cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.3.15.30 - Nicolas Coolman (15-03-2015)
~ Launched by admin (16-03-2015 16:17:20)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Deactivate by user
~ Elevation of privilege : OK
~ User Account Control :


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16663
MFIE: Mozilla Firefox 37.0 (Defaut)
GCIE: Google Chrome

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows(R) Operating System, RETAIL channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1 Pro with Media Center, 32-bit (Build 9600)

---\\ System protection software
Panda Cloud Cleaner v1.0.107
Windows Defender W8 (Deactivate)

---\\ System optimization software
CCleaner v5.03

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 16 NPAPI
Adobe Reader XI

---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 3, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1015.4 MB (18% free)
System Restore: Désactivé (Disabled)
System drive C: has 14 GB (36%) free of 39 GB

---\\ Connection to the system mode
~ Computer Name: REDWAN
~ User Name: admin
~ All Users Names: Guest, Administrator, admin,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\admin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\admin\AppData\Roaming\
~ %Desktop% : C:\Users\admin\Desktop\
~ %Favorites% : C:\Users\admin\Favorites\
~ %LocalAppData% : C:\Users\admin\AppData\Local\
~ %StartMenu% : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 14 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 10 Go of 35 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 46 Scanned in 00mn 00s



---\\ Search Generic System Files
[MD5.2CA8E3C9335C3C8BAEB335345E48364D] - (.Microsoft Corporation - مستكشف Windows.) (.22-08-2013 - 5:25:34.) -- C:\Windows\Explorer.exe [2063408]
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) (.22-08-2013 - 2:49:55.) -- C:\Windows\System32\Wininit.exe [112640]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - ملحقات الإنترنت لـ Win32.) (.01-03-2014 - 2:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.94385F95EF948FB274A70DE3EDE5696D] - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) (.22-08-2013 - 2:48:19.) -- C:\Windows\System32\Winlogon.exe [458752]
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - مكتبة تراخيص البرامج.) (.21-12-2013 - 8:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22-08-2013 - 6:13:54.) -- C:\Windows\system32\Drivers\AFD.sys [455168]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-2013 - 5:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-2013 - 4:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-2013 - 1:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928]
[MD5.D4ADBFC2409EF883164F3AA49B22F366] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22-08-2013 - 4:09:45.) -- C:\Windows\system32\Drivers\DfsC.sys [101376]
[MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22-08-2013 - 4:10:12.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632]
[MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-2013 - 4:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944]
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27-11-2013 - 11:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.9E030D5C03E68E0C78EA120212759D66] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23-11-2013 - 6:09:50.) -- C:\Windows\system32\Drivers\MRxSmb.sys [332800]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-2013 - 4:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624]
[MD5.D13D35452A5F452DCC1626AE1A7D9790] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10-03-2014 - 8:43:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1673048]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-2013 - 4:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-2013 - 4:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22-08-2013 - 14:39:05.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-2013 - 6:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040]
[MD5.CA3C52D981550DEA46576F9FFBA22C58] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31-01-2014 - 14:04:24.) -- C:\Windows\system32\Drivers\volsnap.sys [265560]
~ Generic Processes: Scanned in 00mn 04s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/289
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/680
~ Mon Bureau (My Desktop) : 1/2410
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 09s



