cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ ZHPDiag v2015.6.29.74 by Nicolas Coolman (2015\06\29)
~ Run by Administrator (Administrator) (2015/06/30 00:57:06)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Documents and Settings\Administrator\Desktop\ZHPDiag.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
~ Total physical RAM (KB): 3592692
~ System Restore:
~ System drive C: has 37 GB free of 51 GB

---\\ Connection to the system mode (3) - 0s
~ Computer Name: LIGHT-SP3
~ User Name: Administrator
~ Logged in as Administrator

---\\ Enumeration of the disk units (3) - 0s
~ Drive C: has 37 GB free of 51 GB (System)
~ Drive D: has 124 GB free of 124 GB
~ Drive E: has 29 GB free of 128 GB

---\\ State of the Windows Security Center (8) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (22) - 1s
[MD5.6DA4FBD985476636DC44303108DB7D05] - (.Microsoft Corporation - Explorateur Windows.) () -- C:\WINDOWS\Explorer.exe [1499136]
[MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) () -- C:\WINDOWS\System32\rundll32.exe [33280]
[MD5.7F4F1697001B9E9A7924D219DC215903] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [919552]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [509440]
[MD5.8D499B1276012EB907E7A9E0F4D8FDA4] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264]
[MD5.8DD801E28EB76FDA2A38907882A0036F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) () -- C:\WINDOWS\System32\drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [52352]

---\\ Process running (44) - 2s
[MD5.5F816C1F539266D2D4C78694239DA0B5] - (.Microsoft Corporation - Windows NT Session Manager.) -- C:\WINDOWS\system32\smss.exe [50688] [PID.880]
[MD5.C519E15665CD89A91AD383FCE3CB556A] - (.Microsoft Corporation - Services and Controller app.) -- C:\WINDOWS\system32\services.exe [110592] [PID.1100]
[MD5.EC705D6ED3A7F3D9AE42F6239707D9FE] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424] [PID.588]
[MD5.6DA4FBD985476636DC44303108DB7D05] - (.Microsoft Corporation - Explorateur Windows.) -- C:\WINDOWS\explorer.exe [1499136] [PID.872]
[MD5.EC705D6ED3A7F3D9AE42F6239707D9FE] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424] [PID.616]
[MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.1000]
[MD5.9B92ED281343A278E3A6AB6C9B21A369] - (.Baidu Inc. - spark.) -- C:\Program Files\baidu\Baidu Browser\sparkservice.exe [86840] [PID.1244]
[MD5.6BCC9648777E6D82B72BC514D857C3F0] - (.AVG Technologies - AVG PC TuneUp Service.) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2445112] [PID.1668]
[MD5.CBDEE152D73200EE49031A26310B9D3E] - (.Intel Corporation - User Notification Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] [PID.168]
[MD5.177BA0F6744354379D79F66CD7AE33EE] - (.Copyright (C) 2013 - ZDServ Application.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport\ZDServ\ZDServ.exe [427264] [PID.312]
[MD5.7416AAF96F0C48B8848B2BE2686F3EA9] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [365912] [PID.672]
[MD5.E783984459E2992DCEBD32ADBDE28EE1] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [428336] [PID.1644]
[MD5.F9270217466A1816D534B858E797F699] - (.AVG Technologies - AVG PC TuneUp.) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe [2343224] [PID.2572]
[MD5.70903CD03F9B0A23826C4F9A35185EE6] - (...) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport\ZDServ\CancelAutoPlay_Server.exe [426752] [PID.2988]
[MD5.CD1606AC1029DFCBE630F86598133635] - (.Thong Nguyen - PowerMenu.) -- C:\WINDOWS\system32\PowerMenu\PowerMenu.exe [57344] [PID.3192]
[MD5.8D53DD019A3E791A7E452A040DFC9CC7] - (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\WINDOWS\system32\DrvIcon.exe [45056] [PID.3200]
[MD5.C6B402BA76713F983FBC5617190A301C] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [20044392] [PID.3596]
[MD5.E0B06A34A41FCE21640AD92A642E8E23] - (.Copyright (C) 2005 - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [3161600] [PID.3604]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.3612]
[MD5.8EAA6052BA14FCE32069E7E66B895717] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [374784] [PID.3620]
[MD5.9A82F53D7B860CCDF48250869C7684C9] - (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe [2193744] [PID.3676]
[MD5.AD7BFE12BA161252BE51ACE8BDA3FB07] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [136216] [PID.3724]
[MD5.5FCDEBC6EC6733AC90D0C85CDF0204DE] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [170008] [PID.3876]
[MD5.6BDE47EC881107A004AA143F95ADB90D] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [145432] [PID.3940]
[MD5.66177D4C99FD8B578C7C56DE445E4D5D] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312] [PID.780]
[MD5.5F1D5F88303D4A4DBC8E5F97BA967CC3] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [PID.804]
[MD5.EFECA442381D208CC428EDE31D55E21B] - (...) -- C:\WINDOWS\system32\Startup Monitor.exe [37376] [PID.156]
[MD5.38CC541D105DCBA3D3768D6B191D9505] - (.Copyright (C) 2004 - LClock Application.) -- C:\WINDOWS\system32\LClock\LClock.exe [65536] [PID.1424]
[MD5.1DFE8ABE26EE403B7F276B8640E2A026] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3380632] [PID.2336]
[MD5.596054F68A7C7EDD5E8A19BF511AC475] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [1757264] [PID.2352]
[MD5.A426E2F52E75454D2D145FE2D1741677] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [636256] [PID.1772]
[MD5.10ED4224F627269EB367836CC46696DD] - (.Think Less Do More Services - Ava Find.) -- C:\WINDOWS\system32\AvaFind.exe [300032] [PID.2760]
[MD5.C0417E571BA2837EA3CBE17E728E17DD] - (.Panda Security - USB Vaccine.) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe [1287176] [PID.2844]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [263600] [PID.3076]
[MD5.2361F75A06F04609C81836C58E1F98C7] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [2151800] [PID.3584]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.3660]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.3824]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2404]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2724]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2736]
[MD5.AF098DDE68DE14821DA10C4DDE3765AB] - (.Pandora.TV - The KMPlayer.) -- C:\Program Files\The KMPlayer FR\KMPlayer.exe [6364160] [PID.2748]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.736]
[MD5.C2D0C69CC95DF5CAB27ADB6D1B5DE130] - (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe [981304] [PID.2828]
[MD5.AE69B52701C5D5453D1AA0564B760B58] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrator\Application Data\ZHP\ZHPDiag3.exe [1797120] [PID.3468]

