2012 - 09:34:17 | D] - D:\dc5800 w7 ent off 2010
[06/02/2010 - 06:12:54 | N | 8526 Ko | 4033088C9C316FBEC1172B72F4641389] - D:\Dr Java.exe
[03/07/2013 - 07:35:51 | D] - D:\Eclipse
[21/12/2012 - 12:32:46 | N | 40 Ko] - D:\Folder.jpg
[18/12/2013 - 08:26:37 | D] - D:\ige-recorddownload9
[20/01/2014 - 09:51:44 | N | 8 Ko] - D:\List.xlsx
[10/09/2012 - 08:41:47 | N | 27 Ko] - D:\LOGO.doc
[17/01/2014 - 18:23:00 | N | 98 Ko] - D:\Management 1 -2013.xlsx
[04/10/2013 - 15:13:21 | D] - D:\New folder
[13/11/2013 - 15:52:20 | D] - D:\Old Sarah
[22/06/2011 - 17:27:02 | D] - D:\oracle
[04/12/2012 - 13:33:31 | N | 25 Ko] - D:\Partiel.war
[03/10/2013 - 17:49:50 | N | 11 Ko] - D:\rapport ige (1).xlsx
[04/10/2013 - 18:19:55 | N | 11 Ko] - D:\rapport ige .xlsx
[23/01/2014 - 11:11:26 | D] - D:\Robert
[24/06/2011 - 09:32:29 | D] - D:\SPSS 17 Manuals
[21/06/2011 - 15:16:02 | SHD] - D:\System Volume Information
[27/02/2013 - 08:27:53 | D] - D:\test
[07/01/2014 - 13:06:55 | N | 0 Ko] - D:\test.csv
[10/09/2012 - 10:01:16 | ASH | 20 Ko] - D:\Thumbs.db
[04/06/2012 - 08:05:58 | D] - D:\TIS_Download_SP_64bit
[29/10/2013 - 09:44:19 | D] - D:\VirtualMachine OpenSuse
[26/11/2012 - 12:04:53 | D] - D:\vm2003server
[10/09/2012 - 06:25:36 | N | 7983 Ko] - D:\Wael Kfoury---06.Safha We Tawaita ( www.shiwaw.net ).mp3
[16/01/2014 - 09:35:34 | D] - G:\aaSPSS v17
[09/11/2012 - 17:35:14 | D] - G:\SPSS16
[16/01/2014 - 09:54:20 | N | 1 Ko] - G:\SPSS_21_Crac (www.freeware24.blogspot.com).rar
[20/01/2014 - 10:23:34 | N | 98 Ko] - G:\Management 1 -2013.xlsx
[20/01/2014 - 11:16:16 | D] - G:\10019279
[20/01/2014 - 11:20:51 | D] - G:\10096096
[20/01/2014 - 10:50:12 | D] - G:\10011087
[20/01/2014 - 10:40:06 | D] - G:\10017597
[22/01/2014 - 09:22:27 | D] - G:\10058558
[22/01/2014 - 09:50:22 | D] - G:\10021008
[20/01/2014 - 09:38:28 | D] - G:\WebJava Mohamad Sami Baadarani
[22/01/2014 - 14:33:18 | D] - G:\PDQ Repair Tool
[23/01/2014 - 12:48:10 | D] - G:\10072271
[24/01/2014 - 09:41:15 | RASHD] - G:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Jan 24, 2014 at 06:20 AM
0
Thank you
USB Fix did a nice job but you also have viruses in your computer.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

http://telechargement.zebulon.fr/telecharger-zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the "Configure" button.

7. Click on the Magnifying glass with the + sign.

8. Click on "Search"

Wait for the tool to finished (maybe a long time)

9. Close ZHPDiag.

10. To transmit the report, click on this link :

http://www.speedyshare.com/

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Best regards

Ambucias
Moderator /Security Contributor
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Jan 29, 2014 at 01:49 AM
0
Thank you
Hello ,

after two days of trying to work ZHPDiag.exe it kept freezing and not responding finally it worked and this is the link http://speedy.sh/eVEGa/ZHPDiag.txt ...

thanks
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Jan 29, 2014 at 06:20 AM
0
Thank you
No wonder you machine is so sick, it full of illegal software, cracks and key generators which contained viruses that spread contaminated other files including system files

As a Kioskea a moderator I am not allowed to help members who use illegal means to acquire software.

If you wish further help, you must delete from your computer all illegal software first. Once you have done, report here what you have deleted.

I trust that you understand
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Jan 30, 2014 at 04:06 AM
0
Thank you
ok ive only been using this machine for couple of months it was used by someone else before me anyways I removed PDFzilla and tuneup utilities ... should I run the scan again ?
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Jan 30, 2014 at 06:01 AM
No, it's okay

Please wait as this issue will now be taken over by a friend, 2011N2, who is a Virus disinfection expert
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Jan 30, 2014 at 01:09 PM
0
Thank you
Hello,

Download the following Adwcleaner created by Xplode
http://ccm.net/download/download-24088-adwcleaner
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Jan 31, 2014 at 01:52 AM
0
Thank you
Hey ,
i scanned and deleted yet im still getting the same error anyways this is the scan report

# AdwCleaner v3.018 - Report created 31/01/2014 at 08:29:55
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : robert - TP01
# Running from : C:\Users\sarah\Downloads\Programs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : torchcrashhandler

***** [ Files / Folders ] *****

[x] Not Deleted : Z:\Tutorials
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\inFlow Inventory
Folder Deleted : C:\ProgramData\BrOwwse2Saavei
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\Weuekapp
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\inFlow Inventory
Folder Deleted : C:\Program Files\SearchNewTab
Folder Deleted : C:\Program Files\Weuekapp
Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Users\sarah\AppData\Local\Conduit
Folder Deleted : C:\Users\sarah\AppData\Local\PackageAware
Folder Deleted : C:\Users\sarah\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\sarah\AppData\Local\torch
Folder Deleted : C:\Users\sarah\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\sarah\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\sarah\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\sarah\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\sarah\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\sarah\AppData\LocalLow\BrOwwse2Saavei
Folder Deleted : C:\Users\sarah\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\sarah\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\sarah\AppData\Roaming\Babylon
Folder Deleted : C:\Users\sarah\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\sarah\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\sarah\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\sarah\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\sarah\AppData\Roaming\inFlow Inventory
Folder Deleted : C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\user.js
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A58C226-37AF-4A1B-AC99-757ABB6DB766}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A58C226-37AF-4A1B-AC99-757ABB6DB766}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D500F81-41BA-4C17-B401-0783F33B5393}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D500F81-41BA-4C17-B401-0783F33B5393}
Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Installer
Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Installer.1
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-sketchup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-sketchup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_putty_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_putty_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E07E852-DACD-4D64-8B37-9A1D15DEEACB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A9AAEF9-5071-4085-8483-D797C560AC2E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [75250 octets] - [31/01/2014 08:23:32]
AdwCleaner[S0].txt - [14940 octets] - [31/01/2014 08:33:18]

########## EOF - Z:\AdwCleaner\AdwCleaner[S0].txt - [15001 octets] ##########
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Feb 1, 2014 at 07:02 AM
0
Thank you
Hi,

OK, run again ZHPDiag and send the report.