---\\ Process running
[MD5.61A5597AB30F257BCC47A8E61711F039] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\WINDOWS\system32\taskhostex.exe [66632] [PID.2400]
[MD5.D2124327CB66F3727D26343122DBC4F5] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456] [PID.3144]
[MD5.42433CDEC449D40F508752F2D487D8E4] - (.Microsoft Corporation - Host Process for Setting Synchronization.) -- C:\Windows\System32\SettingSyncHost.exe [478208] [PID.4004]
[MD5.CD5F3D2C295648D9C467110EB8D9C052] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3890768] [PID.3760]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.2356]
[MD5.090A189F4EEB3C0B76E97ACDB1A71C92] - (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) -- C:\Program Files\Internet Download Manager\IDMGrHlp.exe [69144] [PID.1076]
[MD5.4EE92BA4AEFE618D694F13605B7DA5C5] - (.VoipConnect - Client to make VoIP calls..) -- C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [23048288] [PID.3260]
[MD5.0706510EDEDAF0F4C28B2D98E785DD42] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8186368] [PID.1476]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [admin - uqy5ynz6.default-1419639177145\mozilla_cc@internetdownloadmanager.com] [] IDM CC v7.3.97 (..)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - The plugin allows you to have a better experience with Microsoft Lync.) -- C:\Program Files\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
P2 - FPN: [HKLM] [@microsoft.com/Lync,version=15.0] - (.Microsoft Corporation - The plugin allows you to have a better experience with Microsoft Lync.) -- C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plugin allows you to have a better experience with Microsoft Share.) -- C:\Program Files\Microsoft Office\Office15\NPSPWRAP.dll
P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.No owner - Photodex Presenter Plugin 6,00,0,3410.) -- C:\Program Files\Photodex Presenter\npPxPlay.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.10.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: 8 Scanned in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
~ IE Browser: 15 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\shell32.dll
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (59)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects (O2)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office15\URLREDIR.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.dll =>.Microsoft Corporation
~ BHO: 10 Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: YTD Video Downloader.lnk . (.GreenTree Applications SRL - YTD Video Downloader.) -- C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe =>PUP.GreenTreeApp
~ Global Startup: 1 Scanned in 00mn 13s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKCU\..\Run: [VoipConnect] . (.VoipConnect - Client to make VoIP calls..) -- C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-559679301-2718928345-356766008-1001\..\Run: [VoipConnect] . (.VoipConnect - Client to make VoIP calls..) -- C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe
O4 - HKUS\S-1-5-21-559679301-2718928345-356766008-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-559679301-2718928345-356766008-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: انقر للاتصال من Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\WINDOWS\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\WINDOWS\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F415481E-492A-48F6-BAD9-5D6E396A5D55}: NameServer = 8.8.8.8 41.214.140.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E39078-9106-4BDC-978A-A869184D7197}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F415481E-492A-48F6-BAD9-5D6E396A5D55}: NameServer = 8.8.8.8 41.214.140.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{49E39078-9106-4BDC-978A-A869184D7197}: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) . (.TeamViewer GmbH - TeamViewer 10.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Unchecky (Unchecky) . (.RaMMicHaeL - Unchecky Service.) - C:\Program Files\Unchecky\bin\unchecky_svc.exe
~ Services: 6 Scanned in 00mn 07s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.2B24F194FC5B657397ECB2923A68350E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [5503768]
~ Scheduled Task: 1 Scanned in 00mn 10s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - ‎‎موارد Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API لنُسق Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - ‎‎بريد Windows.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - امتداد Shell الخاص بمجلد Microsoft Internet Explorer FTP.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - ‎‎موارد Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - ‎‎مكتبة الارتباط الديناميكي لـ Windows Shell.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
~ Active Setup: 9 Scanned in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: (adgnetworktdi) . (.No owner - Adguard TDI network driver.) - C:\Windows\System32\drivers\adgnetworktdi.sys
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: C:\Windows\System32\drivers\ahcache.sys (ahcache) . (.Microsoft Corporation - Application Compatibility Cache.) - C:\Windows\System32\DRIVERS\ahcache.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (eamonm) . (.ESET - Amon monitor.) - C:\Windows\System32\DRIVERS\eamonm.sys
O41 - Driver: (ehdrv) . (.ESET - ESET Helper driver.) - C:\Windows\system32\DRIVERS\ehdrv.sys
O41 - Driver: oem101.inf (EpfwLWF) . (.ESET - Epfw NDIS LightWeight Filter.) - C:\Windows\system32\DRIVERS\EpfwLWF.sys
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO x86 Kernel Driver.) - C:\WINDOWS\system32\drivers\HWiNFO32.sys
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Drivers: 44 Scanned in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: AVS Photo Editor 2.3.1.144 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Photo Editor_is1
O42 - Logiciel: Adobe Flash Player 16 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: Adobe Reader XI (11.0.10) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}
O42 - Logiciel: AutoPlay Media Studio 8 - (.Indigo Rose Corporation.) [HKLM] -- AutoPlay Media Studio 8
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Dragon - (.Media Contact LLC.) [HKLM] -- Dragon_is1
O42 - Logiciel: ESET Smart Security - (.ESET, spol s r. o..) [HKLM] -- {006C02BE-3EB6-444C-BB59-75A6BAAFB085}
O42 - Logiciel: Flash Effect Maker Pro 5.0 (578 Templates/Unicode UTF8/3D Text/ - (...) [HKLM] -- Flash Effect Maker Update trial to full_is1
O42 - Logiciel: Flash Effect Maker Pro 5.0 Trial (578 Templates/Unicode UTF8/3D - (.www.go2share.net.) [HKLM] -- Flash Effect Maker_is1
O42 - Logiciel: Hetman Photo Recovery 4.2 - (...) [HKLM] -- Hetman Photo Recovery
O42 - Logiciel: ISO to USB - (.isotousb.com.) [HKLM] -- {D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager
O42 - Logiciel: Internet Mobile - (.Huawei Technologies Co.,Ltd.) [HKLM] -- Internet Mobile
O42 - Logiciel: K-Lite Codec Pack 10.0.5 Full - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: Magic ISO Maker v5.5 (build 0281) - (...) [HKLM] -- Magic ISO Maker v5.5 (build 0281)
O42 - Logiciel: ManageMyMobile - (.IObit.) [HKLM] -- ManageMyMobile_is1
O42 - Logiciel: Maxthon Nitro - (.Maxthon International Limited.) [HKLM] -- MxNitro
