~ ZHPDiag v2015.6.29.74 by Nicolas Coolman (2015\06\29) ~ Run by Administrator (Administrator) (2015/06/30 00:57:06) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Documents and Settings\Administrator\Desktop\ZHPDiag.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) ~ Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 6 Model 37 Stepping 5, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) ~ Total physical RAM (KB): 3592692 ~ System Restore: ~ System drive C: has 37 GB free of 51 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: LIGHT-SP3 ~ User Name: Administrator ~ Logged in as Administrator ---\\ Enumeration of the disk units (3) - 0s ~ Drive C: has 37 GB free of 51 GB (System) ~ Drive D: has 124 GB free of 124 GB ~ Drive E: has 29 GB free of 128 GB ---\\ State of the Windows Security Center (8) - 0s [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (22) - 1s [MD5.6DA4FBD985476636DC44303108DB7D05] - (.Microsoft Corporation - Explorateur Windows.) () -- C:\WINDOWS\Explorer.exe [1499136] [MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) () -- C:\WINDOWS\System32\rundll32.exe [33280] [MD5.7F4F1697001B9E9A7924D219DC215903] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [919552] [MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [509440] [MD5.8D499B1276012EB907E7A9E0F4D8FDA4] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744] [MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976] [MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44544] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384] [MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [52480] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264] [MD5.8DD801E28EB76FDA2A38907882A0036F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [457856] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816] [MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [576384] [MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80128] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328] [MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [195712] [MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) () -- C:\WINDOWS\System32\drivers\redbook.sys [57600] [MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [52352] ---\\ Process running (44) - 2s [MD5.5F816C1F539266D2D4C78694239DA0B5] - (.Microsoft Corporation - Windows NT Session Manager.) -- C:\WINDOWS\system32\smss.exe [50688] [PID.880] [MD5.C519E15665CD89A91AD383FCE3CB556A] - (.Microsoft Corporation - Services and Controller app.) -- C:\WINDOWS\system32\services.exe [110592] [PID.1100] [MD5.EC705D6ED3A7F3D9AE42F6239707D9FE] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424] [PID.588] [MD5.6DA4FBD985476636DC44303108DB7D05] - (.Microsoft Corporation - Explorateur Windows.) -- C:\WINDOWS\explorer.exe [1499136] [PID.872] [MD5.EC705D6ED3A7F3D9AE42F6239707D9FE] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424] [PID.616] [MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.1000] [MD5.9B92ED281343A278E3A6AB6C9B21A369] - (.Baidu Inc. - spark.) -- C:\Program Files\baidu\Baidu Browser\sparkservice.exe [86840] [PID.1244] [MD5.6BCC9648777E6D82B72BC514D857C3F0] - (.AVG Technologies - AVG PC TuneUp Service.) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2445112] [PID.1668] [MD5.CBDEE152D73200EE49031A26310B9D3E] - (.Intel Corporation - User Notification Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] [PID.168] [MD5.177BA0F6744354379D79F66CD7AE33EE] - (.Copyright (C) 2013 - ZDServ Application.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport\ZDServ\ZDServ.exe [427264] [PID.312] [MD5.7416AAF96F0C48B8848B2BE2686F3EA9] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [365912] [PID.672] [MD5.E783984459E2992DCEBD32ADBDE28EE1] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [428336] [PID.1644] [MD5.F9270217466A1816D534B858E797F699] - (.AVG Technologies - AVG PC TuneUp.) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe [2343224] [PID.2572] [MD5.70903CD03F9B0A23826C4F9A35185EE6] - (...) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport\ZDServ\CancelAutoPlay_Server.exe [426752] [PID.2988] [MD5.CD1606AC1029DFCBE630F86598133635] - (.Thong Nguyen - PowerMenu.) -- C:\WINDOWS\system32\PowerMenu\PowerMenu.exe [57344] [PID.3192] [MD5.8D53DD019A3E791A7E452A040DFC9CC7] - (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\WINDOWS\system32\DrvIcon.exe [45056] [PID.3200] [MD5.C6B402BA76713F983FBC5617190A301C] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [20044392] [PID.3596] [MD5.E0B06A34A41FCE21640AD92A642E8E23] - (.Copyright (C) 2005 - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [3161600] [PID.3604] [MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.3612] [MD5.8EAA6052BA14FCE32069E7E66B895717] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [374784] [PID.3620] [MD5.9A82F53D7B860CCDF48250869C7684C9] - (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe [2193744] [PID.3676] [MD5.AD7BFE12BA161252BE51ACE8BDA3FB07] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [136216] [PID.3724] [MD5.5FCDEBC6EC6733AC90D0C85CDF0204DE] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [170008] [PID.3876] [MD5.6BDE47EC881107A004AA143F95ADB90D] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [145432] [PID.3940] [MD5.66177D4C99FD8B578C7C56DE445E4D5D] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312] [PID.780] [MD5.5F1D5F88303D4A4DBC8E5F97BA967CC3] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [PID.804] [MD5.EFECA442381D208CC428EDE31D55E21B] - (...) -- C:\WINDOWS\system32\Startup Monitor.exe [37376] [PID.156] [MD5.38CC541D105DCBA3D3768D6B191D9505] - (.Copyright (C) 2004 - LClock Application.) -- C:\WINDOWS\system32\LClock\LClock.exe [65536] [PID.1424] [MD5.1DFE8ABE26EE403B7F276B8640E2A026] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3380632] [PID.2336] [MD5.596054F68A7C7EDD5E8A19BF511AC475] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [1757264] [PID.2352] [MD5.A426E2F52E75454D2D145FE2D1741677] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [636256] [PID.1772] [MD5.10ED4224F627269EB367836CC46696DD] - (.Think Less Do More Services - Ava Find.) -- C:\WINDOWS\system32\AvaFind.exe [300032] [PID.2760] [MD5.C0417E571BA2837EA3CBE17E728E17DD] - (.Panda Security - USB Vaccine.) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe [1287176] [PID.2844] [MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [263600] [PID.3076] [MD5.2361F75A06F04609C81836C58E1F98C7] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [2151800] [PID.3584] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.3660] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.3824] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2404] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2724] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2736] [MD5.AF098DDE68DE14821DA10C4DDE3765AB] - (.Pandora.TV - The KMPlayer.) -- C:\Program Files\The KMPlayer FR\KMPlayer.exe [6364160] [PID.2748] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.736] [MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2828] [MD5.AE69B52701C5D5453D1AA0564B760B58] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrator\Application Data\ZHP\ZHPDiag3.exe [1797120] [PID.3468] ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (13) - 1s G0 - GCSP: Preferences [User Data\Default][HomePage] "https://clients1.google.com/" G0 - GCSP: Preferences [User Data\Default][HomePage] "https://fbcdn-video-a.akamaihd.net/" G0 - GCSP: Preferences [User Data\Default][HomePage] "https://fbstatic-a.akamaihd.net/" G0 - GCSP: Preferences [User Data\Default][HomePage] "https://www.facebook.com/" G0 - GCSP: Secure Preferences [User Data\Default][HomePage] "https://www.facebook.com/" G2 - GCE: Extension [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest G2 - GCE: Extension [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest G2 - GCE: Extension [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest G2 - GCE: Extension [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest G2 - GCE: Extension [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Extension [User Data\Default] [mpaojhgmgpjafbbcfdkbepfadhkmehnp] Video Windows G2 - GCE: Extension [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] __MSG_APP_NAME__ G2 - GCE: Extension [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (7) - 1s P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (10) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://maroc.msn.com/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (R5) (3) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe (.Microsoft Corporation.) F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Hosts file redirection (O1) (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (19) ---\\ Browser Helper Object (BHO) (O2) (5) - 0s O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} (Orphean) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} (Orphean) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Orphean) O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Orphean) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} (Orphean) ---\\ Internet Explorer Toolbars (O3) (1) - 0s O3 - Toolbar: (no name) - [HKLM]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (Orphean) ---\\ Auto loading programs from Registry and folders (O4) (37) - 1s O4 - HKLM\..\Run: [PowerMenu] . (.Thong Nguyen - PowerMenu.) -- C:\WINDOWS\system32\PowerMenu\PowerMenu.exe O4 - HKLM\..