Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2015.2.27.24 - Nicolas Coolman (27/02/2015)
~ Launched by Owner (12/04/2015 8:43:43 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17420
MFIE: Mozilla Firefox 14.0.1
---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
---\\ System protection software
Avast Free Antivirus v10.0.2208
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 16 NPAPI
Adobe Reader XI
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6141.1 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 25 GB (25%) free of 98 GB
---\\ Connection to the system mode
~ Computer Name: OWNER-PC
~ User Name: Owner
~ All Users Names: Owner, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Owner\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Owner\AppData\Roaming\
~ %Desktop% : C:\Users\Owner\Desktop\
~ %Favorites% : C:\Users\Owner\Favorites\
~ %LocalAppData% : C:\Users\Owner\AppData\Local\
~ %StartMenu% : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 54 Go of 195 Go)
E: Hard drive, Flash drive, Thumb drive (Free 156 Go of 195 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 402 Go of 443 Go)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
M: Floppy drive, Flash card reader, USB Key (Not Inserted)
N: CD-ROM drive (Free 0 Go of 2 Go)
O: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 1:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/11/2014 - 10:02:44 AM.) -- C:\Windows\System32\wininet.dll [2365440]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Windows Logon Application.) (.16/07/2014 - 9:07:24 PM.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 8:27:26 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 1:45:52 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 4:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 4:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 5:43:43 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 4:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 9:37:55 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 5:52:35 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 6:06:41 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 4:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 8:34:02 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
Mes images (My Pictures) : 2/2 (Modified)
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 1/1449
~ Mon Bureau (My Desktop) : 1/395
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.9CA037D9931896ABDDC41A214012314E] - (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6038016] [PID.3380]
[MD5.5C22E50822B726F530EDD95F9BA0C601] - (.ASUSTek - TurboVHelp.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [1033216] [PID.3388]
[MD5.716F5828497A7739B1BCCEE4D0E8A80F] - (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTray.exe [833240] [PID.496]
[MD5.450AAE0CC3C835BFDCBD346DDBA431CA] - (.LiberKey.com - LiberKey Portabilizer.) -- D:\LiberKey\LiberKeyTools\LiberKeyPortabilizer\LiberKeyPortabilizer.exe [1311152] [PID.4160]
[MD5.E2FD4CBCB269C13474109B473F2ED5D9] - (.ASUSTek - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [7238144] [PID.4236]
[MD5.DF6B209525F79A95E31AFB6B945C16DC] - (.SoftPerfect Research - NetWorx Application (32-bit).) -- D:\LiberKey\Apps\NetWorx\App\NetWorx\networx.exe [3180088] [PID.4536]
[MD5.4DAB37E8BEDA1F286F0C40B8AAB0D65C] - (.No owner - Everything.) -- E:\everything\Everything.exe [602624] [PID.3244]
[MD5.B2B2FE2671DD98A322B0AD7079C0B2B2] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216] [PID.3240]
[MD5.44ADDA5FB88EE14F57A246285775AC2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Avast\avastui.exe [5227112] [PID.3180]
[MD5.BB6D3748D86BC02D55ADD8ADC1D07633] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288] [PID.4744]
[MD5.82F68EBA0FCEA46BA8919D6A264A833E] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.1660]
[MD5.7C0787598607A46A32726BA8AEAFEF18] - (.Google Inc. - Google Chrome.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe [809288] [PID.2964]
[MD5.9D8EE64F05FFCE71F410671F6FF0464F] - (.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe [1142864] [PID.3956] =>P2P.BitTorrent
[MD5.F0F71A96CE88C4AD8843D172C2920F50] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8180736] [PID.4480]
[MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Avast\AvastSvc.exe [50344] [PID.1416]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1724]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.1760]
[MD5.E781164C7D47950E3D218C84B2901CB2] - (...) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112] [PID.1784]
[MD5.94E69A444023870D42A0F9F0355583D8] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728] [PID.1880]
[MD5.D7B38574D50F4D9287238C6E14D6DFA8] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944] [PID.1912]
[MD5.BE977AA09969C80D52C879EB1DC67E38] - (.CrossLoop - CrossLoop Service.) -- C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe [569072] [PID.2012]