O42 - Logiciel: Microsoft Access MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0015-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft DCF MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0090-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Excel MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0016-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Groove MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00BA-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft InfoPath MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0044-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Lync MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-012B-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft OneNote MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00A1-0401-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Outlook MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001A-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft PowerPoint MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0018-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Publisher MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0019-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Word MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001B-0401-0000-0000000FF1CE}
O42 - Logiciel: Mobile Broadband HL Service - (.Huawei Technologies Co.,Ltd.) [HKLM] -- Mobile Broadband HL Service
O42 - Logiciel: Mozilla Firefox 37.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 37.0 (x86 en-US)
O42 - Logiciel: OLLYDBG version 1.1 - (.at4re,Schwert-z.) [HKLM] -- {F912A73D-1D2B-463D-9AD9-E2A30A374FCB}_is1
O42 - Logiciel: Panda Cloud Cleaner - (.Panda Security.) [HKLM] -- {92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1
O42 - Logiciel: Photo-Brush 5.30 - (.Mediachance Corp..) [HKLM] -- Photo-Brush_is1
O42 - Logiciel: Photodex Presenter - (.Photodex Corporation.) [HKLM] -- Photodex Presenter
O42 - Logiciel: ProShow Producer - (.Photodex Corporation.) [HKLM] -- ProShow Producer
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44}
O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701}
O42 - Logiciel: Skype™ 7.1 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
O42 - Logiciel: TeamViewer 10 - (.TeamViewer.) [HKLM] -- TeamViewer
O42 - Logiciel: Unchecky v0.3.7 - (.RaMMicHaeL.) [HKLM] -- Unchecky
O42 - Logiciel: VoipConnect - (.Finarea S.A. Switzerland.) [HKLM] -- VoipConnect_is1
O42 - Logiciel: WinRAR 5.21 (32-بت) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: YTD Video Downloader 4.8.9 - (.GreenTree Applications SRL.) [HKLM] -- {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} =>PUP.GreenTreeApp
O42 - Logiciel: Your Uninstaller! 7 - (.URSoft, Inc..) [HKLM] -- YU2010_is1
~ Logic: 32 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Code Sector]
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DownloadManager]
[HKCU\Software\ESET]
[HKCU\Software\Foxit Software]
[HKCU\Software\GNU]
[HKCU\Software\GRETECH]
[HKCU\Software\Gabest]
[HKCU\Software\GreenTree Applications] =>PUP.GreenTreeApp
[HKCU\Software\Hetman Software]
[HKCU\Software\IM Providers]
[HKCU\Software\Icaros]
[HKCU\Software\Indigo Rose]
[HKCU\Software\Letasoft]
[HKCU\Software\Macromedia]
[HKCU\Software\MagicISO]
[HKCU\Software\MainConcept]
[HKCU\Software\MediaChance.Info]
[HKCU\Software\MediaChance]
[HKCU\Software\MediaInfo]
[HKCU\Software\Meridian93]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\PUSH Entertainment]
[HKCU\Software\Photodex]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\Reason]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\TeamViewer]
[HKCU\Software\TechSmith]
[HKCU\Software\Trolltech]
[HKCU\Software\URSoft]
[HKCU\Software\Unchecky]
[HKCU\Software\VoipConnect]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Wintertree]
[HKCU\Software\ZONER]
[HKCU\Software\ZebHelpProcess Helper]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Code Sector]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\ESET]
[HKLM\Software\Foxit Software]
[HKLM\Software\GNU]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard Company]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IM Providers]
[HKLM\Software\Icaros]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\KLCodecPack]
[HKLM\Software\LAV]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nevron]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\Panda Security]
[HKLM\Software\Panda Software]
[HKLM\Software\Photodex Media Sources]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PowerTechnology]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek]
[HKLM\Software\Reason]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Skype]
[HKLM\Software\Sysinternals]
[HKLM\Software\TechSmith]
[HKLM\Software\Volatile]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZTEUSBDriverFlag]
[HKLM\Software\mozilla.org]
~ Key Software: 184 Scanned in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30-01-2015 - 7:40:48 - [] ----D C:\Program Files\Adobe
O43 - CFD: 16-01-2015 - 21:20:08 - [] ----D C:\Program Files\AutoPlay Media Studio 8
O43 - CFD: 07-02-2015 - 11:35:05 - [] ----D C:\Program Files\AVS4YOU
O43 - CFD: 15-03-2015 - 0:20:36 - [] ----D C:\Program Files\CCleaner
O43 - CFD: 04-03-2015 - 17:33:51 - [] ----D C:\Program Files\Common Files
O43 - CFD: 27-01-2015 - 0:40:05 - [] ----D C:\Program Files\DIFX
O43 - CFD: 25-01-2015 - 22:20:30 - [] ----D C:\Program Files\ESET
O43 - CFD: 11-03-2015 - 19:25:06 - [] ----D C:\Program Files\Flash Effect Maker
O43 - CFD: 22-02-2015 - 1:10:18 - [] ----D C:\Program Files\FreeCall.com
O43 - CFD: 16-02-2015 - 3:52:29 - [] ----D C:\Program Files\FreeTime
O43 - CFD: 09-01-2015 - 21:53:16 - [] ----D C:\Program Files\GameTop.com
O43 - CFD: 10-03-2015 - 0:26:23 - [] ----D C:\Program Files\GreenTree Applications =>PUP.GreenTreeApp
O43 - CFD: 14-03-2015 - 14:44:45 - [] ----D C:\Program Files\Hetman Software
O43 - CFD: 11-03-2015 - 16:45:48 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 01-03-2015 - 2:49:31 - [] ----D C:\Program Files\Internet Download Manager
O43 - CFD: 30-01-2015 - 22:12:05 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 04-01-2015 - 2:29:07 - [] ----D C:\Program Files\Internet Mobile
O43 - CFD: 03-02-2015 - 3:30:20 - [] ----D C:\Program Files\IObit
O43 - CFD: 11-03-2015 - 13:50:35 - [] ----D C:\Program Files\ISO to USB
O43 - CFD: 24-12-2014 - 12:56:35 - [] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 08-02-2015 - 4:57:15 - [0] ----D C:\Program Files\ma-config.com
O43 - CFD: 04-03-2015 - 17:18:52 - [] ----D C:\Program Files\MagicISO
O43 - CFD: 16-02-2015 - 22:59:31 - [0] ----D C:\Program Files\Malwarebytes Anti-Malware
O43 - CFD: 04-03-2015 - 17:24:08 - [] ----D C:\Program Files\Microsoft Analysis Services
O43 - CFD: 04-03-2015 - 17:27:22 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 04-03-2015 - 17:32:17 - [] ----D C:\Program Files\Microsoft SQL Server
O43 - CFD: 04-03-2015 - 17:32:16 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 06-03-2015 - 18:59:33 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 16-12-2014 - 6:08:06 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 23-02-2015 - 13:37:37 - [] ----D C:\Program Files\OLLYDBG
O43 - CFD: 21-02-2015 - 1:37:03 - [] ----D C:\Program Files\Panda Security
O43 - CFD: 07-02-2015 - 10:41:37 - [] ----D C:\Program Files\Photo-Brush 5
O43 - CFD: 25-02-2015 - 23:02:53 - [] ----D C:\Program Files\Photodex
O43 - CFD: 25-02-2015 - 23:06:39 - [] ----D C:\Program Files\Photodex Presenter
O43 - CFD: 03-03-2015 - 17:35:03 - [0] ----D C:\Program Files\Pidgin
O43 - CFD: 18-02-2015 - 8:43:53 - [] ----D C:\Program Files\PUSH Entertainment
O43 - CFD: 30-01-2015 - 22:12:03 - [] ----D C:\Program Files\QuickTime
O43 - CFD: 12-12-2014 - 19:10:46 - [] ----D C:\Program Files\Realtek
O43 - CFD: 16-12-2014 - 6:08:06 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11-01-2015 - 15:19:16 - [] ----D C:\Program Files\SAMSUNG
O43 - CFD: 29-01-2015 - 1:59:35 - [] R---D C:\Program Files\Skype
O43 - CFD: 03-02-2015 - 2:22:29 - [0] ----D C:\Program Files\Speccy
O43 - CFD: 31-01-2015 - 8:25:56 - [] ----D C:\Program Files\TeamViewer
O43 - CFD: 11-03-2015 - 2:42:06 - [] ----D C:\Program Files\Unchecky
O43 - CFD: 22-08-2013 - 7:24:44 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 05-02-2015 - 5:01:39 - [] ----D C:\Program Files\VideoLAN
O43 - CFD: 22-02-2015 - 1:32:04 - [] ----D C:\Program Files\VoipConnect.com
O43 - CFD: 06-01-2015 - 5:41:45 - [] ----D C:\Program Files\Winamp