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (13) - 1s
G0 - GCSP: Preferences [User Data\Default][HomePage] "https://clients1.google.com/"
G0 - GCSP: Preferences [User Data\Default][HomePage] "https://fbcdn-video-a.akamaihd.net/"
G0 - GCSP: Preferences [User Data\Default][HomePage] "https://fbstatic-a.akamaihd.net/"
G0 - GCSP: Preferences [User Data\Default][HomePage] "https://www.facebook.com/"
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] "https://www.facebook.com/"
G2 - GCE: Extension [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest
G2 - GCE: Extension [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest
G2 - GCE: Extension [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest
G2 - GCE: Extension [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest
G2 - GCE: Extension [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module
G2 - GCE: Extension [User Data\Default] [mpaojhgmgpjafbbcfdkbepfadhkmehnp] Video Windows
G2 - GCE: Extension [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] __MSG_APP_NAME__
G2 - GCE: Extension [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (7) - 1s
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (10) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://maroc.msn.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (R5) (3) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (19)

---\\ Browser Helper Object (BHO) (O2) (5) - 0s
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} (Orphean)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} (Orphean)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Orphean)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Orphean)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} (Orphean)

---\\ Internet Explorer Toolbars (O3) (1) - 0s
O3 - Toolbar: (no name) - [HKLM]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (Orphean)