[MD5.E5B95C75557120881076C45CD146D72C] - (.DeviceVM, Inc. - Windows Metadata Export Service.) -- C:\ASUS.SYS\config\DVMExportService.exe [319488] [PID.2040]
[MD5.6E7B4E75E8A226EDC8A9A8B1C3510F9B] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1640]
[MD5.06A49B7BDC36CFBF97DD90804F833369] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024] [PID.1944]
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 05mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (14288)
~ Hosts File: Scanned in 06mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [fsm] Orphan key
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTRAY.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [TurboV EVO] . (.ASUSTek - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [Conime] C:\Windows\system32\conime.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Everything] . (.No owner - Everything.) -- E:\everything\Everything.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- H:\amd\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [fsm] Orphan key
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTRAY.exe
~ Application: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Task Planned Automatically (039)
[MD5.7CAC9EECA1CC3D06AD4F0EC46C33F901] [APT] [PrintProjects Communicator] (...) -- C:\ProgramData\PrintProjects\MessageCheck.exe [166056]
[MD5.EBAC6DC8B90A8A1FA7D6DE862ECBEF71] [APT] [WpsNotifyTask_Owner] (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [364392]
[MD5.F9D9C975B5A03927BC2BAECFFAE8B9FD] [APT] [WpsUpdateTask_Owner] (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [390504]
[MD5.9CA037D9931896ABDDC41A214012314E] [APT] [ASUS SIX Engine] (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6038016]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-310 Series Invitation {D25A651D-C2E8-4422-95E7-5286C1802C5E}.job [725]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {D25A651D-C2E8-4422-95E7-5286C1802C5E} [725]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-310 Series Update {D25A651D-C2E8-4422-95E7-5286C1802C5E}.job [911]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-310 Series Update {D25A651D-C2E8-4422-95E7-5286C1802C5E} [911]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [898]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755539037-3709105905-1855503912-1000Core [856]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755539037-3709105905-1855503912-1000UA [908]
O39 - APT: PrintProjects Communicator - (...) -- C:\Windows\Tasks\PrintProjects Communicator.job [304]
O39 - APT: PrintProjects Communicator - (...) -- C:\Windows\System32\Tasks\PrintProjects Communicator [304]
O39 - APT: WpsNotifyTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\Tasks\WpsNotifyTask_Owner.job [374]
O39 - APT: WpsNotifyTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\System32\Tasks\WpsNotifyTask_Owner [374]
O39 - APT: WpsUpdateTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\Tasks\WpsUpdateTask_Owner.job [374]
O39 - APT: WpsUpdateTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\System32\Tasks\WpsUpdateTask_Owner [374]
~ Scheduled Task: 28 Legitimates Filtered in 02mn AMs
---\\ Software installed (O42)
O42 - Logiciel: Cuttix - (.GUNSH d.o.o..) [HKLM][64Bits] -- {0486B0E7-9AB4-457A-AD5B-B290F143BB4E}
O42 - Logiciel: Ideal DVD Copy V4.1.2 - (.Ideal DVD Software, Inc..) [HKLM][64Bits] -- Ideal DVD Copy_is1
O42 - Logiciel: PrintProjects - (.RocketLife Inc..) [HKLM][64Bits] -- PrintProjects
O42 - Logiciel: Top Chef - (...) [HKLM][64Bits] -- BFG-Top Chef
O42 - Logiciel: Zoner Photo Studio 16 - (.ZONER software.) [HKLM][64Bits] -- ZonerPhotoStudio16_EN_is1
~ Logic: 29 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ISOWINDOWMENU]
[HKLM\Software\Wow6432Node\idc]
~ Key Software: 384 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/03/2012 - 6:26:26 PM - [] ----D C:\Program Files (x86)\PrintProjects
O43 - CFD: 02/09/2014 - 8:31:07 PM - [] ----D C:\ProgramData\ftw
O43 - CFD: 14/03/2012 - 6:26:39 PM - [] ----D C:\ProgramData\PrintProjects
O43 - CFD: 02/09/2014 - 8:24:16 PM - [] ----D C:\ProgramData\restore
O43 - CFD: 01/07/2012 - 10:24:58 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideal DVD Copy
O43 - CFD: 26/08/2011 - 5:29:55 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Burning Tools
O43 - CFD: 17/02/2012 - 9:28:04 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ots Labs
O43 - CFD: 14/03/2012 - 6:26:26 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
O43 - CFD: 14/07/2009 - 3:45:37 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 29/01/2012 - 12:40:03 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Top Chef
O43 - CFD: 28/01/2015 - 9:22:38 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16
O43 - CFD: 04/02/2012 - 2:19:11 PM - [] ----D C:\Users\Owner\AppData\Roaming\Lonely Troops
O43 - CFD: 01/12/2014 - 9:43:07 PM - [] -SH-D C:\Users\Owner\AppData\Local\EmieBrowserModeList