O43 - CFD: 16-12-2014 - 0:50:30 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 22-08-2013 - 14:39:16 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 22-08-2013 - 14:36:12 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 08-01-2015 - 17:51:40 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 22-08-2013 - 8:17:35 - [] ----D C:\Program Files\Windows Multimedia Platform
O43 - CFD: 22-08-2013 - 8:17:26 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 22-08-2013 - 14:36:12 - [] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 22-08-2013 - 8:17:35 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 22-08-2013 - 8:17:26 - [] -S--D C:\Program Files\Windows Sidebar
O43 - CFD: 02-01-2015 - 1:47:30 - [] --H-D C:\Program Files\WindowsApps
O43 - CFD: 22-08-2013 - 8:17:26 - [] ----D C:\Program Files\WindowsPowerShell
O43 - CFD: 13-03-2015 - 11:25:05 - [] ----D C:\Program Files\WinRAR
O43 - CFD: 03-02-2015 - 2:16:14 - [] ----D C:\Program Files\Your Uninstaller! 7
O43 - CFD: 16-03-2015 - 16:16:35 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 30-01-2015 - 7:42:09 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 07-02-2015 - 11:35:01 - [] ----D C:\Program Files\Common Files\AVSMedia
O43 - CFD: 04-03-2015 - 17:33:51 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 11-03-2015 - 16:44:59 - [] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 12-12-2014 - 19:31:14 - [] ----D C:\Program Files\Common Files\IObit
O43 - CFD: 04-03-2015 - 17:34:23 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 06-01-2015 - 5:31:05 - [] ----D C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 22-08-2013 - 8:17:35 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 29-01-2015 - 1:58:47 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 04-03-2015 - 17:25:10 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 23-12-2014 - 21:37:49 - [] ----D C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 22-01-2015 - 16:34:38 - [] -SH-D C:\ProgramData\360Quarant
O43 - CFD: 29-01-2015 - 1:26:43 - [] ----D C:\ProgramData\Adguard
O43 - CFD: 30-01-2015 - 10:37:49 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 30-01-2015 - 22:10:14 - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 22-08-2013 - 7:23:42 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 09-03-2015 - 13:40:20 - [] ----D C:\ProgramData\AVS4YOU
O43 - CFD: 28-12-2014 - 1:27:16 - [] ----D C:\ProgramData\DatacardService
O43 - CFD: 22-08-2013 - 7:23:42 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 12-01-2015 - 18:52:22 - [] -SH-D C:\ProgramData\DIBsection
O43 - CFD: 21-01-2015 - 22:21:25 - [] ----D C:\ProgramData\Doctor Web
O43 - CFD: 22-08-2013 - 7:23:42 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 25-01-2015 - 22:20:31 - [] ----D C:\ProgramData\ESET
O43 - CFD: 22-01-2015 - 0:27:23 - [] ----D C:\ProgramData\HitmanPro
O43 - CFD: 12-01-2015 - 18:52:22 - [] -SH-D C:\ProgramData\icsxml
O43 - CFD: 12-12-2014 - 19:20:46 - [0] ----D C:\ProgramData\IDM
O43 - CFD: 16-01-2015 - 21:20:06 - [] ----D C:\ProgramData\IndigoRose
O43 - CFD: 28-12-2014 - 1:26:28 - [] ----D C:\ProgramData\Internet Mobile
O43 - CFD: 14-01-2015 - 12:15:45 - [] ----D C:\ProgramData\IObit
O43 - CFD: 31-12-2014 - 10:02:39 - [] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 09-01-2015 - 21:53:50 - [] ----D C:\ProgramData\Meridian93
O43 - CFD: 04-03-2015 - 17:23:34 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 04-03-2015 - 17:59:24 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 06-03-2015 - 16:17:10 - [] ----D C:\ProgramData\Microsoft Toolkit =>Trojan.AutoKMS
O43 - CFD: 27-01-2015 - 1:47:30 - [] ----D C:\ProgramData\MobileBrServ
O43 - CFD: 12-12-2014 - 19:07:48 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 12-01-2015 - 18:52:22 - [] -SH-D C:\ProgramData\ms-drivers
O43 - CFD: 21-01-2015 - 22:33:50 - [] ----D C:\ProgramData\Norton
O43 - CFD: 22-01-2015 - 16:59:19 - [] ----D C:\ProgramData\OO Software
O43 - CFD: 16-02-2015 - 4:20:48 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 25-02-2015 - 23:04:31 - [] ----D C:\ProgramData\Photodex
O43 - CFD: 20-01-2015 - 2:21:35 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 20-12-2014 - 4:45:36 - [] ----D C:\ProgramData\Real
O43 - CFD: 04-03-2015 - 17:31:24 - [] ----D C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 20-02-2015 - 18:40:04 - [] ----D C:\ProgramData\RogueKiller
O43 - CFD: 11-01-2015 - 15:16:15 - [] ----D C:\ProgramData\Samsung
O43 - CFD: 29-01-2015 - 1:59:07 - [] ----D C:\ProgramData\Skype
O43 - CFD: 22-08-2013 - 7:23:42 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 16-02-2015 - 0:42:25 - [] ----D C:\ProgramData\TechSmith
O43 - CFD: 15-03-2015 - 0:15:22 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 22-08-2013 - 7:23:42 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 11-03-2015 - 2:42:06 - [] ----D C:\ProgramData\Unchecky
O43 - CFD: 10-03-2015 - 13:59:50 - [] ----D C:\ProgramData\YTD Video Downloader
O43 - CFD: 14-01-2015 - 1:54:05 - [] ----D C:\ProgramData\Zoner
O43 - CFD: 22-08-2013 - 8:17:27 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 28-12-2014 - 9:31:21 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 29-01-2015 - 1:25:45 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
O43 - CFD: 22-08-2013 - 14:39:16 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 15-03-2015 - 0:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 25-01-2015 - 22:20:31 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
O43 - CFD: 10-03-2015 - 20:55:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Effect Maker
O43 - CFD: 09-01-2015 - 21:53:31 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
O43 - CFD: 14-03-2015 - 14:44:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hetman Software
O43 - CFD: 11-03-2015 - 16:45:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
O43 - CFD: 16-01-2015 - 21:20:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Indigo Rose Corporation
O43 - CFD: 01-03-2015 - 2:48:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 28-12-2014 - 1:25:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Mobile
O43 - CFD: 11-03-2015 - 13:50:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
O43 - CFD: 24-12-2014 - 12:56:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 04-03-2015 - 17:18:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
O43 - CFD: 22-08-2013 - 8:17:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 14-01-2015 - 12:15:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageMyMobile
O43 - CFD: 04-03-2015 - 17:58:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
O43 - CFD: 23-12-2014 - 5:56:53 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Samsung SCH-U209
O43 - CFD: 23-02-2015 - 13:37:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLLYDBG
O43 - CFD: 21-02-2015 - 1:37:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
O43 - CFD: 07-02-2015 - 10:41:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo-Brush 5
O43 - CFD: 25-02-2015 - 23:06:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
O43 - CFD: 30-01-2015 - 22:11:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
O43 - CFD: 29-01-2015 - 1:58:59 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 22-08-2013 - 8:17:27 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 16-01-2015 - 2:56:53 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Mario Blue Twilight DX
O43 - CFD: 22-08-2013 - 8:17:27 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 22-08-2013 - 14:39:14 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 11-03-2015 - 2:42:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
O43 - CFD: 27-12-2014 - 22:20:09 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
O43 - CFD: 22-02-2015 - 1:32:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect
O43 - CFD: 06-01-2015 - 5:34:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
O43 - CFD: 13-03-2015 - 11:24:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 03-02-2015 - 2:16:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