---\\ Auto loading programs from Registry and folders (O4) (37) - 1s
O4 - HKLM\..\Run: [PowerMenu] . (.Thong Nguyen - PowerMenu.) -- C:\WINDOWS\system32\PowerMenu\PowerMenu.exe
O4 - HKLM\..\Run: [DrvIcon] . (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\WINDOWS\system32\DrvIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE
O4 - HKLM\..\Run: [BatteryManager] . (.Copyright (C) 2005 - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [SUPBackground] . (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [EasySpeedUpManager] . (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
O4 - HKLM\..\Run: [EasySpeedUpManager2] . (.Samsung Electronics - Easy SpeedUp Manager II.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NewJavaInstall] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Monitor] . (...) -- C:\WINDOWS\system32\Startup Monitor.exe
O4 - HKCU\..\Run: [lclock] . (.http://www.hiddensoft.com/autoit3/compiled.html - AutoIt v3 Compiled Script.) -- C:\WINDOWS\system32\LClock\CLOCK.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. - Battery Life Extender.) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe
O4 - HKCU\..\Run: [SSCKbdHk] . (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [AdopeFlash] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [Startup Monitor] . (...) -- C:\WINDOWS\system32\Startup Monitor.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [lclock] . (.http://www.hiddensoft.com/autoit3/compiled.html - AutoIt v3 Compiled Script.) -- C:\WINDOWS\system32\LClock\CLOCK.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. - Battery Life Extender.) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [SSCKbdHk] . (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1220945662-1844823847-1801674531-500\..\Run: [AdopeFlash] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe

---\\ Lop.com/Domain Hijackers (O17) (6) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (10) - 1s
O23 - Service: Avira Protection e-mail (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Antivirus MailScanner LSP Service.) - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planificateur (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Protection temps réel (AntiVirService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Protection Web (AntiVirWebService) . (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) . (.AVG Technologies - AVG PC TuneUp Service.) - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: ZDServ (ZDServ) . (.Copyright (C) 2013 - ZDServ Application.) - C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport\ZDServ\ZDServ.exe

---\\ BootExecute (BEX) (O34) (2) - 0s
O34 - HKLM BootExecute: (pgdfgsvc C 1) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:2372a6a35bd /dir:"C:\Program Files\AVAST Software\Avast") - File not found

---\\ Task Planned Automatically (O39) (4) - 0s
O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [1002]
O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1844823847-1801674531-500Core.job [1008]
O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1844823847-1801674531-500UA.job [1030]
O39 - APT:Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\SparkUpdater.job [394]

---\\ Software installed (O42) (35) - 7s
O42 - Logiciel: Adobe Flash Player 16 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 16 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: AVG PC TuneUp 2015 - (.AVG Technologies.) [HKLM] -- AVG PC TuneUp
O42 - Logiciel: Avira Antivirus v15.0.10.434 - (.Avira Operations GmbH & Co. KG.) [HKLM] -- Avira Antivirus
O42 - Logiciel: Carte réseau Broadcom 802.11 - (.Broadcom Corporation.) [HKLM] -- Carte réseau Broadcom 802.11
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: ETDWare PS/2-X86 10.7.14.12_WHQL - (.ELAN Microelectronic Corp..) [HKLM] -- Elantech
O42 - Logiciel: FormatFactory 2.45 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: IE7Pro - (.IE7Pro Team.) [HKLM] -- IE7Pro
O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM] -- Spark
O42 - Logiciel: Tracks Eraser Pro v8.9 build 1000 - (.Acesoft, Inc..) [HKLM] -- Tracks Eraser Pro_is1
O42 - Logiciel: WinRAR 5.11 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O42 - Logiciel: Samsung Update Plus - (.Samsung Electronics Co., Ltd..) [HKLM] -- {142D8CA7-2C6F-45A7-83E3-099AAFD99133}
O42 - Logiciel: Easy Display Manager - (.Samsung Electronics Co., Ltd..) [HKLM] -- {17283B95-21A8-4996-97DA-547A48DB266F}
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Panda USB Vaccine 1.0.1.4 - (.Panda Security.) [HKLM] -- {55A41219-9B22-4098-BAE7-AE289B3C569A}_is1
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Samsung Battery Manager - (...) [HKLM] -- {6F730513-8688-4C3C-90A3-6B9792CE2EF3}
O42 - Logiciel: Adobe Reader 9.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A91000000001}
O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] -- {BAF78226-3200-4DB4-BE33-4D922A799840}
O42 - Logiciel: MOBICONNECT - (.ZTE Corporation.) [HKLM] -- {BCE97917-E58C-41FA-9B53-859E3FDCE924}
O42 - Logiciel: ZDServer - (.ZTE Corporation.) [HKLM] -- {C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}
O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525}
O42 - Logiciel: BatteryLifeExtender - (.Samsung.) [HKLM] -- {EA257ECF-5F72-4461-B890-959394DCD087}
O42 - Logiciel: Easy SpeedUp Manager - (.Samsung Electronics Co.,Ltd..) [HKLM] -- {EF367AA4-070B-493C-9575-85BE59D789C9}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: ÈÑäÇãÌ WIDCOMM Bluetooth - (.Broadcom.) [HKLM] -- {F48BE301-EC78-4686-B580-EE4934558798}
O42 - Logiciel: Samsung Support Center - (.Samsung.) [HKLM] -- {F687E657-F636-44DF-8125-9FEEA2C362F5}
O42 - Logiciel: MSXML 6.0 Parser (KB925673) - (.Microsoft Corporation.) [HKLM] -- {FE9126DB-5F84-495A-BB46-3C724F1C2D08}
O42 - Logiciel: QQ??3.7 - (.????(??)????.) [HKCU] -- QQPlayer