O43 - CFD: 12/12/2014 - 6:41:23 PM - [] ----D C:\Users\Owner\AppData\Local\GUNSH_d.o.o
O43 - CFD: 22/03/2015 - 3:18:01 PM - [] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Digital Studio
O43 - CFD: 12/12/2014 - 6:40:37 PM - [] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gunsh
~ Program Folder: 288 Legitimates Filtered in 00mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.4940BA735116D51D1D49188C52AD35AD] - 12/04/2015 - 7:55:54 AM --H-- . (...) -- C:\dvmexp.idx [177]
~ Files: 7 Legitimates Filtered in 14mn AMs
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{314a92f4-7fac-11e3-bd58-00261896c399}\AutoRun\command. (.GIANTS Software GmbH - Autorun.) -- N:\cdstart.exe
O51 - MPSK:{d96fdb64-91b3-11df-b4d4-806e6f6e6963}\AutoRun\command. (...) -- F:\Diablo III Setup.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
~ SMSR Keys: 3 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:13/05/2009 - 8:26:24 PM ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [15416]
O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:24/07/2009 - 7:55:10 AM ---A- . (.Primax Ltd - Primax USB Optical Mouse Driver.) -- C:\Windows\System32\Drivers\NMgamingms.sys [11264]
O58 - SDL:13/07/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:14/11/2011 - 7:11:10 AM ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\Windows\System32\Drivers\uimx64.sys [59184]
O58 - SDL:10/05/2011 - 7:06:08 AM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [16776]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [9096]
O58 - SDL:04/01/2008 - 12:34:42 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:04/01/2008 - 12:34:48 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:06/04/2009 - 2:24:30 AM R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13368]
O58 - SDL:02/04/2009 - 7:30:14 AM ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14216]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [8456]
~ Drivers: 83 Legitimates Filtered in 04mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 03/01/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 90 Legitimates Filtered in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhslin[...] =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*"); =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}[...] =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*"); =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline[...] =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*"); =>Toolbar.Ask
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.6BBF68CEC62F32142D896763001B65CF] [SPRF][01/03/2015] (.No owner - ZHPCleaner.) -- C:\Users\Owner\Desktop\ZHPCleaner.exe [1735680]
~ Files: 5 Legitimates Filtered in 01mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{12B1A29A-BF22-41F7-8956-701BB859228A}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{07889EEE-AC23-47F5-B307-F771344D392F}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{4AE621E3-31D3-481E-AC90-81E4FD72CCF7}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{7EA34DA4-DEF5-4DC1-BA30-DDF7DF60D93E}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{C3889400-98EE-48F8-87B8-4E4E15ECD6C1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{8C4C8B97-D158-45B8-AB82-70B42AC0FD48}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 02mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/02/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/08/2014 409304 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SS - | Auto 14/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 13/07/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Demand 21/07/2010 814080 | (tvnserver) . (.GlavSoft LLC..) - C:\Users\Owner\AppData\Local\CrossLoop\tvnserver.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 01/04/2009 90112 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
SR - | Auto 03/01/2015 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Avast\AvastSvc.exe
SR - | Demand 03/01/2015 4012248 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 13/08/2014 384728 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 13/08/2014 777944 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
SR - | Auto 07/09/2011 569072 | (CrossLoopService) . (.CrossLoop.) - C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe
SR - | Auto 17/05/2012 144560 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 15/04/2013 152640 | (EPSON_PM_RPCV4_06) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.exe
SR - | Auto 16/09/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 13/05/2007 272024 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 09/08/2010 99048 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 07mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13008 - (27/02/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 270635 Items scanned in 22mn AMs
---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn AMs
~ 1003 Legitimates filtered by white list