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Feb 4, 2014 at 01:36 AM
0
Thank you
Hey ,

~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman (1/25/2014)
~ Launched by robert (2/3/2014 19:59:46)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v30.0.1599.101
OPIE: Opera vJinitCheck Control
OPIE: Opera vRegister Terminal

---\\ Windows product information
~ Langage: Anglais
Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_MAK channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Trend Micro OfficeScan Client v10.5
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3543.2 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (19%) free of 147 GB

---\\ Connection to the system mode
~ Computer Name: TP01
~ User Name: robert
~ All Users Names: postgres, IGE, Guest, Administrator, 130397, 124671, 121790, 121699, 121594, 121502, 120038, 113021, 105096, 091621,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\sarah\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\sarah\AppData\Roaming\
~ %Desktop% : C:\Users\sarah\Desktop\
~ %Favorites% : C:\Users\sarah\Favorites\
~ %LocalAppData% : C:\Users\sarah\AppData\Local\
~ %StartMenu% : C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 147 Go)
D: Hard drive, Flash drive, Thumb drive (Free 99 Go of 151 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 07:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 03:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 08:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 04:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 04:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 02:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 03:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 01:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 00:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 00:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 01:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 01:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 01:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 04:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 00:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 15:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 01:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 01:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 02:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 01:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 00:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 04:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 4/145
~ Mes Favoris (My Favorites) : 1/65
~ Mes Documents (My Documents) : 2/972
~ Mon Bureau (My Desktop) : 0/1603
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 04s



---\\ Process running
[MD5.8729D6816BA213D9B8F2299919A531F7] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe [12492640] [PID.3024]
[MD5.1A16589E83B754CBA56499B8271F9B3E] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [879144] [PID.1164]
[MD5.6B7627287B360E31FEF22F86FDE7A908] - (.Marvell Semiconductor, Inc. - Status Monitor..) -- C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248] [PID.2172]
[MD5.8772A605542D8487F4C08FF9F89F2AB7] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [815512] [PID.3068]
[MD5.2C1B1E9174D94E9F6EE3CF373ABAB7DD] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.5116]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.348]
[MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172568] [PID.1168]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\sarah\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.4132]
[MD5.7ED7C4D38E7DAAC5DA390B82E54F439A] - (.No owner - DVR.) -- C:\Program Files\DVR\System\DVR.exe [192512] [PID.1292]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.6140]
[MD5.06DC2FDC6282F0D68910417B1150C848] - (...) -- C:\ManageEngine\ADManager Plus\bin\wrapper.exe [204800] [PID.3796]
[MD5.DD85F3651CE62C75FA2DD6270F3B8A1B] - (.Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition binary.) -- C:\ManageEngine\ADManager Plus\jre\bin\java.exe [53344] [PID.2920]
[MD5.86841792F2B6FB8408E33B32E87C6E7A] - (.PostgreSQL Global Development Group - PostgreSQL Server.) -- C:\ManageEngine\ADManager Plus\pgsql\bin\postgres.exe [4525568] [PID.3532]
[MD5.2257393799DAC73E04BCB373A5CA4D24] - (.Tanuki Software, Ltd. - Java Service Wrapper Standard Edition 3.5.1.) -- C:\Program Files\ManageEngine\ADAudit Plus\bin\wrapper.exe [458008] [PID.3796]
[MD5.BBB645082F9318378FCD350ACC2DE313] - (.Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition binary.) -- C:\Program Files\ManageEngine\ADAudit Plus\jre\bin\java.exe [49248] [PID.2920]
[MD5.71F907517B0CFCD390F5799FC4682362] - (.Tanuki Software, Ltd. - Java Service Wrapper Professional Edition 3.) -- C:\ManageEngine\ADSelfService Plus\bin\wrapper.exe [511256] [PID.3796]
[MD5.1C2648477074448D405B0318C27A016D] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\ManageEngine\ADSelfService Plus\jre\bin\java.exe [135168] [PID.2920]
[MD5.86841792F2B6FB8408E33B32E87C6E7A] - (.PostgreSQL Global Development Group - PostgreSQL Server.) -- C:\Program Files\ManageEngine\ADAudit Plus\pgsql\bin\postgres.exe [4525568] [PID.3532]
[MD5.02D0D3D262CB16A6E6D64F21F564EDD3] - (.PostgreSQL Global Development Group - PostgreSQL Server.) -- C:\ManageEngine\ADSelfService Plus\pgsql\bin\postgres.exe [4512256] [PID.3532]
[MD5.8EEE7EA6B5ABA7A9017FF0101C05182A] - (.OpenVPN Technologies - PrivateTunnel.) -- C:\Program Files\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe [302592] [PID.1240]
[MD5.0AD879132C6660A1868FC9B1C19C6FA1] - (.TeamDev Ltd - JExplorer Native Executable.) -- C:\Users\sarah\AppData\Local\Temp\JExplorer32.2.7.1.exe [8273] [PID.4220]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.8272]
~ Processes Running: Scanned in 00mn 03s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\o0f2wwxc.default-1390981548279\prefs.js
~ Firefox Browser: 49 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 24