---\\ HKCU & HKLM Software Keys (107) - 7s
HKLM\SOFTWARE\Acesoft
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AdwCleaner
HKLM\SOFTWARE\Ahead
HKLM\SOFTWARE\AVAST Software
HKLM\SOFTWARE\AVG
HKLM\SOFTWARE\Avira
HKLM\SOFTWARE\AviSynth
HKLM\SOFTWARE\Baidu
HKLM\SOFTWARE\BcmSetup
HKLM\SOFTWARE\BrowserChoice
HKLM\SOFTWARE\C07ft5Y
HKLM\SOFTWARE\Creative Tech
HKLM\SOFTWARE\CyberLink
HKLM\SOFTWARE\DivX
HKLM\SOFTWARE\Dropbox
HKLM\SOFTWARE\ESET
HKLM\SOFTWARE\Gemplus
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\IEPro
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\InterVideo
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\Nero
HKLM\SOFTWARE\NKY Inc.
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Panda Security
HKLM\SOFTWARE\Panda Software
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\Program Groups
HKLM\SOFTWARE\Realtek
HKLM\SOFTWARE\Realtek Semiconductor Corp.
HKLM\SOFTWARE\ReflexiveArcade
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\RTLSetup
HKLM\SOFTWARE\Samsung
HKLM\SOFTWARE\Samsung Electronics Co., Ltd.
HKLM\SOFTWARE\Schlumberger
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\SRS Labs
HKLM\SOFTWARE\TuneUp
HKLM\SOFTWARE\Widcomm
HKLM\SOFTWARE\Windows 3.1 Migration Status
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\X-AVCSD
HKCU\SOFTWARE\Acesoft
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\Ahead
HKCU\SOFTWARE\Alexander Avdonin
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Auslogics
HKCU\SOFTWARE\AVG
HKCU\SOFTWARE\Avira
HKCU\SOFTWARE\Baidu
HKCU\SOFTWARE\CoreAAC
HKCU\SOFTWARE\Cyberlink
HKCU\SOFTWARE\DownloadAstro
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\DSP-worx
HKCU\SOFTWARE\Elantech
HKCU\SOFTWARE\Elastic Systems
HKCU\SOFTWARE\ESET
HKCU\SOFTWARE\Facebook
HKCU\SOFTWARE\Folder Guide
HKCU\SOFTWARE\FreeTime
HKCU\SOFTWARE\Gabest
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\GreenTree Applications
HKCU\SOFTWARE\Haali
HKCU\SOFTWARE\iColorFolder
HKCU\SOFTWARE\IEPro
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\KMPlayer
HKCU\SOFTWARE\Krapplets
HKCU\SOFTWARE\LClock
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Michael Herf
HKCU\SOFTWARE\mlin
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Nero
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\NewSofter
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Panda Security
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\Revenger inc.
HKCU\SOFTWARE\Samsung
HKCU\SOFTWARE\Settings
HKCU\SOFTWARE\Skype
HKCU\SOFTWARE\SkypeRS
HKCU\SOFTWARE\Sysinternals
HKCU\SOFTWARE\Think Less Do More
HKCU\SOFTWARE\UberIcon-v1.0.0
HKCU\SOFTWARE\Widcomm
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\IEPro