End of the scan (477 lines in 35mn AMs)(0.7)
~ Launched by Owner (12/04/2015 8:43:43 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17420
MFIE: Mozilla Firefox 14.0.1
---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
---\\ System protection software
Avast Free Antivirus v10.0.2208
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 16 NPAPI
Adobe Reader XI
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6141.1 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 25 GB (25%) free of 98 GB
---\\ Connection to the system mode
~ Computer Name: OWNER-PC
~ User Name: Owner
~ All Users Names: Owner, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Owner\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Owner\AppData\Roaming\
~ %Desktop% : C:\Users\Owner\Desktop\
~ %Favorites% : C:\Users\Owner\Favorites\
~ %LocalAppData% : C:\Users\Owner\AppData\Local\
~ %StartMenu% : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 54 Go of 195 Go)
E: Hard drive, Flash drive, Thumb drive (Free 156 Go of 195 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 402 Go of 443 Go)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
M: Floppy drive, Flash card reader, USB Key (Not Inserted)
N: CD-ROM drive (Free 0 Go of 2 Go)
O: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 1:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/11/2014 - 10:02:44 AM.) -- C:\Windows\System32\wininet.dll [2365440]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Windows Logon Application.) (.16/07/2014 - 9:07:24 PM.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 8:27:26 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 1:45:52 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 4:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 4:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 5:43:43 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 4:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 9:37:55 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 5:52:35 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 6:06:41 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 4:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 8:34:02 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
Mes images (My Pictures) : 2/2 (Modified)
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 1/1449
~ Mon Bureau (My Desktop) : 1/395
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.9CA037D9931896ABDDC41A214012314E] - (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6038016] [PID.3380]
[MD5.5C22E50822B726F530EDD95F9BA0C601] - (.ASUSTek - TurboVHelp.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [1033216] [PID.3388]
[MD5.716F5828497A7739B1BCCEE4D0E8A80F] - (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTray.exe [833240] [PID.496]
[MD5.450AAE0CC3C835BFDCBD346DDBA431CA] - (.LiberKey.com - LiberKey Portabilizer.) -- D:\LiberKey\LiberKeyTools\LiberKeyPortabilizer\LiberKeyPortabilizer.exe [1311152] [PID.4160]
[MD5.E2FD4CBCB269C13474109B473F2ED5D9] - (.ASUSTek - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [7238144] [PID.4236]
[MD5.DF6B209525F79A95E31AFB6B945C16DC] - (.SoftPerfect Research - NetWorx Application (32-bit).) -- D:\LiberKey\Apps\NetWorx\App\NetWorx\networx.exe [3180088] [PID.4536]
[MD5.4DAB37E8BEDA1F286F0C40B8AAB0D65C] - (.No owner - Everything.) -- E:\everything\Everything.exe [602624] [PID.3244]
[MD5.B2B2FE2671DD98A322B0AD7079C0B2B2] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216] [PID.3240]
[MD5.44ADDA5FB88EE14F57A246285775AC2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Avast\avastui.exe [5227112] [PID.3180]
[MD5.BB6D3748D86BC02D55ADD8ADC1D07633] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288] [PID.4744]
[MD5.82F68EBA0FCEA46BA8919D6A264A833E] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.1660]
[MD5.7C0787598607A46A32726BA8AEAFEF18] - (.Google Inc. - Google Chrome.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe [809288] [PID.2964]
[MD5.9D8EE64F05FFCE71F410671F6FF0464F] - (.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe [1142864] [PID.3956] =>P2P.BitTorrent
[MD5.F0F71A96CE88C4AD8843D172C2920F50] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8180736] [PID.4480]
[MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Avast\AvastSvc.exe [50344] [PID.1416]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1724]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.1760]
[MD5.E781164C7D47950E3D218C84B2901CB2] - (...) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112] [PID.1784]
[MD5.94E69A444023870D42A0F9F0355583D8] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728] [PID.1880]
[MD5.D7B38574D50F4D9287238C6E14D6DFA8] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944] [PID.1912]
[MD5.BE977AA09969C80D52C879EB1DC67E38] - (.CrossLoop - CrossLoop Service.) -- C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe [569072] [PID.2012]