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: ADAudit Plus.lnk . (.Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition binary.) -- C:\Program Files\ManageEngine\ADAudit Plus\jre\bin\javaw.exe
O4 - GS\Desktop [Public]: ADManager Plus Free Tools.lnk . (.TODO: <Company name> - TODO: <File description>.) -- C:\Program Files\ManageEngine\ADManager Plus Free Tools\bin\StartTools.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: iCare data Recovery Software Professional.lnk . (.iCare Development Co., Ltd - iCare Data Recovery Professional.) -- C:\Program Files\iCare Data Recovery Professional\iCare Data Recovery Professional.exe
O4 - GS\Desktop [Public]: Oracle VM VirtualBox.lnk . (.Oracle Corporation - Oracle VM VirtualBox Manager.) -- C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [postgres]: BS1 Accounting 2012.1.lnk . (...) -- C:\BS1sb20121\BS1.exe (.not file.)
O4 - GS\Desktop [postgres]: MagicISO.lnk . (.MagicISO, Inc. - MagicISO Maker.) -- C:\Program Files\MagicISO\MagicISO.exe
O4 - GS\Desktop [postgres]: Shortcut to Personal Property Inventory.lnk . (...) -- C:\Program Files\Personal Property Inventory v1\PPI_9_21.exe (.not file.)
O4 - GS\QuickLaunch [IGE]: Dev-C++.lnk . (.Bloodshed Software - Dev-C++ IDE.) -- C:\Dev-Cpp\devcpp.exe
O4 - GS\QuickLaunch [IGE]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [IGE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [IGE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [IGE]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [IGE]: BS1 Accounting 2012.1.lnk . (...) -- C:\BS1sb20121\BS1.exe (.not file.)
O4 - GS\Desktop [IGE]: Cisco Packet Tracer.lnk . (...) -- C:\Program Files\Cisco Packet Tracer 5.3.2\bin\PacketTracer5.exe
O4 - GS\Desktop [IGE]: install (appl) - Shortcut.lnk . (...) -- \\appl\install
O4 - GS\Desktop [IGE]: MagicISO.lnk . (.MagicISO, Inc. - MagicISO Maker.) -- C:\Program Files\MagicISO\MagicISO.exe
O4 - GS\Desktop [IGE]: Shortcut to Personal Property Inventory.lnk . (...) -- C:\Program Files\Personal Property Inventory v1\PPI_9_21.exe (.not file.)
O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Administrator]: BS1 Accounting 2012.1.lnk . (...) -- C:\BS1sb20121\BS1.exe (.not file.)
O4 - GS\Desktop [Administrator]: Shortcut to Personal Property Inventory.lnk . (...) -- C:\Program Files\Personal Property Inventory v1\PPI_9_21.exe (.not file.)
~ Global Startup: 87 Legitimates Filtered in 00mn 09s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: DVR.lnk . (...) -- C:\Program Files\DVR\System\DVR.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
O4 - HKLM\..\Run: [hpbdfawep] . (.No owner - WEP MFC Application.) -- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
O4 - HKLM\..\Run: [PrnStatusMX] . (.Marvell Semiconductor, Inc. - Status Monitor..) -- C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\sarah\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Lync] . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Lync] . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3044742580-2350399819-3094564502-1011\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3044742580-2350399819-3094564502-1011\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\SmartPrint\smartprint.ico
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Orphan key
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office15\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.TP01
O15 - Trusted Zone: [HKCU\...\Domains] http.worldspan.com
O15 - Trusted Zone: [HKCU\...\Domains] http.wspan.com
O15 - Trusted Zone: [HKCU\...\EscDomains] http.TP01
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} ((no name)) - http://192.168.13.56/webrec.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} ((no name)) - https://192.168.15.19:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} ((no name)) - http://192.168.13.50/installOperaPrintCtrl.exe
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} ((no name)) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {A52634AD-9341-40D6-AB02-08F300D2C8AC} ((no name)) - https://192.168.15.19:4343/officescan/console/html/root/AtxConsole.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} ((no name)) - http://192.168.13.50/installregterm.exe
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4CD4D8C-5B79-4BE8-9401-57C79A77FDC5}: DhcpNameServer = 192.168.13.5 192.168.13.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4CD4D8C-5B79-4BE8-9401-57C79A77FDC5}: DhcpNameServer = 192.168.13.5 192.168.13.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4CD4D8C-5B79-4BE8-9401-57C79A77FDC5}: DhcpNameServer = 192.168.13.5 192.168.13.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ige.usj.edu.lb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.13.5 192.168.13.16
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: BranchCacheSvc (BranchCacheSvc) . (...) - C:\Windows\SpringSvc.exe
O23 - Service: EloSystemService (EloSystemService) . (.Elo Touchsystems - Service application for Elo touchmonitors.) - C:\Windows\system32\EloSrvce.exe
O23 - Service: HideIPLaucherService (HideIPLaucherService) . (.www.hideallip.com - Hide ALL IP Launcher Service.) - C:\Program Files\Hide ALL IP\LauncherService.exe
O23 - Service: MySQL (MySQL) . (...) - C:\Program Files\MySQL\MySQL Server 5.5\my.ini
O23 - Service: OracleOraDb10g_home1TNSListener (OracleOraDb10g_home1TNSListener) . (...) - D:\oracle\product\10.2.0\db_1\BIN\TNSLSNR (.not file.)
O23 - Service: PDQ Deploy (PDQDeploy) . (.Admin Arsenal - PDQ Deploy Service.) - C:\Program Files\Admin Arsenal\PDQ Deploy\PDQDeployService.exe
O23 - Service: PDQ Inventory (PDQInventory) . (.Admin Arsenal - PDQ Inventory Service.) - C:\Program Files\Admin Arsenal\PDQ Inventory\PDQInventoryService.exe
O23 - Service: Private Tunnel Core Service (ptservice) . (.OpenVPN Technologies, Inc - PrivateTunnel Service.) - C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe
O23 - Service: OfficeScan NT Listener (tmlisten) . (.Trend Micro Inc. - Trend Micro Common Client Communication Ser.) - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
~ Services: 26 Legitimates Filtered in 00mn 12s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\HP WEP.job [318] =>Hijacker.iHaveNet
[MD5.E98CFB0C92E3A8E5C6F530D28D3DBD80] [APT] [HP WEP] (...) -- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368]
[MD5.00000000000000000000000000000000] [APT] [NDUpdate] (...) -- C:\Users\robert\AppData\Local\Temp\NDUpdate.exe (.not file.) [0]
[MD5.29B81898034EF7692A242E49310E0411] [APT] [Trigger KMS Activation] (...) -- C:\Program Files\KMSnano\TriggerKMS.exe [54784]
[MD5.00000000000000000000000000000000] [APT] [TunnelBear] (...) -- C:\Program Files\TunnelBear\TBear.Client.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{00C21097-8277-4DA2-A74E-1AE97E7F1485}] (...) -- C:\Program Files\Netop\Netop School\Student\nstdw32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F94F49F-B20C-4C32-B265-CFFB4E5D28D5}] (...) -- C:\Users\robert\Desktop\prophetlinepricinglabels.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1808FE11-BE14-441E-803B-2C2308C1831B}] (...) -- C:\Program Files\Netop\Netop School\Teacher\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{307FB8CE-BEEA-448D-AEAB-76D7F66A826A}] (...) -- C:\Users\robert\Downloads\XMLSpyEnt2010.exe (.not file.) [0]
[MD5.1619DE72A19A32C0C2B36E1B1FAF304A] [APT] [{33E8040D-B263-4269-9384-C68E2CA55968}] (.Micro Focus.) -- C:\VisOC\BIN\VISOC.exe [1155584]
[MD5.00000000000000000000000000000000] [APT] [{36F3B08F-EDA5-495A-95EB-718AD05C131C}] (...) -- C:\Users\robert\Desktop\Cobol visoc\VISOC\SETUP.exe (.not file.) [0]
[MD5.1619DE72A19A32C0C2B36E1B1FAF304A] [APT] [{493D9ECD-A6BD-445E-9FF3-4D8A73C0F7AC}] (.Micro Focus.) -- C:\VisOC\BIN\VISOC.exe [1155584]
[MD5.00000000000000000000000000000000] [APT] [{78E2B3F3-44D0-4169-95FE-E2108FC4476B}] (...) -- C:\Users\robert\Desktop\OutlookConnector.exe (.not file.) [0]
[MD5.1619DE72A19A32C0C2B36E1B1FAF304A] [APT] [{83A2651D-C0BE-46D9-8DAA-DD0CF7EA9DD6}] (.Micro Focus.) -- C:\VisOC\BIN\VISOC.exe [1155584]
[MD5.00000000000000000000000000000000] [APT] [{9437DD8A-FB04-473A-B041-A3D3CEC8BE2D}] (...) -- C:\Program Files\Netop\Netop School\Student\nstdw32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AEF78FCA-1D4E-4240-B65A-DE728C599D9E}] (...) -- C:\Program Files\Netop\Netop School\Student\nstdw32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B026D100-BC8B-4ABD-9BBE-18B65C5D1754}] (...) -- C:\Users\robert\Desktop\Google Sketchup Pro 8.0.3.117 plus Vray\SketchUp 8\GoogleSketchUp_8.0.3117_Pro.exe (.not file.) [0]
[MD5.1619DE72A19A32C0C2B36E1B1FAF304A] [APT] [{B7FE899C-53E7-46A5-8CDF-33C83A808F60}] (.Micro Focus.) -- C:\VisOC\BIN\VISOC.exe [1155584]
[MD5.1619DE72A19A32C0C2B36E1B1FAF304A] [APT] [{C4EB138E-FFEF-4BC3-9649-61EBB221B271}] (.Micro Focus.) -- C:\VisOC\BIN\VISOC.exe [1155584]
[MD5.00000000000000000000000000000000] [APT] [{DC53B768-8AFD-430D-914A-8F07B8338F8F}] (...) -- C:\Users\robert\Desktop\prophetlinepricinglabels.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E6F76C8C-8387-48B7-8E10-7A85D5E1F113}] (...) -- C:\Program Files\Netop\Netop School\Student\nstdw32.exe (.not file.) [0]
~ Scheduled Task: 38 Legitimates Filtered in 00mn 09s



