~ ZHPDiag v2015.8.13.118 By Nicolas Coolman (2015/08/13) ~ Run by koko (Administrator) (2015/08/14 00:06:24) ~ Site: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Documents and Settings\koko\Desktop\ZHPDiag.txt ~ Report: C:\Documents and Settings\koko\Application Data\ZHP\ZHPDiag.txt ~ UAC: Deactivate ~ System startup: Normal (Normal boot) Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Internet Browsers (3) - 0s GCIE: Google Chrome v44.0.2403.155 MFIE: Mozilla Firefox 8.0 (x86 en-US) v8.0 MSIE: Internet Explorer v8.0.6001.18702 ---\\ System protection software (1) - 1s Avast Free Antivirus v10.3.2223 ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 15 Model 4 Stepping 3, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 2060.716 MB (38% free) ~ System Restore: Activé (Enable) ~ System drive C: has 17 GB free of 29 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: KOKO-91428864AB ~ User Name: koko ~ Logged in as Administrator ---\\ Enumeration of the disk units (4) - 0s ~ Drive C: has 17 GB free of 29 GB (System) ~ Drive D: has 16 GB free of 124 GB ~ Drive E: has 8 GB free of 124 GB ~ Drive F: has 151 GB free of 196 GB ---\\ State of the Windows Security Center (8) - 0s [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (22) - 0s [MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) () -- C:\WINDOWS\Explorer.exe [1033728] [MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) () -- C:\WINDOWS\System32\rundll32.exe [33280] [MD5.4EC67FAB39F37626AD6D9895FC094ABF] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [919552] [MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [509440] [MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744] [MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976] [MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44544] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384] [MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [52480] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264] [MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [457856] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816] [MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [576384] [MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80128] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328] [MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [195712] [MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) () -- C:\WINDOWS\System32\drivers\redbook.sys [57600] [MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [52352] ---\\ Process running (19) - 8s [MD5.A97E144E84A665B22AE6E6A93E4DD465] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600] [PID.1588] [MD5.EB7376A9F65736B659AAAF21F964BA89] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [141848] [PID.724] [MD5.BD06FDEAC870D09856B965A88655D747] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [174104] [PID.712] [MD5.756E7DACD8B6EDD26B8C62C2907CD845] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [144920] [PID.772] [MD5.799450710D1B09FAF0D220B4DA3BF431] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776] [PID.868] [MD5.A1F86A5A0DA1BEC12B7DD19C6234BB15] - (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe [966656] [PID.128] [MD5.B86005C322AF3FEC2E0A8047760F9179] - (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe [2803128] [PID.812] [MD5.ADE3D7AD36CA238C6D58E5E93392D2F8] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3903056] [PID.1056] [MD5.178196930A0E1047D83869F38B4BB19B] - (.WiseCleaner.com - Wise Care 365 Tray.) -- C:\Program Files\Wise\Wise Care 365\WiseTray.exe [1177224] [PID.1164] [MD5.2ADA28EE2FA3375DDCC0040522DF0144] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432] [PID.1308] [MD5.E47E66538692B1CFD6CC8021546FCC83] - (.Splashtop Inc. - Splashtop Connect Firefox Software Updater.) -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384] [PID.2372] [MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.2436] [MD5.147C60622CB53E901EFD8BB6D44A4C46] - (.Splashtop Inc. - Splashtop Connect IE Software Updater Servi.