[MD5.E5B95C75557120881076C45CD146D72C] - (.DeviceVM, Inc. - Windows Metadata Export Service.) -- C:\ASUS.SYS\config\DVMExportService.exe [319488] [PID.2040]
[MD5.6E7B4E75E8A226EDC8A9A8B1C3510F9B] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1640]
[MD5.06A49B7BDC36CFBF97DD90804F833369] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024] [PID.1944]
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 05mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (14288)
~ Hosts File: Scanned in 06mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [fsm] Orphan key
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTRAY.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [TurboV EVO] . (.ASUSTek - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [Conime] C:\Windows\system32\conime.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Everything] . (.No owner - Everything.) -- E:\everything\Everything.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- H:\amd\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [fsm] Orphan key
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTRAY.exe
~ Application: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Task Planned Automatically (039)
[MD5.7CAC9EECA1CC3D06AD4F0EC46C33F901] [APT] [PrintProjects Communicator] (...) -- C:\ProgramData\PrintProjects\MessageCheck.exe [166056]
[MD5.EBAC6DC8B90A8A1FA7D6DE862ECBEF71] [APT] [WpsNotifyTask_Owner] (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [364392]
[MD5.F9D9C975B5A03927BC2BAECFFAE8B9FD] [APT] [WpsUpdateTask_Owner] (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [390504]
[MD5.9CA037D9931896ABDDC41A214012314E] [APT] [ASUS SIX Engine] (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6038016]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-310 Series Invitation {D25A651D-C2E8-4422-95E7-5286C1802C5E}.job [725]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {D25A651D-C2E8-4422-95E7-5286C1802C5E} [725]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-310 Series Update {D25A651D-C2E8-4422-95E7-5286C1802C5E}.job [911]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-310 Series Update {D25A651D-C2E8-4422-95E7-5286C1802C5E} [911]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [898]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755539037-3709105905-1855503912-1000Core [856]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755539037-3709105905-1855503912-1000UA [908]
O39 - APT: PrintProjects Communicator - (...) -- C:\Windows\Tasks\PrintProjects Communicator.job [304]
O39 - APT: PrintProjects Communicator - (...) -- C:\Windows\System32\Tasks\PrintProjects Communicator [304]
O39 - APT: WpsNotifyTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\Tasks\WpsNotifyTask_Owner.job [374]
O39 - APT: WpsNotifyTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\System32\Tasks\WpsNotifyTask_Owner [374]
O39 - APT: WpsUpdateTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\Tasks\WpsUpdateTask_Owner.job [374]
O39 - APT: WpsUpdateTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\System32\Tasks\WpsUpdateTask_Owner [374]
~ Scheduled Task: 28 Legitimates Filtered in 02mn AMs
---\\ Software installed (O42)
O42 - Logiciel: Cuttix - (.GUNSH d.o.o..) [HKLM][64Bits] -- {0486B0E7-9AB4-457A-AD5B-B290F143BB4E}
O42 - Logiciel: Ideal DVD Copy V4.1.2 - (.Ideal DVD Software, Inc..) [HKLM][64Bits] -- Ideal DVD Copy_is1
O42 - Logiciel: PrintProjects - (.RocketLife Inc..) [HKLM][64Bits] -- PrintProjects
O42 - Logiciel: Top Chef - (...) [HKLM][64Bits] -- BFG-Top Chef
O42 - Logiciel: Zoner Photo Studio 16 - (.ZONER software.) [HKLM][64Bits] -- ZonerPhotoStudio16_EN_is1
~ Logic: 29 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ISOWINDOWMENU]
[HKLM\Software\Wow6432Node\idc]
~ Key Software: 384 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/03/2012 - 6:26:26 PM - [] ----D C:\Program Files (x86)\PrintProjects
O43 - CFD: 02/09/2014 - 8:31:07 PM - [] ----D C:\ProgramData\ftw
O43 - CFD: 14/03/2012 - 6:26:39 PM - [] ----D C:\ProgramData\PrintProjects
O43 - CFD: 02/09/2014 - 8:24:16 PM - [] ----D C:\ProgramData\restore
O43 - CFD: 01/07/2012 - 10:24:58 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideal DVD Copy
O43 - CFD: 26/08/2011 - 5:29:55 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Burning Tools
O43 - CFD: 17/02/2012 - 9:28:04 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ots Labs
O43 - CFD: 14/03/2012 - 6:26:26 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
O43 - CFD: 14/07/2009 - 3:45:37 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 29/01/2012 - 12:40:03 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Top Chef
O43 - CFD: 28/01/2015 - 9:22:38 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16
O43 - CFD: 04/02/2012 - 2:19:11 PM - [] ----D C:\Users\Owner\AppData\Roaming\Lonely Troops
O43 - CFD: 01/12/2014 - 9:43:07 PM - [] -SH-D C:\Users\Owner\AppData\Local\EmieBrowserModeList
O43 - CFD: 12/12/2014 - 6:41:23 PM - [] ----D C:\Users\Owner\AppData\Local\GUNSH_d.o.o