---\\ Drivers launched at startup (O41)
O41 - Driver: (vflt) . (.Shrew Soft Inc - Shrew Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\vfilter.sys
~ Drivers: 87 Legitimates Filtered in 00mn 14s



---\\ Software installed (O42)
O42 - Logiciel: ADAudit Plus - (.ZOHO Corp.) [HKLM] -- {B4E87CC6-F195-4CFE-92A2-8439FC3716C9}
O42 - Logiciel: ADManager Plus - (.ZOHO Corp..) [HKLM] -- {CC00BC3F-40AE-49A7-BA63-FE2F93D20585}
O42 - Logiciel: ADManager Plus Free Tools - (...) [HKLM] -- {13405F8E-4962-435B-B10D-21BB8261B4B4}
O42 - Logiciel: ADSelfService Plus - (.ZOHO Corp..) [HKLM] -- {09998EF9-DF8C-4E52-803D-4AE85D38DD2B}
O42 - Logiciel: DVR - (.DVR.) [HKLM] -- InstallShield_{5087FC56-5302-486A-A2A6-0941B3E28237}
O42 - Logiciel: Elo Universal Driver 4.8.7 - (.Elo TouchSystems.) [HKLM] -- EloTouchscreen
O42 - Logiciel: Hide ALL IP 2014.01.21 - (.www.hideallip.com.) [HKLM] -- {02FC1980-2123-451F-8CB7-C9B60BE40717}_is1
O42 - Logiciel: KMSnano 24 - (...) [HKLM] -- KMSnano 24_is1
O42 - Logiciel: LaserJet 1020 series - (...) [HKLM] -- HP-LaserJet 1020 series
O42 - Logiciel: PDQ Deploy - (.Admin Arsenal.) [HKLM] -- {820624EF-65C6-49E0-8DA4-FCE21D917CE2}
O42 - Logiciel: PDQ Inventory - (.Admin Arsenal.) [HKLM] -- {4A187D8F-BDA5-4533-9785-0D800300F9B8}
O42 - Logiciel: Remote_Surveillance - (...) [HKLM] -- InstallShield_{F9A924D9-51E4-4C68-8CD3-4BDBA679A303}
O42 - Logiciel: Visual Object COBOL V1.0 - (...) [HKLM] -- Micro Focus Visual Object COBOL 1.0
O42 - Logiciel: skillpipe Reader - (.arvato.) [HKLM] -- {2262CADB-7DF0-40FF-BE35-1D0582656415}
~ Logic: 17 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Admin Arsenal]
[HKCU\Software\BarbaTunnel]
[HKCU\Software\HXG]
[HKCU\Software\HideAllIP]
[HKCU\Software\Lansweeper]
[HKCU\Software\Micro Focus]
[HKCU\Software\Netop Business Solutions A/S]
[HKCU\Software\PhoneCrypt]
[HKCU\Software\WORLDSPAN]
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\WonderSoft]
[HKCU\Software\ZebraTechnologies]
[HKCU\Software\iCarePro]
[HKCU\Software\softonicToolbar] =>Toolbar.Conduit
[HKLM\Software\ADSRemoval]
[HKLM\Software\Admin Arsenal]
[HKLM\Software\AdventNet, Inc.]
[HKLM\Software\Adventnet]
[HKLM\Software\Encelabs]
[HKLM\Software\HideAllIP]
[HKLM\Software\MICROS-Fidelio]
[HKLM\Software\MVL]
[HKLM\Software\ManageEngine]
[HKLM\Software\Micro Focus]
[HKLM\Software\Object]
[HKLM\Software\SK.Enhancer] =>Adware.SurfAndKeep
[HKLM\Software\SpringSvc.exe]
[HKLM\Software\WORLDSPAN]
[HKLM\Software\ZOHO Corp]
[HKLM\Software\arvato]
[HKLM\Software\iMagic]
[HKLM\Software\lansweeper]
[HKLM\Software\realtimelogic]
~ Key Software: 529 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 1/22/2014 - 09:02:18 - [37.177] ----D C:\Program Files\Admin Arsenal
O43 - CFD: 12/11/2013 - 15:07:56 - [48.281] ----D C:\Program Files\arvato
O43 - CFD: 10/14/2011 - 16:31:25 - [133.503] ----D C:\Program Files\DVR
O43 - CFD: 10/30/2013 - 10:46:01 - [16.687] ----D C:\Program Files\EloTouchSystems
O43 - CFD: 5/15/2012 - 12:44:31 - [0] ----D C:\Program Files\Free Accounting
O43 - CFD: 1/27/2014 - 12:39:20 - [10.010] ----D C:\Program Files\Hide ALL IP
O43 - CFD: 12/12/2013 - 11:55:29 - [20.962] ----D C:\Program Files\Hyper-V
O43 - CFD: 5/15/2012 - 12:39:09 - [0.000] ----D C:\Program Files\iMagic Inventory
O43 - CFD: 1/31/2014 - 08:33:43 - [0] ----D C:\Program Files\inFlow Inventory
O43 - CFD: 1/27/2014 - 12:02:59 - [58.735] ----D C:\Program Files\KMSnano
O43 - CFD: 10/5/2011 - 08:50:18 - [281.242] ----D C:\Program Files\Las Vegas Casino
O43 - CFD: 2/3/2014 - 15:20:19 - [273.772] ----D C:\Program Files\ManageEngine
O43 - CFD: 6/22/2011 - 17:50:37 - [0] ----D C:\Program Files\Netop
O43 - CFD: 5/15/2012 - 12:42:27 - [0] ----D C:\Program Files\Noguska
O43 - CFD: 4/10/2013 - 15:01:12 - [0.271] ----D C:\Program Files\OperaRegTerm
O43 - CFD: 12/4/2013 - 11:03:23 - [0] ----D C:\Program Files\seUerf and keep =>Adware.SurfAndKeep
O43 - CFD: 12/4/2013 - 12:15:21 - [0] ----D C:\Program Files\Sk.Enhancer =>Adware.SurfAndKeep
O43 - CFD: 6/21/2011 - 16:10:43 - [0.205] ----D C:\Program Files\SQLXML 4.0
O43 - CFD: 1/28/2014 - 08:28:16 - [8.507] ----D C:\Program Files\Super Network Tunnel
O43 - CFD: 10/13/2011 - 16:08:48 - [0] ----D C:\Program Files\Video to Mp3 Converter
O43 - CFD: 2/12/2013 - 13:24:13 - [1.583] ----D C:\Program Files\webrec
O43 - CFD: 5/14/2012 - 16:47:20 - [0.015] ----D C:\Program Files\Xin
O43 - CFD: 12/4/2013 - 09:12:56 - [0] ----D C:\Program Files\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 1/8/2014 - 11:15:23 - [4.812] ----D C:\Program Files\Common Files\Aelita Shared
O43 - CFD: 1/8/2014 - 11:15:22 - [3.121] ----D C:\Program Files\Common Files\Quest Shared
O43 - CFD: 12/4/2013 - 11:03:56 - [0.287] ----D C:\ProgramData\47f37b20e19dc241
O43 - CFD: 1/22/2014 - 09:02:46 - [28.401] ----D C:\ProgramData\Admin Arsenal
O43 - CFD: 12/11/2013 - 15:08:33 - [0.000] ----D C:\ProgramData\arvato
O43 - CFD: 1/27/2014 - 14:54:30 - [0.002] ----D C:\ProgramData\Barbatunnel
O43 - CFD: 7/13/2011 - 15:50:36 - [0.000] ----D C:\ProgramData\DataIgloo
O43 - CFD: 5/14/2012 - 17:16:41 - [0.945] ----D C:\ProgramData\iMagic
O43 - CFD: 12/10/2013 - 14:03:33 - [7.757] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 10/3/2011 - 17:19:11 - [0] ----D C:\ProgramData\Netop
O43 - CFD: 1/14/2014 - 13:59:14 - [0] ----D C:\ProgramData\ProductData
O43 - CFD: 12/4/2013 - 12:15:21 - [0] ----D C:\ProgramData\seUerf and keep =>Adware.SurfAndKeep