O43 - CFD: 10-03-2015 - 0:26:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
O43 - CFD: 16-03-2015 - 16:16:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 03-03-2015 - 17:19:10 - [] ----D C:\Users\admin\AppData\Roaming\.purple
O43 - CFD: 30-01-2015 - 7:43:36 - [] ----D C:\Users\admin\AppData\Roaming\Adobe
O43 - CFD: 30-01-2015 - 22:34:19 - [] ----D C:\Users\admin\AppData\Roaming\Apple Computer
O43 - CFD: 09-03-2015 - 13:40:20 - [] ----D C:\Users\admin\AppData\Roaming\AVS4YOU
O43 - CFD: 15-03-2015 - 23:51:52 - [] ----D C:\Users\admin\AppData\Roaming\DMCache
O43 - CFD: 13-01-2015 - 13:46:52 - [] ----D C:\Users\admin\AppData\Roaming\driveridentifier
O43 - CFD: 25-01-2015 - 22:22:39 - [] ----D C:\Users\admin\AppData\Roaming\ESET
O43 - CFD: 11-01-2015 - 18:36:46 - [] ----D C:\Users\admin\AppData\Roaming\Foxit Software
O43 - CFD: 22-02-2015 - 1:24:59 - [] ----D C:\Users\admin\AppData\Roaming\FreeCall
O43 - CFD: 15-02-2015 - 9:22:03 - [] ----D C:\Users\admin\AppData\Roaming\HTML Executable
O43 - CFD: 15-03-2015 - 10:28:58 - [] ----D C:\Users\admin\AppData\Roaming\IDM
O43 - CFD: 24-12-2014 - 3:25:51 - [] ----D C:\Users\admin\AppData\Roaming\InCode Solutions
O43 - CFD: 16-01-2015 - 21:20:47 - [] ----D C:\Users\admin\AppData\Roaming\IndigoRose
O43 - CFD: 26-01-2015 - 3:27:49 - [] ----D C:\Users\admin\AppData\Roaming\Insoft LLC
O43 - CFD: 26-01-2015 - 8:07:27 - [] ----D C:\Users\admin\AppData\Roaming\IObit
O43 - CFD: 12-01-2015 - 15:31:38 - [0] ----D C:\Users\admin\AppData\Roaming\Letasoft
O43 - CFD: 13-12-2014 - 4:32:41 - [] ----D C:\Users\admin\AppData\Roaming\Macromedia
O43 - CFD: 16-03-2015 - 0:20:01 - [] ----D C:\Users\admin\AppData\Roaming\Media Player Classic
O43 - CFD: 09-01-2015 - 21:53:48 - [] ----D C:\Users\admin\AppData\Roaming\Meridian93
O43 - CFD: 04-03-2015 - 18:25:40 - [] -S--D C:\Users\admin\AppData\Roaming\Microsoft
O43 - CFD: 25-02-2015 - 23:06:37 - [] ----D C:\Users\admin\AppData\Roaming\Mozilla
O43 - CFD: 09-03-2015 - 9:32:07 - [] ----D C:\Users\admin\AppData\Roaming\mxnitro
O43 - CFD: 25-02-2015 - 23:06:37 - [] ----D C:\Users\admin\AppData\Roaming\Netscape
O43 - CFD: 25-02-2015 - 23:01:33 - [] ----D C:\Users\admin\AppData\Roaming\Photodex
O43 - CFD: 14-01-2015 - 0:21:28 - [0] ----D C:\Users\admin\AppData\Roaming\PhoXo
O43 - CFD: 30-12-2014 - 22:40:38 - [] ----D C:\Users\admin\AppData\Roaming\ProductData
O43 - CFD: 20-12-2014 - 4:45:55 - [] ----D C:\Users\admin\AppData\Roaming\Real
O43 - CFD: 08-03-2015 - 22:57:59 - [] ----D C:\Users\admin\AppData\Roaming\Skype
O43 - CFD: 14-02-2015 - 1:16:17 - [] ----D C:\Users\admin\AppData\Roaming\TeamViewer
O43 - CFD: 17-01-2015 - 22:05:02 - [] ----D C:\Users\admin\AppData\Roaming\TeraCopy
O43 - CFD: 03-02-2015 - 2:15:31 - [] ----D C:\Users\admin\AppData\Roaming\URSoft
O43 - CFD: 22-02-2015 - 1:33:32 - [] ----D C:\Users\admin\AppData\Roaming\VoipConnect
O43 - CFD: 16-01-2015 - 16:08:36 - [] ----D C:\Users\admin\AppData\Roaming\Winamp
O43 - CFD: 12-12-2014 - 19:25:27 - [] ----D C:\Users\admin\AppData\Roaming\WinRAR
O43 - CFD: 16-03-2015 - 16:18:20 - [] ----D C:\Users\admin\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14-01-2015 - 1:54:24 - [] ----D C:\Users\admin\AppData\Roaming\Zoner
O43 - CFD: 14-02-2015 - 2:34:40 - [] ----D C:\Users\admin\AppData\Local\Adobe
O43 - CFD: 24-01-2015 - 19:06:35 - [] ----D C:\Users\admin\AppData\Local\Ashampoo
O43 - CFD: 09-02-2015 - 4:52:56 - [] ----D C:\Users\admin\AppData\Local\assembly
O43 - CFD: 07-03-2015 - 3:40:01 - [0] ----D C:\Users\admin\AppData\Local\CrashDumps
O43 - CFD: 16-12-2014 - 3:17:08 - [0] ----D C:\Users\admin\AppData\Local\DFX
O43 - CFD: 08-03-2015 - 13:37:39 - [] ----D C:\Users\admin\AppData\Local\Diagnostics
O43 - CFD: 13-01-2015 - 22:47:45 - [] ----D C:\Users\admin\AppData\Local\Downloaded Installations
O43 - CFD: 25-01-2015 - 22:22:39 - [] ----D C:\Users\admin\AppData\Local\ESET
O43 - CFD: 12-01-2015 - 15:31:43 - [0] -SH-D C:\Users\admin\AppData\Local\icsxml
O43 - CFD: 27-12-2014 - 0:33:00 - [] ----D C:\Users\admin\AppData\Local\Intel
O43 - CFD: 13-12-2014 - 4:32:41 - [] ----D C:\Users\admin\AppData\Local\Macromedia
O43 - CFD: 04-03-2015 - 18:23:31 - [] ----D C:\Users\admin\AppData\Local\Microsoft
O43 - CFD: 04-03-2015 - 17:47:49 - [] ----D C:\Users\admin\AppData\Local\Microsoft Help
O43 - CFD: 29-12-2014 - 2:27:30 - [0] ----D C:\Users\admin\AppData\Local\MigWiz
O43 - CFD: 12-12-2014 - 19:08:40 - [] ----D C:\Users\admin\AppData\Local\Mozilla
O43 - CFD: 21-01-2015 - 22:34:13 - [] ----D C:\Users\admin\AppData\Local\NPE
O43 - CFD: 26-01-2015 - 20:18:20 - [] ----D C:\Users\admin\AppData\Local\Packages
O43 - CFD: 12-12-2014 - 19:29:20 - [] ----D C:\Users\admin\AppData\Local\Programs
O43 - CFD: 10-01-2015 - 7:54:51 - [] ----D C:\Users\admin\AppData\Local\Skype
O43 - CFD: 16-03-2015 - 16:16:40 - [] ---AD C:\Users\admin\AppData\Local\Temp
O43 - CFD: 25-12-2014 - 0:42:22 - [] ----D C:\Users\admin\AppData\Local\VirtualStore
O43 - CFD: 14-01-2015 - 1:54:48 - [] ----D C:\Users\admin\AppData\Local\Zoner
O43 - CFD: 22-08-2013 - 8:17:27 - [] R---D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 22-08-2013 - 8:17:27 - [] R---D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 16-12-2014 - 0:55:42 - [] R---D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14-03-2015 - 14:44:55 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hetman Software
O43 - CFD: 01-03-2015 - 2:48:11 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 04-03-2015 - 17:18:45 - [0] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
O43 - CFD: 22-08-2013 - 8:17:27 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 09-03-2015 - 9:32:09 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxthon Nitro
O43 - CFD: 16-12-2014 - 0:55:42 - [] R---D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 22-08-2013 - 8:17:27 - [] R---D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 13-03-2015 - 11:24:36 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 223 Scanned in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 04-03-2015 - 17:25:13 ---A- . (...) -- C:\Windows\win.ini [167]
O44 - LFC:[MD5.36C9DC1B04B60C187340F2552D77A94E] - 08-03-2015 - 13:39:20 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [656704]
O44 - LFC:[MD5.05A0C2744CEAC6F1B723EC469B650EF0] - 10-03-2015 - 1:30:48 ---A- . (.Panda Security, S.L. - Panda Kernel Memory Access Driver (x86).) -- C:\Windows\System32\Drivers\PSKMAD.sys [47632]
O44 - LFC:[MD5.9AFA88A2436DA9B2AF80110CCF5A9CA2] - 10-03-2015 - 2:05:34 ---A- . (...) -- C:\DelFix.txt [307]
O44 - LFC:[MD5.AED884BF05B8D10E5A2497514EA80DBE] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [2302998]
O44 - LFC:[MD5.F4D89737EDA19B02594EBEEC1DC66D18] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\perfc001.dat [68572]
O44 - LFC:[MD5.CD4404EB66CDA52BAD8F2417E719B3B1] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\perfc009.dat [139286]
O44 - LFC:[MD5.52F1DFE2123A849359B846DE05D7D85D] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [152450]
O44 - LFC:[MD5.5AD808852700805F0593AFC6333D80C2] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\perfh001.dat [441566]
O44 - LFC:[MD5.E6290ABA2E442BBCDBE3BA0F58C4EEF4] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\perfh009.dat [726362]
O44 - LFC:[MD5.CC5B8985453995B031DDE183F2339269] - 11-03-2015 - 21:40:49 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [779458]
O44 - LFC:[MD5.FD44FA80DA03EA144153A76DEBBB61B4] - 15-03-2015 - 15:36:37 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35064]
O44 - LFC:[MD5.23BD6A19E759CF6D2F3540DF72571BFC] - 16-03-2015 - 11:37:32 ---A- . (...) -- C:\Windows\WindowsUpdate.log [90478]
O44 - LFC:[MD5.58467E89447DB009E61A702F60632AB3] - 16-03-2015 - 7:12:02 ---A- . (...) -- C:\Windows\PFRO.log [145804]
O44 - LFC:[MD5.8B5EF08BE91FB2F34D36592889A77B6E] - 16-03-2015 - 7:14:29 ---A- . (...) -- C:\Windows\ntbtlog.txt [425550]
~ Files: 15 Scanned in 00mn 14s



