cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/14)
~ Launched by Sweet-Home (18/03/15 07:01:58 م)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17690
MFIE: Mozilla Firefox 36.0.1 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W8 (Deactivate)

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 16 NPAPI

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8191.2 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 16 GB (8%) free of 204 GB

---\\ Connection to the system mode
~ Computer Name: MY-PCS
~ User Name: Sweet-Home
~ All Users Names: Sweet-Home, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sweet-Home\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sweet-Home\AppData\Roaming\
~ %Desktop% : C:\Users\Sweet-Home\Desktop\
~ %Favorites% : C:\Users\Sweet-Home\Favorites\
~ %LocalAppData% : C:\Users\Sweet-Home\AppData\Local\
~ %StartMenu% : C:\Users\Sweet-Home\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 16 Go of 204 Go)
D: Hard drive, Flash drive, Thumb drive (Free 35 Go of 415 Go)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 200 Go)
F: Hard drive, Flash drive, Thumb drive (Free 4 Go of 112 Go)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in :0mn صs



---\\ Search Generic System Files
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - مستكشف Windows.) (.28/01/15 - 02:47:12 ص.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) (.29/10/14 - 04:25:54 ص.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - ملحقات الإنترنت لـ Win32.) (.20/02/15 - 04:28:25 ص.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) (.29/10/14 - 04:22:52 ص.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - مكتبة تراخيص البرامج.) (.21/12/13 - 11:54:07 ص.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/14 - 06:03:03 ص.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/13 - 03:43:41 م.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/13 - 02:40:15 م.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/13 - 11:46:35 ص.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/14 - 12:22:50 م.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/14 - 02:45:39 م.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - i8042 Port Driver.) (.04/11/14 - 09:54:54 ص.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/13 - 03:02:29 م.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.08/10/14 - 10:32:10 ص.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/13 - 02:37:02 م.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - NT File System Driver.) (.15/10/14 - 11:32:37 ص.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Parallel Port Driver.) (.22/08/13 - 02:40:02 م.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.08/11/14 - 06:58:31 ص.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.23/08/13 - 01:56:09 ص.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/13 - 04:25:35 م.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.19/06/14 - 05:13:36 ص.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/4
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 2/534
~ Mon Bureau (My Desktop) : 3/14754
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in :0mn صs



---\\ Process running
[MD5.0E35A55D8BC0359BD0AE16C4A6356240] - (.No owner - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [565760] [PID.1600]
[MD5.ABDC98CAB10C192F5283B30399DA7A1E] - (.Hagel Technologies Ltd. - DU Meter Monitor.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe [3810784] [PID.2136]
[MD5.7304E21B92E538E2CC793EDF478AC034] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472] [PID.2684]
[MD5.F51D682701B303ED6CC5474CE5FA5AAA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.4184]
[MD5.CFE4F60624C6FCCC4C07D07FA3B4A5FF] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3499456] [PID.4384]
[MD5.2457344535A189B6950D339FE011650B] - (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe [3631448] [PID.4428]
[MD5.3255867AE34EDD5346C750677EE63354] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [2874048] [PID.4484]
[MD5.221B23E010D835B144FB1930AE9118CA] - (...) -- C:\ProgramData\{66bf26a4-4052-79a6-66bf-f26a44059a91}\Setup.exe [845000] [PID.4712]
[MD5.880616F037588EB6BC5177109B029799] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe [1543872] [PID.3608]
[MD5.73162936309F3D1ADBE47602EFF47F17] - (.No owner - RTSS.) -- C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [197632] [PID.5420]
[MD5.7799D7A7F1E8DA3AE35C9FA828C32995] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [264816] [PID.1820]
[MD5.4E8288547D53DB9555067DE7FDCCB127] - (.Adobe Systems, Inc. - Adobe Flash Player 16.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe [1880752] [PID.1208]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.700]
~ Processes Running: Scanned in :0mn صs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Sweet-Home - j05njsre.default-1426693163853] http://google.com
~ Firefox Browser: 9 Legitimates Filtered in :0mn صs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com =>PUP.IsStart
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com =>PUP.IsStart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.IsStart
~ IE Browser: 16 Legitimates Filtered in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in :0mn صs