O43 - CFD: 12/2/2013 - 15:35:50 - [0] ----D C:\ProgramData\xml_param
O43 - CFD: 12/4/2013 - 10:35:27 - [0] ----D C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 5/14/2012 - 17:14:42 - [0.000] ----D C:\ProgramData\Zebra Technologies
O43 - CFD: 1/14/2014 - 13:59:19 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 7/4/2013 - 10:29:29 - [23.539] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/4/2013 - 12:20:37 - [4.809] ----D C:\Users\sarah\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 10/14/2011 - 13:29:56 - [0.214] ----D C:\Users\sarah\AppData\Roaming\Netop
O43 - CFD: 10/23/2012 - 09:41:24 - [0.002] ----D C:\Users\sarah\AppData\Roaming\WORLDSPAN
O43 - CFD: 12/2/2013 - 15:33:56 - [0] ----D C:\Users\sarah\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 12/11/2013 - 15:08:38 - [24.406] ----D C:\Users\sarah\AppData\Local\arvato
O43 - CFD: 10/14/2011 - 10:28:47 - [0] ----D C:\Users\sarah\AppData\Local\Netop
O43 - CFD: 2/3/2014 - 15:18:50 - [0.013] ----D C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADSelfService Plus
~ Program Folder: 348 Legitimates Filtered in 04mn 09s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.6FA659F9519B9FC6CD9E3F8C46FCF83B] - 1/20/2014 - 07:59:45 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_20_7_59_42.dmp [19109]
O44 - LFC:[MD5.0FF9B123369E9AB318F07D42A756D1BE] - 1/20/2014 - 10:07:46 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_51-b13.log [5163]
O44 - LFC:[MD5.8D86B572C84C6BC42197206631133759] - 1/21/2014 - 11:37:54 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_21_11_37_51.dmp [19109]
O44 - LFC:[MD5.2F5AA4BC4DAFAA1DD4195B391CA3A397] - 1/21/2014 - 15:55:03 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_21_15_55_0.dmp [19109]
O44 - LFC:[MD5.5B00E4C12DD1001AE13CC9B44F015C33] - 1/21/2014 - 16:04:46 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_21_16_4_43.dmp [19109]
O44 - LFC:[MD5.9197CF14296E46E6FB4112E6CE311F39] - 1/23/2014 - 09:24:19 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_23_9_24_16.dmp [19109]
O44 - LFC:[MD5.845D991C959C737C7E1152475DFC0735] - 1/23/2014 - 15:10:07 ---A- . (...) -- C:\Windows\cfgrs.ini [1090]
O44 - LFC:[MD5.11C9F87C526145C17D99A81A3F0160C7] - 1/23/2014 - 15:10:07 ---A- . (...) -- C:\Windows\cfgrs_ex.ini [134]
O44 - LFC:[MD5.812BB43B18CEB321E0CC112A69BAF0A3] - 1/23/2014 - 20:35:16 ---A- . (...) -- C:\Windows\RegBootClean.exe [181272]
O44 - LFC:[MD5.F67CD78F3F5A71BC4057D790F52892E6] - 1/24/2014 - 08:11:43 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_24_8_11_40.dmp [19109]
O44 - LFC:[MD5.EA9605F6E27807D72F21ED6128CE6DC2] - 1/24/2014 - 10:12:07 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_24_10_11_58.dmp [19109]
O44 - LFC:[MD5.65CB9BCAF65A122F88287D2C370B9B1E] - 1/24/2014 - 10:55:49 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_24_10_55_41.dmp [19109]
O44 - LFC:[MD5.DC0B8205B5FFD6C779909D8F1C96D8E2] - 1/24/2014 - 11:23:04 ---A- . (...) -- C:\Windows\System32\lsprst7.dll [205]
O44 - LFC:[MD5.C7ED1A929DE88627F994540F5C96604D] - 1/24/2014 - 11:23:04 ---A- . (...) -- C:\Windows\System32\lsprst7.tgz [219]
O44 - LFC:[MD5.58CDD114539FA01B5236D442F47AB0DE] - 1/24/2014 - 11:23:05 --H-- . (...) -- C:\Windows\System32\servdat.slm [16]
O44 - LFC:[MD5.EC8D1EF4AA8574F8289C079A1501E9EE] - 1/24/2014 - 11:31:41 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_24_11_31_34.dmp [19109]
O44 - LFC:[MD5.ACAA7A0972FE53850692881C6347645A] - 1/24/2014 - 12:09:13 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_24_12_9_7.dmp [19109]
O44 - LFC:[MD5.552BC5B392B106DE5F77BD50150241E4] - 1/24/2014 - 12:42:51 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_24_12_42_42.dmp [19109]
O44 - LFC:[MD5.252040696E872F7AB6840D7F20C73776] - 1/27/2014 - 09:11:00 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_27_9_10_53.dmp [19109]
O44 - LFC:[MD5.AA89B9535D0B22FFDBC30F92FA20F73C] - 1/27/2014 - 13:04:53 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_27_13_4_49.dmp [19109]
O44 - LFC:[MD5.11E381D04F0E91C0493EB26232E5A88C] - 1/28/2014 - 08:35:52 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_28_8_35_39.dmp [19109]
O44 - LFC:[MD5.41251CDC97AC7F824C8A591EFAAD9B5F] - 1/29/2014 - 09:38:26 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_29_9_38_20.dmp [19109]
O44 - LFC:[MD5.1419E65998B63D2B96F83545400B61C5] - 1/31/2014 - 08:35:08 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_1_31_8_34_57.dmp [19109]
O44 - LFC:[MD5.D05006A8989A5E7A209D0D0EA9BC0EA9] - 2/3/2014 - 08:03:22 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_2_3_8_3_15.dmp [19109]
O44 - LFC:[MD5.5D9ED49FB21ACA48A996CAC290B67E40] - 2/3/2014 - 08:22:26 ---A- . (...) -- C:\Windows\System32\nmesrvc_core_2014_2_3_8_22_20.dmp [19109]
O44 - LFC:[MD5.B45E1CA0F9240776B75AF680875B35E1] - 2/3/2014 - 12:21:33 ---A- . (...) -- C:\Windows\hpbafd.ini [167]
O44 - LFC:[MD5.14F31D6CCA12240CF6AC73B0BDC6C5A3] - 2/3/2014 - 12:41:22 ---A- . (...) -- C:\Windows\cfgall.ini [8906]
O44 - LFC:[MD5.450B85986B758CF619DE65049BA3073C] - 2/3/2014 - 20:00:04 ---A- . (...) -- C:\Windows\DFError.log [120873]
O44 - LFC:[MD5.EC09DD07AF25724A47D9D0C317D85015] - 2/3/2014 - 20:04:51 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20640]
O44 - LFC:[MD5.EC09DD07AF25724A47D9D0C317D85015] - 2/3/2014 - 20:04:51 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20640]
~ Files: 44 Legitimates Filtered in 02mn 59s