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480] [PID.2456] [MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.2368] [MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.700] [MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.3404] [MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.1176] [MD5.2B3F1432B255E79209DEEDF089AA9791] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\koko\My Documents\Downloads\Programs\ZHPDiag3.exe [1902080] [PID.1560] [MD5.2B3F1432B255E79209DEEDF089AA9791] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\koko\My Documents\Downloads\Programs\ZHPDiag3.exe [1902080] [PID.1612] ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (3) - 0s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://ar.hao123.com/ =>PUP.Optional.Browser G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (5) - 2s M0 - MFSP: prefs.js [koko - 69s3kxjx.default] http://www.linkzb.com M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} P2 - EXT FILE: (...) -- C:\Documents and Settings\koko\Application Data\Mozilla\Firefox\Profiles\69s3kxjx.default\extensions\testpilot@labs.mozilla.com.xpi P2 - EXT FILE: (...) -- C:\Documents and Settings\koko\Application Data\Mozilla\Firefox\Profiles\69s3kxjx.default\extensions\webnavigation@linkzb.com.xpi P2 - FPN: [HKLM] [@hi.com/npxbdyy] - (.(c) Hi Ltd. All rights reserved..) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\npxbdyy.dll ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (9) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (R5) (3) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Hosts file redirection (O1) (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (21) ---\\ Browser Helper Object (BHO) (O2) (1) - 0s O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll ---\\ Auto loading programs from Registry and folders (O4) (12) - 1s O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKCU\..\Run: [F.lux] . (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe O4 - HKCU\..\Run: [HiMEDIA] . (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [F.lux] . (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [HiMEDIA] . (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe ---\\ Lop.com/Domain Hijackers (O17) (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123 ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (7) - 2s O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) . (.Splashtop Inc. - Splashtop Connect Firefox Software Updater.) - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) . (.Splashtop Inc. - Splashtop Connect IE Software Updater Servi.) - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe O23 - Service: Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com - Wise BootTime Service.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe ---\\ Task Planned Automatically (O39) (5) - 3s O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\avast! Emergency Update.job [360] O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [882] O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [886] O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\Wise Care 365.job [396] O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\Wise Turbo Checker.job [376] ---\\ Software installed (O42) (28) - 11s O42 - Logiciel: Arabic School Software - DEMO v1.0 - (...) [HKLM] -- Arabic School Software - DEMO O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM] -- Avast O42 - Logiciel: FastStone Capture 7.1 - (.FastStone Soft.) [HKLM] -- FastStone Capture O42 - Logiciel: FastStone Photo Resizer 3.3 - (.FastStone Soft..) [HKLM] -- FastStone Photo Resizer O42 - Logiciel: Gambit Chess - (.Media Contact LLC.) [HKLM] -- Gambit Chess_is1 O42 - Logiciel: Google Chrome - (.Google Inc‎.‎.) [HKLM] -- Google Chrome O42 - Logiciel: HiPlayer1.14.0.138 - (.http://www.hi-player.com.) [HKLM] -- HiPlayer O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Malek - (...) [HKLM] -- Malek O42 - Logiciel: Mozilla Firefox 8.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0 (x86 en-US) O42 - Logiciel: Paltalk Messenger 11.6 - (.AVM Software Inc..) [HKLM] -- Paltalk Messenger O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM] -- USB Disk Security_is1 O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 - (.Microsoft Corporation.) [HKLM] -- Wdf01009 O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver O42 - Logiciel: MPC-HC 1.6.8 - (.MPC-HC Team.) [HKLM] -- {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549} O42 - Logiciel: ON_OFF Charge B11.0110.1 - (.GIGABYTE.) [HKLM] -- {3DECD372-76A1-4483-BF10-B547790A3261} O42 - Logiciel: Splashtop Connect IE - (.Splashtop Inc..) [HKLM] -- {418D77E2-7B60-48F8-B016-30A32699EE74} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Splashtop Connect for Firefox - (.Splashtop Inc..) [HKLM] -- {D2BF4F2C-BDF3-41C3-8D38-185F6342EC47} O42 - Logiciel: Wise Care 365 version 2.66 - (.WiseCleaner.com, Inc..) [HKLM] -- {E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1 O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: F.lux - (...) [HKCU] -- Flux