---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
~ LSA: 3 Scanned in 00mn 00s



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\iaioi2c.sys . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaioi2c.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 18 Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{58d11688-8dc5-11e4-9736-c16150d219d7}\AutoRun\command. (.No owner - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{b900be52-9c33-11e4-9756-b65cf2a42180}\AutoRun\command. (.No owner - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{d67ca4dd-a5ac-11e4-9776-a77a00e1d194}\AutoRun\command. (.No owner - AutoRun.) -- F:\AutoRun.exe
O51 - MPSK:{d7f919b2-8f57-11e4-973b-b30ff9153ed1}\AutoRun\command. (.No owner - AutoRun.) -- F:\AutoRun.exe
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 3 Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:22-08-2013 - 5:33:26 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [86368]
O58 - SDL:15-01-2015 - 10:27:12 ---A- . (.No owner - Adguard TDI network driver.) -- C:\Windows\System32\Drivers\adgnetworktdi.sys [56080]
O58 - SDL:22-08-2013 - 5:33:25 ---A- . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) -- C:\Windows\System32\Drivers\adp80xx.sys [773472]
O58 - SDL:22-08-2013 - 5:33:25 ---A- . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [72544]
O58 - SDL:22-08-2013 - 5:33:26 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [215392]
O58 - SDL:22-08-2013 - 5:33:24 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22880]
O58 - SDL:22-08-2013 - 5:33:26 ---A- . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [101728]
O58 - SDL:18-12-2014 - 5:04:32 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [412952]
O58 - SDL:12-08-2013 - 23:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088]
O58 - SDL:21-11-2013 - 15:47:42 ---A- . (.BitDefender - BitDefender AntiVirus FS filter driver.) -- C:\Windows\System32\Drivers\bdfsfltr.sys [356368]
O58 - SDL:13-12-2012 - 15:41:10 ---A- . (.Windows (R) Win 7 DDK provider - Explore Systems Virtual Audio Device.) -- C:\Windows\System32\Drivers\dfx11_1.sys [24424]
O58 - SDL:22-09-2014 - 8:20:06 ---A- . (.ESET - Amon monitor.) -- C:\Windows\System32\Drivers\eamonm.sys [191928]
O58 - SDL:22-09-2014 - 8:20:06 ---A- . (.ESET - Devmon monitor.) -- C:\Windows\System32\Drivers\edevmon.sys [190368]
O58 - SDL:22-09-2014 - 8:20:06 ---A- . (.ESET - ESET Helper driver.) -- C:\Windows\System32\Drivers\ehdrv.sys [135296]
O58 - SDL:22-09-2014 - 8:20:06 ---A- . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\Drivers\epfw.sys [176448]
O58 - SDL:22-09-2014 - 8:20:06 ---A- . (.ESET - Epfw NDIS LightWeight Filter.) -- C:\Windows\System32\Drivers\EpfwLWF.sys [37928]
O58 - SDL:22-09-2014 - 8:20:06 ---A- . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\Drivers\epfwwfp.sys [51288]
O58 - SDL:28-12-2014 - 1:23:51 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:28-12-2014 - 1:23:51 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbmdm.sys [199168]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbwwan.sys [369152]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - ew_hwupgrade Driver.) -- C:\Windows\System32\Drivers\ew_hwupgrade.sys [19200]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - ew_jubusenum Driver.) -- C:\Windows\System32\Drivers\ew_jubusenum.sys [76544]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - ew_jucdcacm Driver.) -- C:\Windows\System32\Drivers\ew_jucdcacm.sys [95616]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - ew_jucdcndis Driver.) -- C:\Windows\System32\Drivers\ew_jucdcecm.sys [67584]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - ew_juextctrl Driver.) -- C:\Windows\System32\Drivers\ew_juextctrl.sys [27520]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - ew_jucdcndis Driver.) -- C:\Windows\System32\Drivers\ew_juwwanecm.sys [195072]
O58 - SDL:28-12-2014 - 1:23:52 ---A- . (.Huawei Technologies Co., Ltd. - Filter Driver.) -- C:\Windows\System32\Drivers\ew_usbenumfilter.sys [11136]
O58 - SDL:22-08-2013 - 5:33:29 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [56672]
O58 - SDL:20-12-2014 - 5:20:22 ---A- . (.REALiX(tm) - HWiNFO x86 Kernel Driver.) -- C:\Windows\System32\Drivers\HWiNFO32.SYS [23840]
O58 - SDL:23-07-2013 - 21:18:30 ---A- . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller Driver.) -- C:\Windows\System32\Drivers\iaiogpio.sys [22016]
O58 - SDL:23-07-2013 - 21:18:30 ---A- . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaioi2c.sys [61936]
O58 - SDL:10-08-2013 - 0:39:44 ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver (inbox) - x86.) -- C:\Windows\System32\Drivers\iaStorAV.sys [524784]
O58 - SDL:22-08-2013 - 5:33:29 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [333664]
O58 - SDL:29-11-2014 - 0:37:06 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [115752]
O58 - SDL:23-03-2012 - 4:29:58 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [4815872]
O58 - SDL:22-08-2013 - 5:33:29 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [94048]
O58 - SDL:22-08-2013 - 5:33:30 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [79712]
O58 - SDL:22-08-2013 - 5:33:30 ---A- . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas3.sys [68960]
O58 - SDL:22-08-2013 - 5:33:29 ---A- . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sss.sys [69472]
O58 - SDL:02-03-2011 - 17:12:46 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [9216]
O58 - SDL:22-08-2013 - 5:33:30 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [51552]
O58 - SDL:22-08-2013 - 5:33:29 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\megasr.sys [464736]
O58 - SDL:28-12-2014 - 1:23:53 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:22-08-2013 - 5:33:32 ---A- . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\Drivers\mvumis.sys [58208]
O58 - SDL:22-08-2013 - 5:33:32 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [120160]
O58 - SDL:22-08-2013 - 5:33:33 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [141664]
O58 - SDL:28-05-2014 - 6:19:42 ---A- . (.O&O Software GmbH - O&O DiskImage Snapshot/Restore Driver (Win32).) -- C:\Windows\System32\Drivers\oodisr.sys [98496]
O58 - SDL:28-05-2014 - 6:19:44 ---A- . (.O&O Software GmbH - O&O DiskImage Snapshot/Restore Helper Driver (Win32).) -- C:\Windows\System32\Drivers\oodisrh.sys [29888]
O58 - SDL:28-05-2014 - 6:19:44 ---A- . (.O&O Software GmbH - O&O DiskImage Virtual Devices Driver (Win32).) -- C:\Windows\System32\Drivers\oodivd.sys [209600]
O58 - SDL:28-05-2014 - 6:19:44 ---A- . (.O&O Software GmbH - O&O DiskImage Virtual Devices Helper Driver (Win32).) -- C:\Windows\System32\Drivers\oodivdh.sys [32960]
O58 - SDL:29-04-2013 - 9:17:34 ---A- . (.Panda Security, S.L. - Panda Kernel Memory Access Driver (x86).) -- C:\Windows\System32\Drivers\PSKMAD.sys [47632]
O58 - SDL:18-12-2014 - 7:38:46 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHDA.sys [3343832]
O58 - SDL:22-08-2013 - 8:16:47 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:22-08-2013 - 5:32:56 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [41312]
O58 - SDL:22-08-2013 - 5:32:57 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [79200]
O58 - SDL:22-01-2014 - 8:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]
O58 - SDL:22-01-2014 - 8:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [184192]
O58 - SDL:22-01-2014 - 8:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile OBEX Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudobex.sys [184192]
O58 - SDL:22-01-2014 - 8:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [184192]
O58 - SDL:22-08-2013 - 5:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]
O58 - SDL:22-08-2013 - 12:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35288]
O58 - SDL:15-03-2015 - 15:36:37 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35064]
O58 - SDL:19-12-2014 - 8:12:37 ---A- . (.BitDefender S.R.L. - Trufos Kernel Module.) -- C:\Windows\System32\Drivers\TrufosAlt.sys [361912]
O58 - SDL:22-08-2013 - 5:33:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [18272]
O58 - SDL:22-08-2013 - 5:33:01 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\Drivers\vsmraid.sys [148832]
O58 - SDL:22-08-2013 - 5:33:01 ---A- . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\Drivers\VSTXRAID.SYS [276832]
O58 - SDL:26-01-2015 - 3:28:18 ---A- . (...) -- C:\Windows\System32\Drivers\vwifikerneldrv.sys [262]
O58 - SDL:02-03-2011 - 17:12:46 ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [107776]
O58 - SDL:02-03-2011 - 17:12:46 ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ZTEusbnmea.sys [107776]
O58 - SDL:02-03-2011 - 17:12:46 ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ZTEusbser6k.sys [107776]
~ Drivers: 71 Scanned in 00mn 06s