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.9F22335CF15D668A46A9BAB51F781230] - 2/3/2014 - 15:08:28 ---A- - C:\Windows\Prefetch\STARTTOOLS.EXE-A42A958C.pf
O45 - LFCP:[MD5.07ACE7A48BF4436205F7FFC1CCBDA892] - 2/3/2014 - 15:08:38 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-920BBA2A.pf
O45 - LFCP:[MD5.A71A19F9E50D6AC35744AC29009DA2AA] - 2/3/2014 - 17:38:01 ---A- - C:\Windows\Prefetch\HPBDFAWEP.EXE-923116E3.pf
O45 - LFCP:[MD5.383CF19F039554D8B42DFE4173DC0F8A] - 2/3/2014 - 19:59:11 ---A- - C:\Windows\Prefetch\ELOLNCHR.EXE-5FEE415B.pf
O45 - LFCP:[MD5.F38C877E4D295061F7CBDD43EFBA8BAD] - 2/3/2014 - 20:06:07 ---A- - C:\Windows\Prefetch\POSTGRES.EXE-0678D8A0.pf
O45 - LFCP:[MD5.3D43F2FBBE34747225333B35683841EA] - 2/3/2014 - 20:06:09 ---A- - C:\Windows\Prefetch\POSTGRES.EXE-ABEDCAC1.pf
O45 - LFCP:[MD5.E2617FEE881E38DAC8DBB46F008073EC] - 2/3/2014 - 20:06:11 ---A- - C:\Windows\Prefetch\POSTGRES.EXE-8BF081B1.pf
~ Prefetcher: 53 Legitimates Filtered in 00mn 00s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ApplePhotoStreams [Key] . (...) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BarbaMonitor [Key] . (...) -- C:\Users\sarah\Desktop\New folder\bin\BarbaMonitor.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Hide ALL IP [Key] . (.www.hideallip.com - Hide ALL IP.) -- C:\Program Files\Hide ALL IP\HideAllIP.exe
O53 - SMSR:HKLM\...\startupreg\iFunBoxConnector [Key] . (...) -- C:\Program Files\i-Funbox DevTeam\ifb_conn.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (...) -- C:\Program Files\Skype\Phone\Skype.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
~ SMSR Keys: 16 Legitimates Filtered in 00mn 01s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.3D9C80580E32465227656454074DB5F0] - 6/22/2009 - 13:18:28 ---A- . (.Elo Touchsystems - USB touchmonitor filter driver for Windows XP/2000..) -- C:\Windows\System32\Drivers\EloFiltr.sys [48640]
O58 - SDL:[MD5.A445E0A850D52735CD2CFCDBD75CD831] - 6/22/2009 - 13:18:28 ---A- . (.Elo Touchsystems - USB touchmonitor driver for Windows XP/2000..) -- C:\Windows\System32\Drivers\EloUsb.Sys [55680]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 03:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.CB751449CD98244B358682362B45BF48] - 9/12/2013 - 15:24:14 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\gttap1.sys [32552]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 00:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.BD6528182C5FBF004846F82BA105CAD5] - 12/17/2013 - 00:00:30 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\ptun0901.sys [35288]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 03:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8CF6E2AE1707D82E904ECCA68CEF8B87] - 9/25/2013 - 21:33:38 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [26624]
O58 - SDL:[MD5.827C8058C284FF0013E4462EFE2591A3] - 7/15/2012 - 09:48:16 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tapoas.sys [26112]
O58 - SDL:[MD5.8BF5D980CDCE35FB26F05047144BB57E] - 9/28/2012 - 10:32:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [44544]
O58 - SDL:[MD5.3BC745021477422ABF9B85B8E562724D] - 7/1/2013 - 01:07:18 ---A- . (.Shrew Soft Inc - Shrew Lightweight Filter Driver.) -- C:\Windows\System32\Drivers\vfilter.sys [18944]
O58 - SDL:[MD5.1B13A6A5253E7F046728980CCB59C0B7] - 7/1/2013 - 01:07:18 ---A- . (.Shrew Soft Inc - Shrew Soft Virtual Network Driver.) -- C:\Windows\System32\Drivers\virtualnet.sys [13824]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 23:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 23:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 23:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 23:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 23:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 23:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 23:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 23:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 23:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 23:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 23:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 23:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 23:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 23:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 23:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 03s