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.IsStart
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.IsStart
O4 - GS\QuickLaunch [Sweet-Home]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
O4 - GS\TaskBar [Sweet-Home]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
O4 - GS\TaskBar [Sweet-Home]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.IsStart
~ Global Startup: 5 Legitimates Filtered in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - إدارة صوت Realtek HD.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKCU\..\Run: [DU Meter] . (.Hagel Technologies Ltd. - DU Meter Monitor.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKCU\..\Run: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (.not file.)
O4 - HKCU\..\Run: [Kies3PDLR.exe] C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe (.not file.)
O4 - HKCU\..\Run: [Razer Comms] . (.No owner - Razer Comms.) -- C:\Program Files (x86)\Razer\Comms\RazerComms.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu Antivirus] D:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971\Baidu Antivirus\BavTray.exe (.not file.)
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [DU Meter] . (.Hagel Technologies Ltd. - DU Meter Monitor.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (.not file.)
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [Kies3PDLR.exe] C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe (.not file.)
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [Razer Comms] . (.No owner - Razer Comms.) -- C:\Program Files (x86)\Razer\Comms\RazerComms.exe
O4 - HKUS\S-1-5-21-2448779314-3005541630-574438189-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
~ Application: Scanned in :0mn صs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: إر&سال إلى OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: انقر للاتصال من Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: ملاحظات OneNote الم&رتبطة [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in :0mn صs



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in :0mn صs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F1C38BC-F0A6-4C78-A9C9-76544F18CA8B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F1C38BC-F0A6-4C78-A9C9-76544F18CA8B}: DhcpDomain = LTE_ZZ
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F1C38BC-F0A6-4C78-A9C9-76544F18CA8B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F1C38BC-F0A6-4C78-A9C9-76544F18CA8B}: DhcpDomain = LTE_ZZ
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in :0mn صs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Baidu Antivirus Service (BAVSvc) . (...) - D:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971\Baidu Antivirus\BAVSvc.exe (.not file.)
O23 - Service: Baidu Hips Service (BHipsSvc) . (...) - D:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971\Baidu Antivirus\BHipsSvc.exe (.not file.)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) . (.No owner - GameScannerService.) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: Service KMSELDI (Service KMSELDI) . (.No owner - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
~ Services: 13 Legitimates Filtered in :0mn صs



---\\ Task Planned Automatically (039)
[MD5.B1C45BCC10B41D88837F1CA3D30B1824] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [686592] =>PUP.KMSpico
[MD5.00000000000000000000000000000000] [APT] [Baidu Antivirus Update] (...) -- D:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971\Baidu Antivirus\BavUpdater.exe (.not file.) [0]
[MD5.0E35A55D8BC0359BD0AE16C4A6356240] [APT] [MSIAfterburner] (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [565760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
~ Scheduled Task: 12 Legitimates Filtered in :0mn صs



---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex64.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef64.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 46 Legitimates Filtered in :0mn صs