---\\ Last modified or created user files (O61)
O61 - LFC: 09-03-2015 - 16:19:09 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\My Pro4M\CD_Root\autorun.exe [6426112]
O61 - LFC: 10-03-2015 - 16:19:03 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Output\My Proj4.exe [25466878]
O61 - LFC: 10-03-2015 - 16:19:09 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\My Proj4\CD_Root\autorun.exe [6426112]
O61 - LFC: 10-03-2015 - 16:19:12 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\My Project123456\CD_Root\autorun.exe [6426112]
O61 - LFC: 11-03-2015 - 16:18:52 ---A- . (...) -- C:\Users\admin\AppData\Local\Adobe\Acrobat\11.0\UserCache.bin [155416]
O61 - LFC: 11-03-2015 - 16:19:01 ---A- . (.isotousb.com.) -- C:\Users\admin\Desktop\Act_WinRAR_by_Mr_Strong_StarTimes.CoM\isotousb_setup.exe [1733935]
O61 - LFC: 12-03-2015 - 16:19:01 ---A- . (.IObit.) -- C:\Users\admin\Desktop\Act_WinRAR_by_Mr_Strong_StarTimes.CoM\0bbdc37913a388602b12ff7d49.exe [17386944]
O61 - LFC: 12-03-2015 - 16:19:06 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Output\My Project تجريبي.exe [73780636]
O61 - LFC: 12-03-2015 - 16:19:09 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\M\CD_Root\autorun.exe [6426112]
O61 - LFC: 12-03-2015 - 16:19:11 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\My Project تجريبي\CD_Root\autorun.exe [6426112]
O61 - LFC: 13-03-2015 - 16:19:01 ---A- . (...) -- C:\Users\admin\Desktop\Act_WinRAR_by_Mr_Strong_StarTimes.CoM\winrar collection 5.21.exe [17241557]
O61 - LFC: 13-03-2015 - 16:19:07 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\ Project\CD_Root\autorun.exe [6426112]
O61 - LFC: 13-03-2015 - 16:19:10 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\My Projec\CD_Root\autorun.exe [6426112]
O61 - LFC: 14-03-2015 - 16:18:57 ---A- . (.Piriform Ltd.) -- C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\ccsetup503pro.exe [5325352]
O61 - LFC: 14-03-2015 - 16:18:58 ---A- . (.Piriform Ltd.) -- C:\Users\admin\AppData\Local\Temp\ir_ext_temp_1\AutoPlay\Docs\ccsetup503pro.exe [5325352]
O61 - LFC: 14-03-2015 - 16:19:02 ---A- . (.Piriform Ltd.) -- C:\Users\admin\Desktop\ccsetup503pro.exe [5325352]
O61 - LFC: 14-03-2015 - 16:19:07 ---A- . (.Piriform Ltd.) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\CCleaner\CD_Root\AutoPlay\Docs\ccsetup503pro.exe [5325352]
O61 - LFC: 14-03-2015 - 16:19:14 ---A- . (...) -- C:\Users\admin\Downloads\Programs\ALL IN ONE Hetman COLLECTION.exe [62091306]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (...) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\Mf8s9TOUGQAfE.exe [7154944]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (...) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\UG6rIdOFanH.exe [2133360]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (...) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\sS2QUNDM1MJ.exe [477144]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (...) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\x8ORxDqf3GZDU.exe [440576]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (.Doctor Web, Ltd..) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\OekugUEDCCT1.dll [1901128]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (.Doctor Web, Ltd..) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\QQKa0zkTNj5XvOi.dll [4589872]
O61 - LFC: 15-03-2015 - 16:18:57 ---A- . (.Doctor Web, Ltd..) -- C:\Users\admin\AppData\Local\Temp\333C2580-FC184400-CD4D2200-6BA0DC00\wGdI2xf1Bo.dll [1516920]
O61 - LFC: 15-03-2015 - 16:18:58 ---A- . (...) -- C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe [6426112]
O61 - LFC: 15-03-2015 - 16:18:58 ---A- . (...) -- C:\Users\admin\AppData\Local\Temp\ir_ext_temp_1\autorun.exe [6426112]
O61 - LFC: 15-03-2015 - 16:19:01 ---A- . (...) -- C:\Users\admin\AppData\Roaming\ZHP\ZHPCleaner.exe [1701888] =>.Nicolas Coolman
O61 - LFC: 15-03-2015 - 16:19:02 ---A- . (...) -- C:\Users\admin\Desktop\CCleaner.exe [18593622]
O61 - LFC: 15-03-2015 - 16:19:02 ---A- . (...) -- C:\Users\admin\Desktop\RogueKiller.exe [15632984]
O61 - LFC: 15-03-2015 - 16:19:02 ---A- . (...) -- C:\Users\admin\Desktop\ZHPCleaner.exe [1701888] =>.Nicolas Coolman
O61 - LFC: 15-03-2015 - 16:19:02 ---A- . (...) -- C:\Users\admin\Desktop\delfix_10.9.exe [781312]
O61 - LFC: 15-03-2015 - 16:19:02 ---A- . (...) -- C:\Users\admin\Desktop\q0dcpll7.exe [163887712]
O61 - LFC: 15-03-2015 - 16:19:07 ---A- . (...) -- C:\Users\admin\Documents\AutoPlay Media Studio 8\Projects\CCleaner\CD_Root\autorun.exe [6426112]
O61 - LFC: 16-03-2015 - 16:19:02 ---A- . (.Nicolas Coolman.) -- C:\Users\admin\Desktop\ZHPDiag2.exe [6878430] =>.Nicolas Coolman
~ 322 Fichiers temporaires (Temporary files)
~ Files: 35 Scanned in 00mn 21s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ FASS Keys: 11 Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [181248]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [128512]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [128512]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [244224]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) -- C:\Windows\System32\gpsvc.dll [1165312]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [730112]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over an IPv4 network..) -- C:\Windows\System32\iphlpsvc.dll [795648]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي الخاصة بخدمة تسجيل الدخول الثانوي.) -- C:\Windows\system32\seclogon.dll [23040]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [88576]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [116224]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [91136]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) -- C:\Windows\System32\schedsvc.dll [980480]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [174592]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [73728]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [105472]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [184320]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [280576]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - تقارير المشاكل وحلولها.) -- C:\Windows\System32\wercplsupport.dll [59392]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [75776]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Service de compte Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1185280]
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Service d’infrastructure de localisation Windows.) -- C:\Windows\System32\GeofenceMonitorService.dll [357376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [297472]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestionnaire d’installation de périphérique.) -- C:\Windows\System32\DeviceSetupManager.dll [165376]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [141312]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [93696]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire des connexions d’accès à distance.) -- C:\Windows\System32\rasmans.dll [456192]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [177664]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [54784]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [380928]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [248320]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) -- C:\WINDOWS\system32\wuaueng.dll [2832896]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [801792]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Shell.) -- C:\Windows\System32\shsvcs.dll [564736]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - خدمة تثبت البرامج.) -- C:\Windows\System32\appmgmts.dll [151040]
O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filter.) -- C:\Windows\System32\KeyboardFilterSvc.dll [75104]
~ Services: 36 Scanned in 00mn 01s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A372F25C42386DFA6ED9DAD30BFE8164] [SPRF][26-01-2015] (...) -- C:\ProgramData\fontcacheev1.dat [262]
[MD5.B1BF0E2AE83FCBB0613E696596186420] [SPRF][15-03-2015] (.No owner - AutoPlay Application.) -- C:\Users\admin\Desktop\CCleaner.exe [18593622]
[MD5.4E5A3E278604B1A55E84E05AEFB1BD23] [SPRF][14-03-2015] (.Piriform Ltd - CCleaner Installer.) -- C:\Users\admin\Desktop\ccsetup503pro.exe [5325352]
[MD5.CCACBC97231A4E46D5DBF809C0FF8FD0] [SPRF][15-03-2015] (.No owner - Aut2Exe.) -- C:\Users\admin\Desktop\delfix_10.9.exe [781312]
[MD5.582E559B506DA952EDDBDA4D8DB799E7] [SPRF][20-12-2012] (.Janek2012 - The Ultimate PID Checker.) -- C:\Users\admin\Desktop\pidgen.exe [2467840]
[MD5.2A86EB77CEE473D5CE8C27317876F11D] [SPRF][15-03-2015] (...) -- C:\Users\admin\Desktop\q0dcpll7.exe [163887712]
[MD5.5F19AE2884F251D59E9BA57BF45FA284] [SPRF][15-03-2015] (...) -- C:\Users\admin\Desktop\RogueKiller.exe [15632984]
[MD5.659F018A98C42B5BDEF4EBFC54572CF6] [SPRF][28-07-2012] (.Top4top - Top4top Uploading Service Setup.) -- C:\Users\admin\Desktop\Top4toP-Right-Click-2-Upload-2.0.4.0.exe [1000162]
[MD5.2CFDB61254FE1798632897532A7660E7] [SPRF][15-03-2015] (.No owner - ZHPCleaner.) -- C:\Users\admin\Desktop\ZHPCleaner.exe [1701888]
[MD5.A7149A7C508D4C675131224A8A9576BD] [SPRF][16-03-2015] (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Users\admin\Desktop\ZHPDiag2.exe [6878430]
[MD5.F9E5F06F4CB80FA7D15604D3BBAE5D39] [SPRF][13-02-2015] (.No owner - AutoPlay Application.) -- C:\Users\admin\Desktop\تطبيق المرحلة الثانية ستار تايمز.exe [54048873]
~ Files: 11 Scanned in 00mn 08s