---\\ Last modified or created user files (O61)
O61 - LFC: 1/31/2014 - 20:12:12 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_32.db [1048576]
O61 - LFC: 1/31/2014 - 20:12:12 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_96.db [5242880]
O61 - LFC: 1/31/2014 - 20:12:12 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_sr.db [24]
O61 - LFC: 1/31/2014 - 20:12:34 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml [513189]
O61 - LFC: 1/31/2014 - 20:14:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_1024.db [24]
O61 - LFC: 1/31/2014 - 20:14:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_256.db [5242880]
O61 - LFC: 1/31/2014 - 20:14:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_32.db [1048576]
O61 - LFC: 1/31/2014 - 20:14:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_96.db [5242880]
O61 - LFC: 1/31/2014 - 20:14:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_idx.db [12952]
O61 - LFC: 1/31/2014 - 20:14:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_sr.db [24]
O61 - LFC: 1/31/2014 - 20:15:10 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml [513189]
O61 - LFC: 1/31/2014 - 20:29:14 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_1024.db [24]
O61 - LFC: 1/31/2014 - 20:29:14 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_256.db [5242880]
O61 - LFC: 1/31/2014 - 20:29:14 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_32.db [1048576]
O61 - LFC: 1/31/2014 - 20:29:14 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_96.db [5242880]
O61 - LFC: 1/31/2014 - 20:29:14 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_idx.db [12952]
O61 - LFC: 1/31/2014 - 20:29:14 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_sr.db [24]
O61 - LFC: 1/31/2014 - 20:29:15 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7KIEK5PU\ms[1].js [13905]
O61 - LFC: 1/31/2014 - 20:29:15 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HKWF0O99\ms2[2].js [11867]
O61 - LFC: 1/31/2014 - 20:32:32 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml [513189]
O61 - LFC: 1/31/2014 - 20:48:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_1024.db [24]
O61 - LFC: 1/31/2014 - 20:48:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_256.db [5242880]
O61 - LFC: 1/31/2014 - 20:48:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_32.db [1048576]
O61 - LFC: 1/31/2014 - 20:48:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_96.db [5242880]
O61 - LFC: 1/31/2014 - 20:48:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_idx.db [12952]
O61 - LFC: 1/31/2014 - 20:48:45 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_sr.db [24]
O61 - LFC: 1/31/2014 - 20:48:47 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\cc720539(v=ws.10)[1].json [0]
O61 - LFC: 1/31/2014 - 20:48:48 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\MicrosoftAjax[1].js [98832]
O61 - LFC: 1/31/2014 - 20:48:48 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\SearchBox[1].js [16564]
O61 - LFC: 1/31/2014 - 20:48:48 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\SiteRecruit_Tracker[1].htm [661]
O61 - LFC: 1/31/2014 - 20:48:48 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\like[2].htm [5536]
O61 - LFC: 1/31/2014 - 20:48:48 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\siteresource[1].js [3102]
O61 - LFC: 1/31/2014 - 20:48:48 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\surveyscripthandler[1].js [5212]
O61 - LFC: 1/31/2014 - 20:48:49 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\Utilities[1].js [3099]
O61 - LFC: 1/31/2014 - 20:48:49 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\viewthread[1].css [14653]
O61 - LFC: 1/31/2014 - 20:48:49 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1KBMIFHU\wol.common[1].js [180969]
O61 - LFC: 1/31/2014 - 20:48:50 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\broker-config[2].js [7403]
O61 - LFC: 1/31/2014 - 20:48:50 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\broker-config[3].js [16725]
O61 - LFC: 1/31/2014 - 20:48:50 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\broker-config[4].js [16725]
O61 - LFC: 1/31/2014 - 20:48:50 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\builder[1].js [20486]
O61 - LFC: 1/31/2014 - 20:48:51 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\gl_social[1].svg [3269]
O61 - LFC: 1/31/2014 - 20:48:52 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\logging[1].js [19934]
O61 - LFC: 1/31/2014 - 20:48:52 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\modernizr.wol[1].js [11837]
O61 - LFC: 1/31/2014 - 20:48:52 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\surveytrigger[1].css [496]
O61 - LFC: 1/31/2014 - 20:48:53 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77R3WUBF\tracker[1].js [10513]
O61 - LFC: 1/31/2014 - 20:48:54 ---A- . (...) -- C:\Users\sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Tempo
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Feb 4, 2014 at 02:06 PM
0
Thank you
Hi,