---\\ Software installed (O42)
O42 - Logiciel: HD2 Toolkit version 4.3 - (.Kaushal Subedi (KSubedi).) [HKLM][64Bits] -- {12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1
O42 - Logiciel: Helium - (.ClockworkMod.) [HKLM][64Bits] -- {9A781940-AC41-4D5E-8E1E-76A04B916FB9}
O42 - Logiciel: KMSpico v9.0.5.20131111 - (...) [HKLM][64Bits] -- KMSpico_is1 =>PUP.KMSpico
O42 - Logiciel: Ori and the Blind Forest - (...) [HKLM][64Bits] -- Ori and the Blind Forest_is1
O42 - Logiciel: Smart Port Forwarding - (.Brooks Younce Software.) [HKLM][64Bits] -- Smart Port Forwarding
O42 - Logiciel: UniiDEalSu e - (...) [HKLM][64Bits] -- {11F6D5AB-263F-388E-74DE-E3DECD390E3F}
O42 - Logiciel: istartsurf uninstall - (.istartsurf.) [HKLM][64Bits] -- istartsurf uninstall =>PUP.IsStart
O42 - Logiciel: youtubeadblocker - (...) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.YouTuAdBlocker
~ Logic: 27 Legitimates Filtered in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Baidu Security]
[HKCU\Software\Drivers]
[HKCU\Software\System32]
[HKCU\Software\VCG]
[HKCU\Software\VERIZON_AR]
[HKCU\Software\Win]
[HKCU\Software\ribon]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\23fe3807-e78e-eb9b-554a-f750ae3d9785] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\WafCX]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 380 Legitimates Filtered in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 19/01/15 - 08:39:23 م - [] ----D C:\Program Files (x86)\ClockworkMod
O43 - CFD: 12/01/15 - 11:58:02 م - [] ----D C:\Program Files (x86)\HD2 Toolkit
O43 - CFD: 18/03/15 - 01:26:28 م - [] ----D C:\Program Files (x86)\Ori and the Blind Forest
O43 - CFD: 13/01/15 - 01:03:32 ص - [] ----D C:\Program Files (x86)\Smart Port Forwarding
O43 - CFD: 13/11/14 - 07:34:13 م - [] ----D C:\Program Files (x86)\Watch Dogs
O43 - CFD: 12/01/15 - 03:01:50 ص - [] ----D C:\ProgramData\86cff7955e4243f3
O43 - CFD: 17/03/15 - 01:03:42 ص - [] ----D C:\ProgramData\8e2b2f46000053bc
O43 - CFD: 16/03/15 - 08:54:09 م - [] ----D C:\ProgramData\9714255142165038067
O43 - CFD: 12/01/15 - 11:53:22 م - [] ----D C:\ProgramData\baidu
O43 - CFD: 19/01/15 - 06:18:55 ص - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 12/01/15 - 03:04:21 ص - [0] ----D C:\ProgramData\PriceLess
O43 - CFD: 26/12/14 - 01:44:22 ص - [] ----D C:\ProgramData\Saved Games
O43 - CFD: 12/01/15 - 11:58:03 م - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 16/03/15 - 08:55:21 م - [] ----D C:\ProgramData\{43c47a4b-c3f3-d5ce-43c4-47a4bc3fe92f}
O43 - CFD: 16/03/15 - 09:15:32 م - [] ----D C:\ProgramData\{66bf26a4-4052-79a6-66bf-f26a44059a91}
O43 - CFD: 12/01/15 - 11:58:03 م - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD2 Toolkit
O43 - CFD: 23/11/14 - 06:36:43 م - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico
O43 - CFD: 20/12/14 - 01:22:24 م - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeshLab
O43 - CFD: 18/03/15 - 01:18:03 م - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ori and the Blind Forest
O43 - CFD: 24/11/14 - 08:41:52 م - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
O43 - CFD: 11/01/15 - 10:08:33 م - [] ----D C:\Users\Sweet-Home\AppData\Roaming\Baidu
O43 - CFD: 05/12/14 - 12:11:27 م - [] ----D C:\Users\Sweet-Home\AppData\Roaming\Goat Simulator
O43 - CFD: 19/01/15 - 08:05:39 م - [0] ----D C:\Users\Sweet-Home\AppData\Roaming\HMYGSetting
O43 - CFD: 12/01/15 - 11:58:17 م - [] ----D C:\Users\Sweet-Home\AppData\Roaming\mystartsearch =>PUP.StartSearch
O43 - CFD: 17/03/15 - 11:15:01 م - [] ----D C:\Users\Sweet-Home\AppData\Roaming\VERIZON
O43 - CFD: 26/11/14 - 08:25:35 م - [] -SH-D C:\Users\Sweet-Home\AppData\Local\EmieBrowserModeList
O43 - CFD: 21/12/14 - 11:31:15 ص - [] ----D C:\Users\Sweet-Home\AppData\Local\open3mod
O43 - CFD: 18/03/15 - 01:38:34 م - [] ----D C:\Users\Sweet-Home\AppData\Local\Ori and the Blind Forest
O43 - CFD: 12/01/15 - 11:58:15 م - [] ----D C:\Users\Sweet-Home\AppData\Local\Sniper3
O43 - CFD: 25/01/15 - 12:28:27 ص - [] ----D C:\Users\Sweet-Home\AppData\Local\storage
O43 - CFD: 19/01/15 - 08:39:23 م - [] ----D C:\Users\Sweet-Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
~ Program Folder: 245 Legitimates Filtered in :0mn صs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.BDE6152B584ABDA7DA102B363E58354F] - 11/03/15 - 11:19:32 ص ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [396419]
~ Files: 75 Legitimates Filtered in :0mn صs



---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 3 Legitimates Filtered in :0mn صs