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Scanned in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 03-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14-03-2011 271712 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SS - | Demand 04-04-2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 09-01-2015 252632 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
SS - | Auto 02-01-2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 30-01-2015 5429520 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
SS - | Auto 11-03-2015 161744 | (Unchecky) . (.RaMMicHaeL.) - C:\Program Files\Unchecky\bin\unchecky_svc.exe
SS - | Demand 22-08-2013 31552 | C:\WINDOWS\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01-10-2014 1349576 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
SR - | Auto 25-02-2015 186760 | (ScsiAccess) . (...) - C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
SR - | Demand 30-10-2013 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 26s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Scanned in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by admin at 16-03-2015 16:20:38
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (15-03-2015)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}] =>PUP.GreenTreeApp^
C:\Program Files\GreenTree Applications =>PUP.GreenTreeApp^
C:\ProgramData\Microsoft Toolkit =>Trojan.AutoKMS^
[HKCU\Software\GreenTree Applications] =>PUP.GreenTreeApp^
~ Additionnel Scan: 234977 Items scanned in 00mn 46s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 4 Scanned in 00mn 00s



---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>PUP.GreenTreeApp
http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS
~ MSI: 2 link(s) detected in 00mn 00s



End of the scan (1104 lines in 04mn 09s)(0.7)

Publicité


Signaler le contenu de ce document

Publicité