O42 - Logiciel: Hao123-Client - (.Baidu Online Network Technology (Beijing) Co., Ltd..) [HKCU] -- hao123desk O42 - Logiciel: Winamp Detector Plug-in - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect ---\\ HKCU & HKLM Software Keys (69) - 11s HKLM\SOFTWARE\8322898 HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\ArabicSP Software HKLM\SOFTWARE\AVAST Software HKLM\SOFTWARE\Avira HKLM\SOFTWARE\BrowserChoice HKLM\SOFTWARE\C07ft5Y HKLM\SOFTWARE\CDDB HKLM\SOFTWARE\cFos HKLM\SOFTWARE\CoreCodec HKLM\SOFTWARE\Creative Tech HKLM\SOFTWARE\Gemplus HKLM\SOFTWARE\Google HKLM\SOFTWARE\HaaliMkx HKLM\SOFTWARE\Hi HKLM\SOFTWARE\HideAllIP HKLM\SOFTWARE\Intel HKLM\SOFTWARE\Internet Download Manager HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\Nullsoft HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\Program Groups HKLM\SOFTWARE\Realtek HKLM\SOFTWARE\ReflexiveArcade HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\Schlumberger HKLM\SOFTWARE\Splashtop Inc. HKLM\SOFTWARE\TI. HKLM\SOFTWARE\Windows 3.1 Migration Status HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\WiseCleaner HKLM\SOFTWARE\X-AVCSD HKLM\SOFTWARE\ZbshaLab HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\AVAST Software HKCU\SOFTWARE\Avira HKCU\SOFTWARE\Baidu HKCU\SOFTWARE\CoreAAC HKCU\SOFTWARE\DownloadCenter HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\ESET HKCU\SOFTWARE\Flux HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\GNU HKCU\SOFTWARE\Google HKCU\SOFTWARE\GrandMasterChess3 HKCU\SOFTWARE\HideAllIP HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Intel HKCU\SOFTWARE\KasperskyLabSetup HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\Media Research Group HKCU\SOFTWARE\Michael Herf HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Paltalk HKCU\SOFTWARE\pth264 HKCU\SOFTWARE\QtProject HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\Splashtop Inc. HKCU\SOFTWARE\Winamp HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\ZebHelpProcess Helper ---\\ Contents of the Common Files folders (O43) (125) - 12s O43 - CFD: 2015/07/10 22:22:21 - [] D -- C:\Program Files\ArabicSP Software O43 - CFD: 2015/07/29 22:57:31 - [] D -- C:\Program Files\AVAST Software O43 - CFD: 2015/07/04 03:50:19 - [] D -- C:\Program Files\Avira O43 - CFD: 2015/07/25 15:50:14 - [] D -- C:\Program Files\Common Files O43 - CFD: 2015/06/27 07:17:09 - [] D -- C:\Program Files\FastStone Capture O43 - CFD: 2015/06/29 03:29:20 - [] D -- C:\Program Files\FastStone Photo Resizer O43 - CFD: 2015/07/24 22:50:15 - [] D -- C:\Program Files\GameTop.com O43 - CFD: 2015/06/27 15:23:44 - [] D -- C:\Program Files\GIGABYTE O43 - CFD: 2015/07/09 07:12:59 - [] D -- C:\Program Files\Google O43 - CFD: 2015/06/27 07:59:31 - [] D -- C:\Program Files\GUMFF.tmp O43 - CFD: 2015/06/27 15:42:13 - [] D -- C:\Program Files\Hi O43 - CFD: 2015/06/27 15:23:44 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 2015/06/27 15:22:43 - [] D -- C:\Program Files\Intel O43 - CFD: 2015/07/09 08:06:05 - [] D -- C:\Program Files\Internet Download Manager O43 - CFD: 2015/06/27 15:16:08 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 2015/08/07 17:51:10 - [] D -- C:\Program Files\Malek O43 - CFD: 2015/06/27 15:06:02 - [] D -- C:\Program Files\microsoft frontpage O43 - CFD: 2015/06/27 07:20:00 - [] D -- C:\Program Files\Microsoft Office O43 - CFD: 2015/06/27 07:19:36 - [] D -- C:\Program Files\Microsoft Visual Studio O43 - CFD: 2015/06/27 07:19:52 - [] D -- C:\Program Files\Microsoft Works O43 - CFD: 2015/07/10 22:32:47 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 2015/06/27 15:03:40 - [] D -- C:\Program Files\Movie Maker O43 - CFD: 2015/08/13 07:38:21 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 2015/06/27 15:40:34 - [] D -- C:\Program Files\MPC-HC O43 - CFD: 2015/06/27 15:17:13 - [] D -- C:\Program Files\MSBuild O43 - CFD: 2015/06/27 15:02:04 - [] D -- C:\Program Files\MSN Gaming Zone O43 - CFD: 2015/06/27 15:03:58 - [] D -- C:\Program Files\NetMeeting O43 - CFD: 2015/06/27 15:04:33 - [] D -- C:\Program Files\Online Services O43 - CFD: 2015/06/27 15:03:53 - [] D -- C:\Program Files\Outlook Express O43 - CFD: 2015/06/30 10:22:48 - [] D -- C:\Program Files\Paltalk Messenger O43 - CFD: 2015/06/27 15:21:11 - [] D -- C:\Program Files\Realtek O43 - CFD: 2015/06/27 15:17:08 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 2015/06/27 15:19:12 - [] D -- C:\Program Files\Splashtop O43 - CFD: 2015/06/27 15:11:07 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 2015/06/30 10:16:44 - [] D -- C:\Program Files\USB Disk