\Run: [DrvIcon] . (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\WINDOWS\system32\DrvIcon.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE O4 - HKLM\..\Run: [BatteryManager] . (.Copyright (C) 2005 - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [SUPBackground] . (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe O4 - HKLM\..\Run: [EasySpeedUpManager] . (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe O4 - HKLM\..\Run: [EasySpeedUpManager2] . (.Samsung Electronics - Easy SpeedUp Manager II.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NewJavaInstall] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Startup Monitor] . (...) -- C:\WINDOWS\system32\Startup Monitor.exe O4 - HKCU\..\Run: [lclock] . (.http://www.hiddensoft.com/autoit3/compiled.html - AutoIt v3 Compiled Script.) -- C:\WINDOWS\system32\LClock\CLOCK.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. - Battery Life Extender.) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe O4 - HKCU\..\Run: [SSCKbdHk] . (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [AdopeFlash] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [Startup Monitor] . (...) -- C:\WINDOWS\system32\Startup Monitor.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [lclock] . (.http://www.hiddensoft.com/autoit3/compiled.html - AutoIt v3 Compiled Script.) -- C:\WINDOWS\system32\LClock\CLOCK.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. - Battery Life Extender.) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [SSCKbdHk] . (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [AdopeFlash] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe ---\\ Lop.com/Domain Hijackers (O17) (6) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (10) - 1s O23 - Service: Avira Protection e-mail (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Antivirus MailScanner LSP Service.) - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Planificateur (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Protection temps réel (AntiVirService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Protection Web (AntiVirWebService) . (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) . (.AVG Technologies - AVG PC TuneUp Service.) - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: ZDServ (ZDServ) . (.Copyright (C) 2013 - ZDServ Application.) - C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport\ZDServ\ZDServ.exe ---\\ BootExecute (BEX) (O34) (2) - 0s O34 - HKLM BootExecute: (pgdfgsvc C 1) - File not found O34 - HKLM BootExecute: (aswBoot.exe /M:2372a6a35bd /dir:"C:\Program Files\AVAST Software\Avast") - File not found ---\\ Task Planned Automatically (O39) (4) - 0s O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [1002] O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1844823847-1801674531-500Core.job [1008] O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1844823847-1801674531-500UA.job [1030] O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\SparkUpdater.job [394] ---\\ Software installed (O42) (35) - 7s O42 - Logiciel: Adobe Flash Player 16 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 16 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI O42 - Logiciel: AVG PC TuneUp 2015 - (.AVG Technologies.) [HKLM] -- AVG PC TuneUp O42 - Logiciel: Avira Antivirus v15.0.10.434 - (.Avira Operations GmbH & Co. KG.) [HKLM] -- Avira Antivirus O42 - Logiciel: Carte réseau Broadcom 802.11 - (.Broadcom Corporation.) [HKLM] -- Carte réseau Broadcom 802.11 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: ETDWare PS/2-X86 10.7.14.12_WHQL - (.ELAN Microelectronic Corp..) [HKLM] -- Elantech O42 - Logiciel: FormatFactory 2.45 - (.Free Time.) [HKLM] -- FormatFactory O42 - Logiciel: IE7Pro - (.IE7Pro Team.) [HKLM] -- IE7Pro O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM] -- Spark O42 - Logiciel: Tracks Eraser Pro v8.9 build 1000 - (.Acesoft, Inc..) [HKLM] -- Tracks Eraser Pro_is1 O42 - Logiciel: WinRAR 5.11 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP O42 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O42 - Logiciel: Samsung Update Plus - (.Samsung Electronics Co., Ltd..) [HKLM] -- {142D8CA7-2C6F-45A7-83E3-099AAFD99133} O42 - Logiciel: Easy Display Manager - (.Samsung Electronics Co., Ltd..) [HKLM] -- {17283B95-21A8-4996-97DA-547A48DB266F} O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7} O42 - Logiciel: Panda USB Vaccine 1.0.1.4 - (.Panda Security.) [HKLM] -- {55A41219-9B22-4098-BAE7-AE289B3C569A}_is1 O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} O42 - Logiciel: Samsung Battery Manager - (...) [HKLM] -- {6F730513-8688-4C3C-90A3-6B9792CE2EF3} O42 - Logiciel: Adobe Reader 9.