---\\ Contents of the Common Files folders (O43) (138) - 6s
O43 - CFD: 2014/07/51 - 24:15:15 - [] D -- C:\Program Files\Acesoft
O43 - CFD: 2014/06/81 - 37:23:23 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2015/06/30 - 35:27:27 - [] D -- C:\Program Files\AVG
O43 - CFD: 2015/05/00 - 34:10:10 - [] D -- C:\Program Files\Avira
O43 - CFD: 2015/04/30 - 20:34:34 - [] D -- C:\Program Files\baidu
O43 - CFD: 2014/06/81 - 01:30:30 - [] D -- C:\Program Files\Broadcom
O43 - CFD: 2014/06/01 - 28:55:55 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2015/06/91 - 56:34:34 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2014/06/80 - 48:20:20 - [0] D -- C:\Program Files\ComPlus Applications
O43 - CFD: 2014/07/30 - 12:28:28 - [] D -- C:\Program Files\Elantech
O43 - CFD: 2014/06/80 - 52:31:31 - [] D -- C:\Program Files\ESET
O43 - CFD: 2014/06/81 - 33:44:44 - [] D -- C:\Program Files\FreeTime
O43 - CFD: 2015/06/91 - 02:49:49 - [] D -- C:\Program Files\Google
O43 - CFD: 2014/06/82 - 09:07:07 - [0] D -- C:\Program Files\GUM1E2.tmp
O43 - CFD: 2015/05/62 - 44:01:01 - [] D -- C:\Program Files\Hostless Modem
O43 - CFD: 2014/06/80 - 51:41:41 - [] D -- C:\Program Files\IEPro
O43 - CFD: 2014/06/81 - 14:28:28 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2014/07/30 - 36:36:36 - [] D -- C:\Program Files\Intel
O43 - CFD: 2014/06/80 - 59:37:37 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 2014/06/80 - 49:18:18 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2014/06/81 - 47:14:14 - [] D -- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2014/06/81 - 53:35:35 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2014/06/81 - 53:33:33 - [] D -- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 2014/06/81 - 50:09:09 - [] D -- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 2014/12/90 - 25:59:59 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2014/06/80 - 49:10:10 - [] D -- C:\Program Files\Movie Maker
O43 - CFD: 2015/06/91 - 49:58:58 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2014/06/81 - 55:00:00 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2014/06/80 - 49:24:24 - [] D -- C:\Program Files\NetMeeting
O43 - CFD: 2014/06/80 - 51:33:33 - [] D -- C:\Program Files\notepad++
O43 - CFD: 2014/06/80 - 49:43:43 - [] D -- C:\Program Files\Online Services
O43 - CFD: 2014/06/80 - 49:20:20 - [] D -- C:\Program Files\Outlook Express
O43 - CFD: 2014/06/80 - 53:00:00 - [] D -- C:\Program Files\Panda USB Vaccine
O43 - CFD: 2014/06/81 - 00:29:29 - [] D -- C:\Program Files\Realtek
O43 - CFD: 2014/06/81 - 04:20:20 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2014/06/81 - 14:42:42 - [] D -- C:\Program Files\Samsung
O43 - CFD: 2015/04/01 - 13:53:53 - [] D -- C:\Program Files\The KMPlayer FR
O43 - CFD: 2014/06/80 - 03:47:47 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2014/06/81 - 08:17:17 - [] D -- C:\Program Files\WIDCOMM
O43 - CFD: 2014/06/80 - 48:10:10 - [] D -- C:\Program Files\Windows Media Connect 2
O43 - CFD: 2014/06/80 - 50:53:53 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2014/06/80 - 48:03:03 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2014/06/80 - 49:45:45 - [0] HD -- C:\Program Files\WindowsUpdate
O43 - CFD: 2014/12/72 - 13:59:59 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/06/91 - 31:27:27 - [] D -- C:\Program Files\ZHPDiag
O43 - CFD: 2014/06/80 - 50:37:37 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
O43 - CFD: 2014/06/80 - 50:57:57 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/06/30 - 36:15:15 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2015
O43 - CFD: 2015/06/60 - 29:25:25 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
O43 - CFD: 2015/04/30 - 20:38:38 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Baidu Browser
O43 - CFD: 2014/06/01 - 28:55:55 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
O43 - CFD: 2014/06/80 - 48:23:23 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
O43 - CFD: 2014/06/81 - 55:40:40 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
O43 - CFD: 2015/05/62 - 44:08:08 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MOBICONNECT
O43 - CFD: 2014/06/81 - 55:40:40 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SharePoint
O43 - CFD: 2015/03/11 - 18:17:17 - [] RD -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