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{24069423-7722-11e4-8271-d02788ad52b0}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.)
O51 - MPSK:{4f1e0c40-9beb-11e4-82af-d02788ad52b0}\AutoRun\command. (...) -- J:\VZW_Software_upgrade_assistant.exe (.not file.)
O51 - MPSK:{5c1b91ed-bf81-11e4-82c8-d02788ad52b0}\AutoRun\command. (...) -- I:\VZW_Software_upgrade_assistant.exe (.not file.)
O51 - MPSK:{645b9e21-9db3-11e4-82af-9b3818668069}\AutoRun\command. (...) -- G:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{645b9f33-9db3-11e4-82af-9b3818668069}\AutoRun\command. (...) -- G:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{645ba3b3-9db3-11e4-82af-9b3818668069}\AutoRun\command. (...) -- I:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{99016f54-a0a7-11e4-82b0-8aa8d8a61638}\AutoRun\command. (...) -- I:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{9b0ff286-a32a-11e4-82b0-8aa8d8a61638}\AutoRun\command. (...) -- G:\VZW_Software_upgrade_assistant.exe (.not file.)
O51 - MPSK:{ff3a1d5c-9fed-11e4-82af-9b3818668069}\AutoRun\command. (...) -- G:\VZW_Software_upgrade_assistant.exe (.not file.)
~ Keys: Scanned in :0mn صs



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
~ TDSD: 5 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SafeModeBlockNonAdmins"=1
~ MWPS: 18 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:13/08/13 - 02:25:46 ص ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:27/05/14 - 09:19:38 ص ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [56640]
O58 - SDL:27/05/14 - 09:19:38 ص ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [37696]
O58 - SDL:27/05/14 - 09:19:38 ص ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex64.sys [91616]
O58 - SDL:13/06/14 - 05:11:05 ص ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef64.sys [70912]
O58 - SDL:13/06/14 - 01:03:37 م ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [144960]
O58 - SDL:18/05/07 - 06:59:08 ص ---A- . (.C-Media Inc - C-Media Audio WDM Driver.) -- C:\Windows\System32\Drivers\cmudax3.sys [828928]
O58 - SDL:17/10/13 - 03:27:02 م ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:27/09/12 - 09:07:26 م ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [160992]
O58 - SDL:13/10/14 - 08:57:48 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [110336]
O58 - SDL:13/10/14 - 08:57:48 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/08/13 - 03:43:32 م ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:22/08/13 - 03:40:24 م ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:30/09/13 - 04:26:50 م ---A- . (...) -- C:\Windows\System32\pwdrvio.sys [19152]
O58 - SDL:30/09/13 - 04:26:48 م ---A- . (...) -- C:\Windows\System32\pwdspio.sys [12504]
O58 - SDL:30/12/13 - 04:54:22 ص ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 54 Legitimates Filtered in :0mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.istartsurf.com =>PUP.IsStart
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in :0mn صs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in :0mn صs



---\\ Crack & Keygen Files (CKF) (O82)
D:\Mojang Games\Minecraft\Minecraft Cracked\Minecraft Cracked\.minecraft\.minecraft\servers.dat =>.Crack,Keygen
D:\Mojang Games\Minecraft\Minecraft Cracked\Minecraft Cracked\.minecraft\.minecraft\stats\stats_astr1al_unsent.dat =>.Crack,Keygen
D:\Mojang Games\Minecraft\Minecraft Cracked\Minecraft Cracked\.minecraft.rar =>.Crack,Keygen
D:\Mojang Games\Minecraft\Minecraft Cracked\Minecraft Cracked\Minecraft.exe =>.Crack,Keygen
D:\Mojang Games\Minecraft\Minecraft Cracked.rar =>.Crack,Keygen
D:\Simple Games\ABS\Angry Birds Space v1.0.0 cracked\AngryBirdsSpaceInstaller_1.0.0.exe =>.Crack,Keygen
D:\Ubisoft Games\Assassin's Creed III\Assassins_Creed_3_v1.01_Cracked-THETA.rar =>.Crack,Keygen
E:\Autodesk Programmes\Autodesk 3ds Max 2010\3ds amx 2013 rar\keygen-32bits.rar =>.Crack,Keygen
E:\Autodesk Programmes\Autodesk 3ds Max 2010\3ds amx 2013 rar\keygen-64bits.rar =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\DebugView\Dbgview.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\fiddler\Fiddler4BetaSetup.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\redistribution\sample\TetriBlox\wsll.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\sideloading\appx_tools\makeappx.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\sideloading\appx_tools\makecert.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\sideloading\appx_tools\pvk2pfx.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\sideloading\appx_tools\signtool.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\sideloading\ProductPolicyEditor\ProductPolicyEditor.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\wscrack_32\wsll.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\wscrack_64\wsll.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\release\wscrack_anycpu\signxml.exe =>.Crack,Keygen
E:\Microsoft Programmes\Windows 8\Windows8AppCracker\Windows8AppCracker\wsservice_crk\source\!deploydbg\appx_allow.reg =>.Crack,Keygen
E:\Other Programmes\smacc2010\برنامج سماك\برنامج سماك\برنامج سماك\البرنامج و شرحه\smacc5keygen.exe =>.Crack,Keygen
E:\Other Programmes\smacc2010\برنامج سماك\برنامج سماك\مولدارقام\smacc5keygen.exe =>.Crack,Keygen
E:\Other Programmes\waleed\w8manager\Keymaker.and.Patch-CORE\keygen.exe =>.Crack,Keygen
~ Files: Scanned in :2mn صs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.33408F35623DC5BB4A3BDE09FA45F86B] [SPRF][18/03/15] (...) -- C:\Users\Sweet-Home\Desktop\Unlocker1.9.2.exe [402911]
~ Files: 3 Legitimates Filtered in :0mn صs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{FDE3A73C-0678-48AF-BAEE-863FE989AA09}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Sweet-Home\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A11C7588-7AE8-424D-A62A-EEEA5D6DF49E}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Sweet-Home\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in :0mn صs