- To transmit the report, click on this link :

http://www.speedyshare.com/

- Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

- Select the file ZHPDiag.txt.

- Click on "upload »

- Copy the URL and post it here.

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Feb 5, 2014 at 01:35 AM
0
Thank you
hey , ok this is the file

http://speedy.sh/JKKNC/ZHPDiag.txt
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Feb 5, 2014 at 01:14 PM
0
Thank you
Hi,

Is your computer a HP ?

1. Close all applications

2. Select and copy all of the following bold lines.
----------------------------------------------------------------------------------




Script ZHPFix
[HKLM\Software\Object] => Infection BT (PUP.FCTPlugin)
[HKLM\Software\SK.Enhancer] =>Adware.SurfAndKeep
O43 - CFD: 12/4/2013 - 11:03:23 - [0] ----D C:\Program Files\seUerf and keep =>Adware.SurfAndKeep
O43 - CFD: 12/4/2013 - 12:15:21 - [0] ----D C:\Program Files\Sk.Enhancer =>Adware.SurfAndKeep
O43 - CFD: 12/4/2013 - 09:12:56 - [0] ----D C:\Program Files\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 12/10/2013 - 14:03:33 - [7.757] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 12/4/2013 - 12:15:21 - [0] ----D C:\ProgramData\seUerf and keep =>Adware.SurfAndKeep
O43 - CFD: 12/4/2013 - 10:35:27 - [0] ----D C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 12/4/2013 - 12:20:37 - [4.809] ----D C:\Users\sarah\AppData\Roaming\iSafe =>Trojan.Staser
O44 - LFC:[MD5.DC0B8205B5FFD6C779909D8F1C96D8E2] - 1/24/2014 - 11:23:04 ---A- . (...) -- C:\Windows\System32\lsprst7.dll [205] => Infection Diverse (Trojan.Agent)
O44 - LFC:[MD5.C7ED1A929DE88627F994540F5C96604D] - 1/24/2014 - 11:23:04 ---A- . (...) -- C:\Windows\System32\lsprst7.tgz [219] => Infection Diverse (Trojan.Agent)
[HKLM\Software\Classes\AppID\{D651E893-3D08-458D-A242-0E6B862E6507}] =>Hijacker.Alnaddy
[HKLM\Software\Classes\IEHlprObj.IEHlprObj] =>Adware.iWinArcade
[HKLM\Software\Classes\IEHlprObj.IEHlprObj.1] =>Adware.iWinArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}] =>Adware.Bandoo^
C:\Program Files\seUerf and keep =>Adware.SurfAndKeep^
C:\Program Files\Sk.Enhancer =>Adware.SurfAndKeep^
C:\Program Files\YoutubeAdblocker =>PUP.Multiplug^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\seUerf and keep =>Adware.SurfAndKeep^
C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug^
C:\Users\sarah\AppData\Roaming\iSafe =>Trojan.Staser^
[HKLM\Software\SK.Enhancer] =>Adware.SurfAndKeep^
[HKCU\Software\softonicToolbar] =>Toolbar.Conduit
O43 - CFD: 7/4/2013 - 10:29:29 - [23.539] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} => Toolbar.TuneUp
[HKLM\Software\Classes\Toolbar.CT2786678] =>Toolbar.Conduit
[HKCU\Software\softonicToolbar] =>Toolbar.Conduit^



3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Feb 7, 2014 at 01:52 AM
0
Thank you
Hello ,
yes my computer is HP
this is the report
http://speedy.sh/32ywu/ZHPFixReport.txt

and I uploaded a pic of what the virus looks like
http://speedy.sh/DeB4Q/Untitled.png

g:\ is the usb drive letter ... TARGET are all the files in the usb ... they are all tryin to be accessed by c:\windows\explorer.exe and the anti virus denies permission
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Feb 7, 2014 at 03:07 AM
0
Thank you
Hi,

OK.
Run again ZHPDiag and send the report.

Have you tried disabling TrendMicro to see if there are problems ?

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Feb 7, 2014 at 04:07 AM
0
Thank you
Hey ,

yes actually whenever I need to use the usb I disable trend micro , but when I disable it doesnt it means that the virus is able to access the files ?

ill run zhpdiag later today coz it takes too much time and I have lots of work .

thank you for your patience guys ...
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Feb 8, 2014 at 06:52 AM
0
Thank you
Hello,

A priori your computer is clean.
We will see on ZHPDiag's report.

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Feb 10, 2014 at 05:58 AM
2011N2 13385 Posts Saturday January 29, 2011Registration dateSecurity contributorStatus December 24, 2016 Last seen - Feb 10, 2014 at 12:36 PM
0
Thank you
Hi,

1. Close all applications

2. Select and copy all the lines which are in this link : https://dl.dropboxusercontent.com/u/32869654/Pour%20kelnasawa.txt

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.
kelnasawa 23 Posts Thursday January 23, 2014Registration date October 10, 2014 Last seen - Feb 11, 2014 at 01:49 AM
0
Thank you
http://speedy.sh/zCEaF/4.jpg
http://speedy.sh/uYMTp/3.jpg
http://speedy.sh/QaHsZ/2.jpg
http://speedy.sh/yTUJ5/1.jpg
http://speedy.sh/Bsg2x/ZHPFixReport.txt

Hey , here's the report along with pics of what happens ... this virus is so good ... could TrendMicro be infected on my pc and is causing this to happen ?
1 2 Next

you dont currently have permission to access this folder - page 2