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A91000000001} O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] -- {BAF78226-3200-4DB4-BE33-4D922A799840} O42 - Logiciel: MOBICONNECT - (.ZTE Corporation.) [HKLM] -- {BCE97917-E58C-41FA-9B53-859E3FDCE924} O42 - Logiciel: ZDServer - (.ZTE Corporation.) [HKLM] -- {C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D} O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525} O42 - Logiciel: BatteryLifeExtender - (.Samsung.) [HKLM] -- {EA257ECF-5F72-4461-B890-959394DCD087} O42 - Logiciel: Easy SpeedUp Manager - (.Samsung Electronics Co.,Ltd..) [HKLM] -- {EF367AA4-070B-493C-9575-85BE59D789C9} O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: ÈÑäÇãÌ WIDCOMM Bluetooth - (.Broadcom.) [HKLM] -- {F48BE301-EC78-4686-B580-EE4934558798} O42 - Logiciel: Samsung Support Center - (.Samsung.) [HKLM] -- {F687E657-F636-44DF-8125-9FEEA2C362F5} O42 - Logiciel: MSXML 6.0 Parser (KB925673) - (.Microsoft Corporation.) [HKLM] -- {FE9126DB-5F84-495A-BB46-3C724F1C2D08} O42 - Logiciel: QQ??3.7 - (.????(??)????.) [HKCU] -- QQPlayer ---\\ HKCU & HKLM Software Keys (107) - 7s HKLM\SOFTWARE\Acesoft HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\AdwCleaner HKLM\SOFTWARE\Ahead HKLM\SOFTWARE\AVAST Software HKLM\SOFTWARE\AVG HKLM\SOFTWARE\Avira HKLM\SOFTWARE\AviSynth HKLM\SOFTWARE\Baidu HKLM\SOFTWARE\BcmSetup HKLM\SOFTWARE\BrowserChoice HKLM\SOFTWARE\C07ft5Y HKLM\SOFTWARE\Creative Tech HKLM\SOFTWARE\CyberLink HKLM\SOFTWARE\DivX HKLM\SOFTWARE\Dropbox HKLM\SOFTWARE\ESET HKLM\SOFTWARE\Gemplus HKLM\SOFTWARE\Google HKLM\SOFTWARE\HaaliMkx HKLM\SOFTWARE\IEPro HKLM\SOFTWARE\Intel HKLM\SOFTWARE\Internet Download Manager HKLM\SOFTWARE\InterVideo HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\Nero HKLM\SOFTWARE\NKY Inc. HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\Panda Security HKLM\SOFTWARE\Panda Software HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\Program Groups HKLM\SOFTWARE\Realtek HKLM\SOFTWARE\Realtek Semiconductor Corp. HKLM\SOFTWARE\ReflexiveArcade HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\RTLSetup HKLM\SOFTWARE\Samsung HKLM\SOFTWARE\Samsung Electronics Co., Ltd. HKLM\SOFTWARE\Schlumberger HKLM\SOFTWARE\Skype HKLM\SOFTWARE\SRS Labs HKLM\SOFTWARE\TuneUp HKLM\SOFTWARE\Widcomm HKLM\SOFTWARE\Windows 3.1 Migration Status HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\X-AVCSD HKCU\SOFTWARE\Acesoft HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Ahead HKCU\SOFTWARE\Alexander Avdonin HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Auslogics HKCU\SOFTWARE\AVG HKCU\SOFTWARE\Avira HKCU\SOFTWARE\Baidu HKCU\SOFTWARE\CoreAAC HKCU\SOFTWARE\Cyberlink HKCU\SOFTWARE\DownloadAstro HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\DSP-worx HKCU\SOFTWARE\Elantech HKCU\SOFTWARE\Elastic Systems HKCU\SOFTWARE\ESET HKCU\SOFTWARE\Facebook HKCU\SOFTWARE\Folder Guide HKCU\SOFTWARE\FreeTime HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\Google HKCU\SOFTWARE\GreenTree Applications HKCU\SOFTWARE\Haali HKCU\SOFTWARE\iColorFolder HKCU\SOFTWARE\IEPro HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Intel HKCU\SOFTWARE\KMPlayer HKCU\SOFTWARE\Krapplets HKCU\SOFTWARE\LClock HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\Michael Herf HKCU\SOFTWARE\mlin HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Nero HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\NewSofter HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Panda Security HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\RegisteredApplications HKCU\SOFTWARE\Revenger inc. HKCU\SOFTWARE\Samsung HKCU\SOFTWARE\Settings HKCU\SOFTWARE\Skype HKCU\SOFTWARE\SkypeRS HKCU\SOFTWARE\Sysinternals HKCU\SOFTWARE\Think Less Do More HKCU\SOFTWARE\UberIcon-v1.0.0 HKCU\SOFTWARE\Widcomm HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\IEPro ---\\ Contents of the Common Files folders (O43) (138) - 6s O43 - CFD: 2014/07/51 - 24:15:15 - [] D -- C:\Program Files\Acesoft O43 - CFD: 2014/06/81 - 37:23:23 - [] D -- C:\Program Files\Adobe O43 - CFD: 2015/06/30 - 35:27:27 - [] D -- C:\Program Files\AVG O43 - CFD: 2015/05/00 - 34:10:10 - [] D -- C:\Program Files\Avira O43 - CFD: 2015/04/30 - 20:34:34 - [] D -- C:\Program Files\baidu O43 - CFD: 2014/06/81 - 01:30:30 - [] D -- C:\Program Files\Broadcom O43 - CFD: 2014/06/01 - 28:55:55 - [] D -- C:\Program Files\CCleaner O43 - CFD: 2015/06/91 - 56:34:34 - [] D -- C:\Program Files\Common Files O43 - CFD: 2014/06/80 - 48:20:20 - [0] D -- C:\Program Files\ComPlus Applications O43 - CFD: 2014/07/30 - 12:28:28 - [] D -- C:\Program Files\Elantech O43 - CFD: 2014/06/80 - 52:31:31 - [] D -- C:\Program Files\ESET O43 - CFD: 2014/06/81 - 33:44:44 - [] D -- C:\Program Files\FreeTime