---\\ Random Export Key (REK) (O91)
[HKLM\Software\Wow6432Node\23fe3807-e78e-eb9b-554a-f750ae3d9785] => Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
~ Export Key Software: Scanned in :0mn صs



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{e92daab6-52f5-403f-8f87-dd9c3db4f26a}] (youtubeadblocker) =>PUP.Multiplug
~ BCK: 6585 Legitimates Filtered in :1mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25/10/14 16064 | (ACTION_SVC) . (...) - C:\Program Files (x86)\Mirillis\Action!\action_svc.exe
SS - | Demand 05/02/15 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/07/58 0 | (BAVSvc) . (...) - D:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971\Baidu Antivirus\BAVSvc.exe
SS - | Auto 11/07/58 0 | (BHipsSvc) . (...) - D:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971\Baidu Antivirus\BHipsSvc.exe
SS - | Demand 20/12/14 1471352 | (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 04/04/05 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 06/03/15 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 27/02/15 1910640 | (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
SS - | Auto 11/11/13 685568 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico
SS - | Demand 19/02/10 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 29/10/14 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 25/01/13 75376 | (DeskScapes8) . (.Stardock Software, Inc.) - C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe
SR - | Auto 13/02/15 2053088 | (DUMeterSvc) . (.Hagel Technologies Ltd..) - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
SR - | Auto 13/12/14 1148560 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 15/09/11 86016 | (mi-raysat_3dsmax2014_64) . (...) - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
SR - | Auto 13/12/14 1701520 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 13/12/14 19823248 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 05/02/15 935056 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 18/12/14 76152 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 15/01/15 186560 | (Razer Game Scanner Service) . (...) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
SR - | Auto 13/10/14 743688 | (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
SR - | Demand 19/02/15 835776 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 05/02/15 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 15/12/14 5426448 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Demand 11/07/58 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 11/07/58 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 11/07/58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in :1mn صs



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Sweet-Home at 18/03/15 07:03:11 م
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in :0mn صs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sweet-Home at 18/03/15 07:03:13 م
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in :0mn صs



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/14)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5

[HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUP.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall] =>PUP.IsStart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.YouTuAdBlocker^
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico^
C:\Users\Sweet-Home\AppData\Roaming\mystartsearch =>PUP.StartSearch^
C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico^
[HKLM\Software\Wow6432Node\23fe3807-e78e-eb9b-554a-f750ae3d9785] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKCR\CLSID\{e92daab6-52f5-403f-8f87-dd9c3db4f26a}] (youtubeadblocker) =>PUP.Multiplug^
~ Additionnel Scan: 511016 Items scanned in :3mn صs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in :0mn صs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
http://nicolascoolman.fr/pup-kmspico =>PUP.KMSpico
http://www.nicolascoolman.fr/blog/ =>PUP.YouTuAdBlocker
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-whitesmoke =>PUP.Whitesmoke
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
~ MSI: 14 link(s) detected in :0mn صs



~ 914 Legitimates filtered by white list
End of the scan (585 lines in :4mn صs)(24)

Publicité


Signaler le contenu de ce document

Publicité