O43 - CFD: 2014/07/51 - 24:17:17 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Tracks Eraser Pro
O43 - CFD: 2014/12/72 - 14:00:00 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
O43 - CFD: 2014/12/22 - 13:40:40 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\YTD Video Downloader
O43 - CFD: 2015/06/91 - 31:28:28 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ZHP
O43 - CFD: 2014/06/81 - 37:47:47 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
O43 - CFD: 2015/05/00 - 29:54:54 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
O43 - CFD: 2015/06/30 - 36:21:21 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
O43 - CFD: 2015/06/60 - 28:06:06 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
O43 - CFD: 2015/04/30 - 20:47:47 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baidu
O43 - CFD: 2015/06/30 - 33:39:39 - [] HD -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
O43 - CFD: 2014/06/80 - 52:31:31 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
O43 - CFD: 2015/06/90 - 03:28:28 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
O43 - CFD: 2015/03/11 - 18:15:15 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
O43 - CFD: 2015/03/40 - 17:51:51 - [] SD -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
O43 - CFD: 2015/01/11 - 27:05:05 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
O43 - CFD: 2014/06/81 - 34:51:51 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
O43 - CFD: 2014/08/92 - 30:20:20 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
O43 - CFD: 2015/04/92 - 27:25:25 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache
O43 - CFD: 2014/06/80 - 04:16:16 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Panda Security
O43 - CFD: 2014/06/81 - 09:49:49 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SAMSUNG
O43 - CFD: 2014/08/22 - 47:16:16 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
O43 - CFD: 2014/06/81 - 27:02:02 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YTD Video Downloader
O43 - CFD: 2015/05/62 - 44:08:08 - [] D -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZDSupport
O43 - CFD: 2014/06/81 - 37:34:34 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2015/05/81 - 57:15:15 - [] D -- C:\Program Files\Common Files\Bitdefender
O43 - CFD: 2014/06/81 - 54:02:02 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2014/06/81 - 58:29:29 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2014/06/81 - 55:16:16 - [] D -- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 2014/06/80 - 49:19:19 - [] D -- C:\Program Files\Common Files\MSSoap
O43 - CFD: 2014/08/92 - 30:27:27 - [0] D -- C:\Program Files\Common Files\Nero
O43 - CFD: 2014/06/80 - 35:15:15 - [] D -- C:\Program Files\Common Files\ODBC
O43 - CFD: 2014/07/30 - 24:05:05 - [] D -- C:\Program Files\Common Files\postureAgent
O43 - CFD: 2014/06/80 - 49:23:23 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2014/06/80 - 35:12:12 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2014/06/81 - 48:13:13 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2014/06/81 - 46:13:13 - [] D -- C:\Documents and Settings\Administrator\Application Data\Adobe
O43 - CFD: 2014/06/81 - 44:31:31 - [] D -- C:\Documents and Settings\Administrator\Application Data\Ahead
O43 - CFD: 2015/06/90 - 02:08:08 - [] D -- C:\Documents and Settings\Administrator\Application Data\AvaFind Data
O43 - CFD: 2015/06/30 - 35:43:43 - [] D -- C:\Documents and Settings\Administrator\Application Data\AVG
O43 - CFD: 2015/06/60 - 29:17:17 - [] D -- C:\Documents and Settings\Administrator\Application Data\Avira
O43 - CFD: 2015/04/40 - 15:01:01 - [] D -- C:\Documents and Settings\Administrator\Application Data\Baidu
O43 - CFD: 2015/06/91 - 57:33:33 - [] D -- C:\Documents and Settings\Administrator\Application Data\DMCache
O43 - CFD: 2014/06/02 - 29:28:28 - [] D -- C:\Documents and Settings\Administrator\Application Data\Gena01
O43 - CFD: 2015/03/82 - 05:45:45 - [0] D -- C:\Documents and Settings\Administrator\Application Data\GrabPro
O43 - CFD: 2014/06/80 - 03:52:52 - [] D -- C:\Documents and Settings\Administrator\Application Data\Identities
O43 - CFD: 2015/03/52 - 17:52:52 - [] D -- C:\Documents and Settings\Administrator\Application Data\IDM
O43 - CFD: 2010/04/00 - 17:18:18 - [] D -- C:\Documents and Settings\Administrator\Application Data\IEPro