Security O43 - CFD: 2015/06/27 06:50:41 - [] D -- C:\Program Files\Winamp O43 - CFD: 2015/06/27 06:50:27 - [] D -- C:\Program Files\Winamp Detect O43 - CFD: 2015/06/27 15:05:46 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 2015/06/27 15:01:55 - [] D -- C:\Program Files\Windows NT O43 - CFD: 2015/06/27 15:04:37 - [0] HD -- C:\Program Files\WindowsUpdate O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Program Files\WinRAR O43 - CFD: 2015/07/19 07:45:29 - [] D -- C:\Program Files\Wise O43 - CFD: 2015/06/27 15:06:02 - [] D -- C:\Program Files\xerox O43 - CFD: 2015/06/27 15:02:55 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories O43 - CFD: 2015/06/27 15:05:52 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/08/08 15:09:46 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5 ME O43 - CFD: 2015/07/10 22:22:23 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\ArabicSP Software O43 - CFD: 2015/07/29 23:00:20 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software O43 - CFD: 2015/08/08 15:09:46 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\cFosSpeed تشكيل حركة المرور O43 - CFD: 2015/06/27 07:17:09 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Capture O43 - CFD: 2015/06/29 03:29:20 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Photo Resizer O43 - CFD: 2015/06/27 15:02:33 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Games O43 - CFD: 2015/07/25 08:49:47 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\GameTop.com O43 - CFD: 2015/07/09 07:13:12 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome O43 - CFD: 2015/06/27 15:42:52 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\HiPlayer O43 - CFD: 2015/06/28 03:19:43 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/06/27 07:21:12 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office O43 - CFD: 2015/06/27 15:40:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC O43 - CFD: 2015/06/27 07:55:41 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup O43 - CFD: 2015/06/30 10:16:45 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security O43 - CFD: 2015/06/27 06:50:36 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR O43 - CFD: 2015/07/19 07:45:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Care 365 O43 - CFD: 2015/07/25 15:35:40 - [] D -- C:\Documents and Settings\All Users\Application Data\Adobe O43 - CFD: 2015/07/29 22:57:16 - [] D -- C:\Documents and Settings\All Users\Application Data\AVAST Software O43 - CFD: 2015/07/04 03:50:19 - [] D -- C:\Documents and Settings\All Users\Application Data\Avira O43 - CFD: 2015/07/19 12:47:08 - [] D -- C:\Documents and Settings\All Users\Application Data\cFos O43 - CFD: 2015/06/27 15:42:56 - [] D -- C:\Documents and Settings\All Users\Application Data\Hi O43 - CFD: 2015/06/27 06:52:41 - [0] D -- C:\Documents and Settings\All Users\Application Data\IDM O43 - CFD: 2015/06/30 12:44:48 - [] SD -- C:\Documents and Settings\All Users\Application Data\Microsoft O43 - CFD: 2015/07/29 22:14:04 - [] D -- C:\Documents and Settings\All Users\Application Data\PlayFirst O43 - CFD: 2015/07/25 15:35:42 - [] D -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe O43 - CFD: 2015/07/11 09:39:15 - [] D -- C:\Documents and Settings\All Users\Application Data\RogueKiller O43 - CFD: 2015/06/27 15:23:30 - [] D -- C:\Documents and Settings\All Users\Application Data\Splashtop O43 - CFD: 2015/06/27 15:18:42 - [] HD -- C:\Documents and Settings\All Users\Application Data\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} O43 - CFD: 2015/07/25 15:35:40 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 2015/06/27 07:19:56 - [] D -- C:\Program Files\Common Files\DESIGNER O43 - CFD: 2015/06/27 15:20:50 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 2015/07/04 03:49:55 - [] D -- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 2015/06/27 15:03:52 - [] D -- C:\Program Files\Common Files\MSSoap O43 - CFD: 2015/06/27 07:56:23 - [] D -- C:\Program Files\Common Files\ODBC O43 - CFD: 2015/06/27 15:03:56 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 2015/06/27 07:56:18 - [] D -- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 2015/06/27 07:19:24 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 2015/06/30 10:20:35 - [] D -- C:\Program Files\Common Files\Windows Live O43 - CFD: 2015/07/25 15:36:20 - [] D -- C:\Documents and Settings\koko\Application Data\Adobe O43 - CFD: 2015/07/29 23:00:42 - [] D -- C:\Documents and Settings\koko\Application Data\AVAST Software O43 - CFD: 2015/07/04 03:56:56 - [] D -- C:\Documents