O43 - CFD: 2015/06/91 - 02:49:49 - [] D -- C:\Program Files\Google O43 - CFD: 2014/06/82 - 09:07:07 - [0] D -- C:\Program Files\GUM1E2.tmp O43 - CFD: 2015/05/62 - 44:01:01 - [] D -- C:\Program Files\Hostless Modem O43 - CFD: 2014/06/80 - 51:41:41 - [] D -- C:\Program Files\IEPro O43 - CFD: 2014/06/81 - 14:28:28 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 2014/07/30 - 36:36:36 - [] D -- C:\Program Files\Intel O43 - CFD: 2014/06/80 - 59:37:37 - [] D -- C:\Program Files\Internet Download Manager O43 - CFD: 2014/06/80 - 49:18:18 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 2014/06/81 - 47:14:14 - [] D -- C:\Program Files\Microsoft Analysis Services O43 - CFD: 2014/06/81 - 53:35:35 - [] D -- C:\Program Files\Microsoft Office O43 - CFD: 2014/06/81 - 53:33:33 - [] D -- C:\Program Files\Microsoft Sync Framework O43 - CFD: 2014/06/81 - 50:09:09 - [] D -- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 2014/12/90 - 25:59:59 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 2014/06/80 - 49:10:10 - [] D -- C:\Program Files\Movie Maker O43 - CFD: 2015/06/91 - 49:58:58 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 2014/06/81 - 55:00:00 - [] D -- C:\Program Files\MSBuild O43 - CFD: 2014/06/80 - 49:24:24 - [] D -- C:\Program Files\NetMeeting O43 - CFD: 2014/06/80 - 51:33:33 - [] D -- C:\Program Files\notepad++ O43 - CFD: 2014/06/80 - 49:43:43 - [] D -- C:\Program Files\Online Services O43 - CFD: 2014/06/80 - 49:20:20 - [] D -- C:\Program Files\Outlook Express O43 - CFD: 2014/06/80 - 53:00:00 - [] D -- C:\Program Files\Panda USB Vaccine O43 - CFD: 2014/06/81 - 00:29:29 - [] D -- C:\Program Files\Realtek O43 - CFD: 2014/06/81 - 04:20:20 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 2014/06/81 - 14:42:42 - [] D -- C:\Program Files\Samsung O43 - CFD: 2015/04/01 - 13:53:53 - [] D -- C:\Program Files\The KMPlayer FR O43 - CFD: 2014/06/80 - 03:47:47 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 2014/06/81 - 08:17:17 - [] D -- C:\Program Files\WIDCOMM O43 - CFD: 2014/06/80 - 48:10:10 - [] D -- C:\Program Files\Windows Media Connect 2 O43 - CFD: 2014/06/80 - 50:53:53 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 2014/06/80 - 48:03:03 - [] D -- C:\Program Files\Windows NT O43 - CFD: 2014/06/80 - 49:45:45 - [0] HD -- C:\Program Files\WindowsUpdate O43 - CFD: 2014/12/72 - 13:59:59 - [] D -- C:\Program Files\WinRAR O43 - CFD: 2015/06/91 - 31:27:27 - [] D -- C:\Program Files\ZHPDiag O43 - CFD: 2014/06/80 - 50:37:37 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories O43 - CFD: 2014/06/80 - 50:57:57 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/06/30 - 36:15:15 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2015 O43 - CFD: 2015/06/60 - 29:25:25 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira O43 - CFD: 2015/04/30 - 20:38:38 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Baidu Browser O43 - CFD: 2014/06/01 - 28:55:55 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner O43 - CFD: 2014/06/80 - 48:23:23 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games O43 - CFD: 2014/06/81 - 55:40:40 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office O43 - CFD: 2015/05/62 - 44:08:08 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MOBICONNECT O43 - CFD: 2014/06/81 - 55:40:40 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SharePoint O43 - CFD: 2015/03/11 - 18:17:17 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup O43 - CFD: 2014/07/51 - 24:17:17 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Tracks Eraser Pro O43 - CFD: 2014/12/72 - 14:00:00 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR O43 - CFD: 2014/12/22 - 13:40:40 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\YTD Video Downloader O43 - CFD: 2015/06/91 - 31:28:28 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ZHP O43 - CFD: 2014/06/81 - 37:47:47 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe O43 - CFD: 2015/05/00 - 29:54:54 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software O43 - CFD: 2015/06/30 - 36:21:21 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG O43 - CFD: 2015/06/60 - 28:06:06 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira O43 - CFD: 2015/04/30 - 20:47:47 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baidu O43 - CFD: 2015/06/30 - 33:39:39 - [] HD -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files O43 - CFD: 2014/06/80 - 52:31:31 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET O43 - CFD: 2015/06/90 - 03:28:28 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure O43 - CFD: 2015/03/11 - 18:15:15 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee O43 - CFD: 2015/03/40 - 17:51:51 - [] SD -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft O43 - CFD: 2015/01/11 - 27:05:05 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help O43 - CFD: 2014/06/81 - 34:51:51 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla O43 - CFD: 2014/08/92 - 30:20:20 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero O43 - CFD: 2015/04/92 - 27:25:25 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache O43 - CFD: 2014/06/80 - 04:16:16 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Panda Security O43 - CFD: 2014/06/81 - 09:49:49 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SAMSUNG O43 - CFD: 2014/08/22 - 47:16:16 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype O43 - CFD: 2014/06/81 - 27:02:02 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YTD Video Downloader O43 - CFD: 2015/05/62 - 44:08:08 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport O43 - CFD: 2014/06/81 - 37:34:34 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 2015/05/81 - 57:15:15 - [] D -- C:\Program Files\Common Files\Bitdefender O43 - CFD: 2014/06/81 - 54:02:02 - [] D -- C:\Program Files\Common Files\DESIGNER O43 - CFD: 2014/06/81 - 58:29:29 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 2014/06/81 - 55:16:16 - [] D -- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 2014/06/80 - 49:19:19 - [] D -- C:\Program Files\Common Files\MSSoap O43 - CFD: 2014/08/92 - 30:27:27 - [0] D -- C:\Program Files\Common Files\Nero O43 - CFD: 2014/06/80 - 35:15:15 - [] D -- C:\Program Files\Common Files\ODBC O43 - CFD: 2014/07/30 - 24:05:05 - [] D -- C:\Program Files\Common Files\postureAgent O43 - CFD: 2014/06/80 - 49:23:23 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 2014/06/80 - 35:12:12 - [] D -- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 2014/06/81 - 48:13:13 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 2014/06/81 - 46:13:13 - [] D -- C:\Documents and Settings\Administrator\Application Data\Adobe O43 - CFD: 2014/06/81 - 44:31:31 - [] D -- C:\Documents and Settings\Administrator\Application Data\Ahead O43 - CFD: 2015/06/90 - 02:08:08 - [] D -- C:\Documents and Settings\Administrator\Application Data\AvaFind Data O43 - CFD: 2015/06/30 - 35:43:43 - [] D -- C:\Documents and Settings\Administrator\Application Data\AVG O43 - CFD: 2015/06/60 - 29:17:17 - [] D -- C:\Documents and Settings\Administrator\Application Data\Avira O43 - CFD: 2015/04/40 - 15:01:01 - [] D -- C:\Documents and Settings\Administrator\Application Data\Baidu O43 - CFD: 2015/06/91 - 57:33:33 - [] D -- C:\Documents and Settings\Administrator\Application Data\DMCache O43 - CFD: 2014/06/02 - 29:28:28 - [] D -- C:\Documents and Settings\Administrator\Application Data\Gena01 O43 - CFD: 2015/03/82 - 05:45:45 - [0] D -- C:\Documents and Settings\Administrator\Application Data\GrabPro O43 - CFD: 2014/06/80 - 03:52:52 - [] D -- C:\Documents and Settings\Administrator\Application Data\Identities O43 - CFD: 2015/03/52 - 17:52:52 - [] D -- C:\Documents and Settings\Administrator\Application Data\IDM O43 - CFD: 2010/04/00 - 17:18:18 - [] D -- C:\Documents and Settings\Administrator\Application Data\IEPro O43 - CFD: 2014/06/81 - 00:12:12 - [] D -- C:\Documents and Settings\Administrator\Application Data\Macromedia O43 - CFD: 2014/06/12 - 57:18:18 - [] D -- C:\Documents and Settings\Administrator\Application Data\Maxthon3 O43 - CFD: 2014/07/51 - 46:59:59 - [] D -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic O43 - CFD: 2015/05/70 - 05:38:38 - [] SD -- C:\Documents and Settings\Administrator\Application Data\Microsoft O43 - CFD: 2014/06/81 - 35:00:00 - [] D -- C:\Documents and Settings\Administrator\Application Data\Mozilla O43 - CFD: 2014/06/80 - 58:32:32 - [] D -- C:\Documents and Settings\Administrator\Application Data\PhraseExpress O43 - CFD: 2015/06/30 - 45:00:00 - [] D -- C:\Documents and Settings\Administrator\Application Data\Skype O43 - CFD: 2014/06/80 - 58:32:32 - [] D -- C:\Documents and Settings\Administrator\Application Data\SpaceMonger O43 - CFD: 2014/06/81 - 30:16:16 - [] D -- C:\Documents and Settings\Administrator\Application Data\WinRAR O43 - CFD: 2015/06/00 - 57:12:12 - [] D -- C:\Documents and Settings\Administrator\Application Data\ZHP O43 - CFD: 2015/03/11 - 18:31:31 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe O43 - CFD: 2015/06/30 - 35:10:10 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg O43 - CFD: 2015/06/91 - 22:03:03 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Baidu O43 - CFD: 2015/06/90 - 03:28:28 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\F-Secure O43 - CFD: 2014/08/81 - 47:35:35 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook O43 - CFD: 2014/08/92 - 28:30:30 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FluxSoftware