O43 - CFD: 22/03/2015 - 3:18:01 PM - [] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Digital Studio
O43 - CFD: 12/12/2014 - 6:40:37 PM - [] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gunsh
~ Program Folder: 288 Legitimates Filtered in 00mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.4940BA735116D51D1D49188C52AD35AD] - 12/04/2015 - 7:55:54 AM --H-- . (...) -- C:\dvmexp.idx [177]
~ Files: 7 Legitimates Filtered in 14mn AMs
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{314a92f4-7fac-11e3-bd58-00261896c399}\AutoRun\command. (.GIANTS Software GmbH - Autorun.) -- N:\cdstart.exe
O51 - MPSK:{d96fdb64-91b3-11df-b4d4-806e6f6e6963}\AutoRun\command. (...) -- F:\Diablo III Setup.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
~ SMSR Keys: 3 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:13/05/2009 - 8:26:24 PM ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [15416]
O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:24/07/2009 - 7:55:10 AM ---A- . (.Primax Ltd - Primax USB Optical Mouse Driver.) -- C:\Windows\System32\Drivers\NMgamingms.sys [11264]
O58 - SDL:13/07/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:14/11/2011 - 7:11:10 AM ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\Windows\System32\Drivers\uimx64.sys [59184]
O58 - SDL:10/05/2011 - 7:06:08 AM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [16776]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [9096]
O58 - SDL:04/01/2008 - 12:34:42 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:04/01/2008 - 12:34:48 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:06/04/2009 - 2:24:30 AM R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13368]
O58 - SDL:02/04/2009 - 7:30:14 AM ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14216]
O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [8456]
~ Drivers: 83 Legitimates Filtered in 04mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 03/01/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 90 Legitimates Filtered in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhslin[...] =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*"); =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}[...] =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*"); =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline[...] =>Toolbar.Ask
O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*"); =>Toolbar.Ask
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.6BBF68CEC62F32142D896763001B65CF] [SPRF][01/03/2015] (.No owner - ZHPCleaner.) -- C:\Users\Owner\Desktop\ZHPCleaner.exe [1735680]
~ Files: 5 Legitimates Filtered in 01mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{12B1A29A-BF22-41F7-8956-701BB859228A}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{07889EEE-AC23-47F5-B307-F771344D392F}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{4AE621E3-31D3-481E-AC90-81E4FD72CCF7}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{7EA34DA4-DEF5-4DC1-BA30-DDF7DF60D93E}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{C3889400-98EE-48F8-87B8-4E4E15ECD6C1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{8C4C8B97-D158-45B8-AB82-70B42AC0FD48}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 02mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/02/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/08/2014 409304 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SS - | Auto 14/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 13/07/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Demand 21/07/2010 814080 | (tvnserver) . (.GlavSoft LLC..) - C:\Users\Owner\AppData\Local\CrossLoop\tvnserver.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 01/04/2009 90112 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
SR - | Auto 03/01/2015 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Avast\AvastSvc.exe
SR - | Demand 03/01/2015 4012248 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 13/08/2014 384728 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 13/08/2014 777944 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
SR - | Auto 07/09/2011 569072 | (CrossLoopService) . (.CrossLoop.) - C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe
SR - | Auto 17/05/2012 144560 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 15/04/2013 152640 | (EPSON_PM_RPCV4_06) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.exe
SR - | Auto 16/09/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 13/05/2007 272024 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 09/08/2010 99048 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 07mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13008 - (27/02/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 270635 Items scanned in 22mn AMs
---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn AMs
~ 1003 Legitimates filtered by white list
End of the scan (477 lines in 35mn AMs)(0.7)