and Settings\koko\Application Data\Avira O43 - CFD: 2015/06/27 15:43:18 - [] D -- C:\Documents and Settings\koko\Application Data\Baidu O43 - CFD: 2015/08/13 15:25:10 - [] D -- C:\Documents and Settings\koko\Application Data\DMCache O43 - CFD: 2015/06/29 03:29:30 - [] D -- C:\Documents and Settings\koko\Application Data\FastStone O43 - CFD: 2015/07/29 22:21:13 - [] D -- C:\Documents and Settings\koko\Application Data\Gamelab O43 - CFD: 2015/06/27 15:43:16 - [] D -- C:\Documents and Settings\koko\Application Data\Hi O43 - CFD: 2015/06/27 15:11:09 - [] D -- C:\Documents and Settings\koko\Application Data\Identities O43 - CFD: 2015/06/28 08:23:55 - [] D -- C:\Documents and Settings\koko\Application Data\IDM O43 - CFD: 2015/07/24 18:11:53 - [] D -- C:\Documents and Settings\koko\Application Data\Macromedia O43 - CFD: 2015/07/10 22:18:10 - [] D -- C:\Documents and Settings\koko\Application Data\Media Player Classic O43 - CFD: 2015/08/07 09:26:00 - [] SD -- C:\Documents and Settings\koko\Application Data\Microsoft O43 - CFD: 2015/06/27 15:32:51 - [] D -- C:\Documents and Settings\koko\Application Data\Mozilla O43 - CFD: 2015/06/30 10:22:47 - [] D -- C:\Documents and Settings\koko\Application Data\Paltalk O43 - CFD: 2015/07/29 22:14:04 - [] D -- C:\Documents and Settings\koko\Application Data\PlayFirst O43 - CFD: 2015/06/27 15:18:41 - [] D -- C:\Documents and Settings\koko\Application Data\Splashtop O43 - CFD: 2015/07/11 08:07:14 - [] D -- C:\Documents and Settings\koko\Application Data\Winamp O43 - CFD: 2015/06/27 15:35:52 - [] D -- C:\Documents and Settings\koko\Application Data\WinRAR O43 - CFD: 2015/08/13 23:37:26 - [] D -- C:\Documents and Settings\koko\Application Data\Wise Care 365 O43 - CFD: 2015/06/30 10:16:49 - [] D -- C:\Documents and Settings\koko\Application Data\Zbshareware Lab O43 - CFD: 2015/08/14 00:06:56 - [] D -- C:\Documents and Settings\koko\Application Data\ZHP O43 - CFD: 2015/08/07 17:19:10 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Adobe O43 - CFD: 2015/06/29 03:29:30 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\FastStone O43 - CFD: 2015/07/09 07:13:18 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Google O43 - CFD: 2015/07/03 09:50:07 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Identities O43 - CFD: 2015/07/16 02:42:34 - [] SD -- C:\Documents and Settings\koko\Local Settings\Application Data\Microsoft O43 - CFD: 2015/06/27 15:32:47 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Mozilla O43 - CFD: 2015/06/27 06:48:43 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Temp O43 - CFD: 2015/07/16 02:43:02 - [0] D -- C:\Documents and Settings\koko\Local Settings\Application Data\WMTools Downloaded Files O43 - CFD: 2015/06/27 15:11:18 - [] RD -- C:\Documents and Settings\koko\Start Menu\Programs\Accessories O43 - CFD: 2015/06/27 15:34:28 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Flux O43 - CFD: 2015/06/27 15:42:58 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Hao123 O43 - CFD: 2015/06/28 03:19:43 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/06/30 10:22:52 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Paltalk Messenger O43 - CFD: 2015/07/09 08:38:54 - [] RD -- C:\Documents and Settings\koko\Start Menu\Programs\Startup O43 - CFD: 2015/06/27 06:50:27 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Winamp Detector Plug-in O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\WinRAR O43 - CFD: 2015/06/27 15:05:52 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Accessories O43 - CFD: 2015/06/27 07:55:41 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Startup ---\\ System Drivers List (SDL) (O58) (57) - 58s O58 - SDL:2009/11/17 16:16:00 A . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480] O58 - SDL:2011/01/10 18:16:16 A . (...) -- C:\WINDOWS\System32\drivers\AppleCharger.sys [18544] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! HWID.) -- C:\WINDOWS\System32\drivers\aswHwid.sys [24016] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [76000] O58 - SDL:2015/07/29 22:58:40 A . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [55200] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! Revert.) -- C:\WINDOWS\System32\drivers\aswRvrt.sys [49776] O58 - SDL:2015/07/29 22:58:20 A . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\System32\drivers\aswSnx.sys [788784] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [433264] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! Stream Filter.) -- C:\WINDOWS\System32\drivers\aswStmXP.sys [161472] O58 - SDL:2015/06/27 15:27:56 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\System32\drivers\aswTap.sys [35144] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [57888] O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! VM Monitor.) -- C:\WINDOWS\System32\drivers\aswVmm.sys [208664] O58 - SDL:2009/05/11 11:49:28 A . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\System32\drivers\avgntdd.sys [45416] O58 - SDL:2010/02/16 13:24:01 A . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [60936] O58 - SDL:2009/05/11 11:49:28 A . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [22360] O58 - SDL:2010/03/01 09:05:24 A . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [124784] O58 - SDL:2011/03/04 12:44:12 N . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see Px.) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [9072] O58 - SDL:2011/03/04 12:44:12 N . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [9200] O58 - SDL:2012/05/09 06:07:03 A . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\System32\drivers\cinemst2.sys [262528] O58 - SDL:2012/05/09 06:07:03 A . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\System32\drivers\cpqdap01.sys [11776] O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmboot.sys [799744] O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\System32\drivers\dmio.sys [153344] O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmload.sys [5888] O58 - SDL:2008/04/14 05:00:00 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [144384] O58 - SDL:2014/11/28 17:37:06 A . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\System32\drivers\idmtdi.sys [123360] O58 - SDL:2010/04/20 17:42:38 RA . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [1917344] O58 - SDL:2011/03/22 00:58:42 RA . (.Atheros Communications, Inc. - Atheros AR813x/AR815x PCI-E Ethernet Contro.) -- C:\WINDOWS\System32\drivers\l1c51x86.sys [65136] O58 - SDL:2009/11/17 16:17:00 A . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\System32\drivers\Monfilt.sys [1395800] O58 - SDL:2012/05/09 06:12:42 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys [13616] O58 - SDL:2012/05/09 06:12:43 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys [5632] O58 - SDL:2012/05/09 06:12:43 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mvxxmm.sys [13616] O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\nikedrv.sys [12032] O58 - SDL:2008/04/14 05:00:00 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\System32\drivers\ptilink.sys [17792] O58 - SDL:2011/03/04 12:44:14 N . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\System32\drivers\PxHelp20.sys [45648] O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\System32\drivers\rio8drv.sys [12032] O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\riodrv.sys [12032] O58 - SDL:2011/06/07 05:57:28 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [6353000] O58 - SDL:2008/04/14 05:00:00 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\WINDOWS\System32\drivers\secdrv.sys [20480] O58 - SDL:2009/05/11 09:12:49 A . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520] O58 - SDL:2015/07/18 10:26:31 A . (...) -- C:\WINDOWS\System32\drivers\TrueSight.sys [35064] O58 - SDL:2012/05/09 06:07:03 A . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\System32\drivers\tsbvcap.sys [21376] O58 - SDL:2012/05/09 06:07:03 A . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys [58112] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ansi.sys [9029] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\country.sys [27097] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\himem.sys [4768] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\key01.sys [42809] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\keyboard.sys [42537] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos.sys [27866] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos404.sys [29146] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos411.sys [29370] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos412.sys [29274] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos804.sys [29146] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio.sys [33840] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio404.sys [34560] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio411.sys [35648] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio412.sys [35424] O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio804.sys [34560] ---\\ Last modified or created user files (O61) (1) - 7s O61 - LFC: 2015/08/07 09:42:58 A . (..) -- C:\Documents