O43 - CFD: 2014/08/11 - 14:02:02 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google O43 - CFD: 2014/08/60 - 45:31:31 - [] SD -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft O43 - CFD: 2014/06/81 - 47:05:05 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help O43 - CFD: 2015/04/20 - 12:16:16 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MiniService O43 - CFD: 2014/06/81 - 34:56:56 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla O43 - CFD: 2014/06/81 - 14:59:59 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype O43 - CFD: 2014/06/81 - 16:44:44 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SRS Labs O43 - CFD: 2015/04/30 - 20:33:33 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp O43 - CFD: 2014/08/51 - 36:11:11 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files O43 - CFD: 2014/06/80 - 03:58:58 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories O43 - CFD: 2014/12/62 - 29:54:54 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bluetooth Devices O43 - CFD: 2014/06/81 - 34:04:04 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\FormatFactory O43 - CFD: 2015/06/30 - 45:00:00 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Games O43 - CFD: 2014/06/80 - 59:39:39 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager O43 - CFD: 2014/06/80 - 58:32:32 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup O43 - CFD: 2014/12/72 - 14:00:00 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR O43 - CFD: 2014/06/80 - 50:57:57 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Accessories O43 - CFD: 2014/06/80 - 52:23:23 - [] D -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Games O43 - CFD: 2014/06/80 - 34:33:33 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Startup ---\\ System Drivers List (SDL) (O58) (56) - 9s O58 - SDL:2011/08/19 04:43:20 A . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480] O58 - SDL:2015/06/06 00:26:31 A . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [107400] O58 - SDL:2015/06/06 00:26:31 A . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [136216] O58 - SDL:2015/06/06 00:26:31 A . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\WINDOWS\System32\drivers\avkmgr.sys [37896] O58 - SDL:2011/08/19 04:43:14 A . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless dr.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS [2699264] O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\WINDOWS\System32\drivers\btaudio.sys [556200] O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth Bus Enumerator.) -- C:\WINDOWS\System32\drivers\btkrnl.sys [933032] O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\System32\drivers\btport.sys [37160] O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\WINDOWS\System32\drivers\btwdndis.sys [118440] O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Broadcom Bluetooth IT Manager Filter.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys [92840] O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Driver for Bluetooth USB Devices.) -- C:\WINDOWS\System32\drivers\btwusb.sys [51752] O58 - SDL:2011/06/15 09:24:59 A . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\System32\drivers\cinemst2.sys [262528] O58 - SDL:2011/06/15 09:24:59 A . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\System32\drivers\cpqdap01.sys [11776] O58 - SDL:2008/04/14 00:14:50 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmboot.sys [799744] O58 - SDL:2008/04/14 00:14:48 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\System32\drivers\dmio.sys [153344] O58 - SDL:2004/08/04 14:00:00 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmload.sys [5888] O58 - SDL:2012/04/25 04:43:00 A . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\WINDOWS\System32\drivers\ETD.sys [222544] O58 - SDL:2008/04/13 22:06:06 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [144384] O58 - SDL:2011/08/19 04:43:14 RA . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECI.sys [41088] O58 - SDL:2011/04/26 11:57:06 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\WINDOWS\System32\drivers\iaStor.sys [461080] O58 - SDL:2011/06/22 09:58:21 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\WINDOWS\System32\drivers\iastor9.sys [461080] O58 - SDL:2011/06/09 18:50:58 A . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\System32\drivers\idmtdi.sys [101360] O58 - SDL:2011/08/19 04:43:15 RA . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [2014240] O58 - SDL:2011/08/19 04:43:16 RA . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\WINDOWS\System32\drivers\Impcd.sys [132480] O58 - SDL:2011/08/19 04:43:16 RA . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\WINDOWS\System32\drivers\IntcDAud.sys [251904] O58 - SDL:2011/08/19 04:43:20 A . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\System32\drivers\Monfilt.sys [1395800] O58 - SDL:2011/06/22 09:58:24 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys [13616] O58 - SDL:2011/06/22 09:58:24 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys [5632] O58 - SDL:2011/06/22 09:58:24 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mvxxmm.sys [13616] O58 - SDL:2011/06/15 09:24:59 A . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\nikedrv.sys [12032] O58 - SDL:2004/08/04 14:00:00 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\System32\drivers\ptilink.sys [17792] O58 - SDL:2011/06/15 09:24:59 A . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\System32\drivers\rio8drv.sys [12032] O58 - SDL:2011/06/15 09:24:59 A . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\riodrv.sys [12032] O58 - SDL:2011/08/19 04:43:00 RA . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys [273512] O58 - SDL:2011/08/19 04:43:21 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [6349416] O58 - SDL:2008/04/13 22:09:16 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\WINDOWS\System32\drivers\secdrv.sys [20480] O58 - SDL:2014/11/27 08:18:05 A . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520] O58 - SDL:2011/06/15 09:24:59 A . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\System32\drivers\tsbvcap.sys [21376] O58 - SDL:2011/06/15 09:24:59 A . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys [58112] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ansi.sys [9029] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\country.sys [27097] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\himem.sys [4768] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\key01.sys [42809] O58 - SDL:2008/04/13 22:20:56 A . (...) -- C:\WINDOWS\System32\keyboard.sys [42537] O58 - SDL:2000/08/24 01:19:38 A . (...) -- C:\WINDOWS\System32\MEMIO.SYS [4300] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos.sys [27866] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos404.sys [29146] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos411.sys [29370] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos412.sys [29274] O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos804.sys [29146] O58 - SDL:2008/04/13 22:19:40 A . (...) -- C:\WINDOWS\System32\ntio.sys [33840] O58 - SDL:2008/04/13 22:19:44 A . (...) -- C:\WINDOWS\System32\ntio404.sys [34560] O58 - SDL:2008/04/13 22:19:40 A . (...) -- C:\WINDOWS\System32\ntio411.sys [35648] O58 - SDL:2008/04/13 22:19:44 A . (...) -- C:\WINDOWS\System32\ntio412.sys [35424] O58 - SDL:2008/04/13 22:19:42 A . (...) -- C:\WINDOWS\System32\ntio804.sys [34560] O58 - SDL:2010/07/04 22:51:26 A . (...) -- C:\WINDOWS\System32\UnlockerDriver5.sys [4096] ---\\ Last modified or created user files (O61) (5) - 12s O61 - LFC: 2015/06/29 02:03:22 A . (.F-Secure Corporation.) -- C:\Documents and Settings\Administrator\My Documents\Downloads\F-SecureOnlineScanner.exe [572456] O61 - LFC: 2015/06/23 00:32:14 A . (.AVG Technologies.) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\avg_tuht_stf_fr_2015_518_15cmp15.exe [50865464] O61 - LFC: 2015/06/29 17:53:15 A . (..) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849] O61 - LFC: 2015/06/29 04:24:08 A . (.F-Secure Corporation.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\F-Secure\stubdl\F-SecureOnlineScanner.exe [6411128] O61 - LFC: 2015/06/22 17:59:16 A . (..) -- C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin [83195] ---\\ File Associations Shell Spawning (O67) (10) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (...) -- "%1" %* ---\\ Start Menu Internet (SMI) (O68) (20) - 1s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- (.not file.) O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- (.not file.) O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- (.not file.) O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- (.not file.) O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- (.not file.) O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- (.not file.) ---\\ Search Browser Infection (SBI) (O69) (3) - 3s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com/ O69 - SBI: SearchScopes [HKCU] {62EA36B6-C4B8-44AD-B159-749BD850CD2E} - (Google) - http://www.google.com/ O69 - SBI: SearchScopes [HKCU] {7B48ECB9-3B8D-4506-9EA8-FC64929E905B} - (Ask Search) - http://websearch.ask.com/ =>Toolbar.Ask ---\\ Additional Scan (O88) (1) - 0s ~ No malicious items found. ---\\ Summary of the detections found on your workstation (1) - 0s http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask ~ End of the scan, 10908 items in 55 seconds (593)(0)()