and Settings\koko\Application Data\IDM\DwnlData\koko\iLividSetup_110\iLividSetup.exe [116800] =>PUP.Optional.Bandoo ---\\ File Associations Shell Spawning (O67) (9) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S ---\\ Start Menu Internet (SMI) (O68) (13) - 1s O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe ---\\ Search Browser Infection (SBI) (O69) (6) - 3s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com/ O69 - SBI: SearchScopes [HKCU] {24BAD8B5-E1F4-44b8-A40B-ECB0441B375E} - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com/ O69 - SBI: SearchScopes [HKCU] {7420FDA3-8E8D-4c8b-9A76-A17D0BCCF425} - (Yahoo) - http://search.yahoo.com/ O69 - SBI: SearchScopes [HKCU] {96AD1988-2FFA-4a33-B2FE-F207363AD2BB} - (Google) - http://www.google.com/ O69 - SBI: SearchScopes [HKCU] {9AD09901-06DD-4DDD-A62D-6D2243B771AB} [DefaultScope] - (MyPlayCity) - http://start.myplaycity.com/ ---\\ Search Svchost Services (SSS) (O83) (40) - 2s O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\WINDOWS\system32\appmgmts.dll [167936] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Logical Disk Manager service dll.) -- C:\WINDOWS\system32\dmserver.dll [23552] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - DHCP Client Service.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - .) -- C:\WINDOWS\system32\es.dll [253952] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\System32\hidserv.dll [0] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [134144] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Network Connections Manager.) -- C:\WINDOWS\system32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\WINDOWS\system32\mswsock.dll [245248] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Removable Storage Manager.) -- C:\WINDOWS\system32\ntmssvc.dll [435200] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Task Scheduler Engine.) -- C:\WINDOWS\system32\schedsvc.dll [192512] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\system32\ipnathlp.dll [330752] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - System Restore Service.) -- C:\WINDOWS\system32\srsvc.dll [171008] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\WINDOWS\system32\tapisrv.dll [249856] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [175616] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Wireless Zero Configuration Service.) -- C:\WINDOWS\system32\wzcsvc.dll [483328] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\WINDOWS\system32\advapi32.dll [617472] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\wmisvc.dll [144896] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024] O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Quarantine Agent Service Run-Time.) -- C:\WINDOWS\system32\qagentrt.dll [291328] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\WINDOWS\system32\kmsvc.dll [61440] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\system32\qmgr.dll [409088] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [22520] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [38400] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\mspmsnsv.dll [52224] ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (9) - 46s SS - Auto [2010/02/24 09:28:09] [ 135336] Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - Auto [2010/03/16 15:36:32] [ 267432] Avira AntiVir Guard (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SS - Demand [2010/04/06 16:30:38] [ 31272] AppleChargerSrv (AppleChargerSrv) . (...) - C:\WINDOWS\system32\AppleChargerSrv.exe SR - Auto [2015/07/29 22:58:28] [ 146600] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - Auto [2015/07/09 07:12:43] [ 107848] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - Demand [2015/07/09 07:12:43] [ 107848] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - Auto [2011/03/23 21:37:18] [ 493384] Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe SR - Auto [2011/03/22 01:37:16] [ 497480] Splashtop Connect IE Software Updater Service (WCUService_STC_IE) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe SS - Auto [2013/04/25 18:12:00] [ 580232] Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe ---\\ Additional Scan (O88) (1) - 0s C:\Documents and Settings\koko\Application Data\IDM\DwnlData\koko\iLividSetup_110\iLividSetup.exe =>PUP.Optional.Bandoo ---\\ Summary of the elements found on your workstation (2) - 0s http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser http://www.nicolascoolman.fr/adware-bandoo/ =>PUP.Optional.Bandoo ~ End of the scan, 9990 items in 221 seconds (509)(0)()