O43 - CFD: 2014/06/81 - 00:12:12 - [] D -- C:\Documents and Settings\Administrator\Application Data\Macromedia
O43 - CFD: 2014/06/12 - 57:18:18 - [] D -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
O43 - CFD: 2014/07/51 - 46:59:59 - [] D -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
O43 - CFD: 2015/05/70 - 05:38:38 - [] SD -- C:\Documents and Settings\Administrator\Application Data\Microsoft
O43 - CFD: 2014/06/81 - 35:00:00 - [] D -- C:\Documents and Settings\Administrator\Application Data\Mozilla
O43 - CFD: 2014/06/80 - 58:32:32 - [] D -- C:\Documents and Settings\Administrator\Application Data\PhraseExpress
O43 - CFD: 2015/06/30 - 45:00:00 - [] D -- C:\Documents and Settings\Administrator\Application Data\Skype
O43 - CFD: 2014/06/80 - 58:32:32 - [] D -- C:\Documents and Settings\Administrator\Application Data\SpaceMonger
O43 - CFD: 2014/06/81 - 30:16:16 - [] D -- C:\Documents and Settings\Administrator\Application Data\WinRAR
O43 - CFD: 2015/06/00 - 57:12:12 - [] D -- C:\Documents and Settings\Administrator\Application Data\ZHP
O43 - CFD: 2015/03/11 - 18:31:31 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
O43 - CFD: 2015/06/30 - 35:10:10 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
O43 - CFD: 2015/06/91 - 22:03:03 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Baidu
O43 - CFD: 2015/06/90 - 03:28:28 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\F-Secure
O43 - CFD: 2014/08/81 - 47:35:35 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
O43 - CFD: 2014/08/92 - 28:30:30 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FluxSoftware
O43 - CFD: 2014/08/11 - 14:02:02 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
O43 - CFD: 2014/08/60 - 45:31:31 - [] SD -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
O43 - CFD: 2014/06/81 - 47:05:05 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
O43 - CFD: 2015/04/20 - 12:16:16 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MiniService
O43 - CFD: 2014/06/81 - 34:56:56 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
O43 - CFD: 2014/06/81 - 14:59:59 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
O43 - CFD: 2014/06/81 - 16:44:44 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SRS Labs
O43 - CFD: 2015/04/30 - 20:33:33 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
O43 - CFD: 2014/08/51 - 36:11:11 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
O43 - CFD: 2014/06/80 - 03:58:58 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
O43 - CFD: 2014/12/62 - 29:54:54 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bluetooth Devices
O43 - CFD: 2014/06/81 - 34:04:04 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\FormatFactory
O43 - CFD: 2015/06/30 - 45:00:00 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Games
O43 - CFD: 2014/06/80 - 59:39:39 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2014/06/80 - 58:32:32 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
O43 - CFD: 2014/12/72 - 14:00:00 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
O43 - CFD: 2014/06/80 - 50:57:57 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Accessories
O43 - CFD: 2014/06/80 - 52:23:23 - [] D -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Games
O43 - CFD: 2014/06/80 - 34:33:33 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Startup

---\\ System Drivers List (SDL) (O58) (56) - 9s
O58 - SDL:2011/08/19 04:43:20 A . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480]
O58 - SDL:2015/06/06 00:26:31 A . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [107400]
O58 - SDL:2015/06/06 00:26:31 A . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [136216]
O58 - SDL:2015/06/06 00:26:31 A . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\WINDOWS\System32\drivers\avkmgr.sys [37896]
O58 - SDL:2011/08/19 04:43:14 A . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless dr.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS [2699264]
O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\WINDOWS\System32\drivers\btaudio.sys [556200]
O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth Bus Enumerator.) -- C:\WINDOWS\System32\drivers\btkrnl.sys [933032]
O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\System32\drivers\btport.sys [37160]
O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\WINDOWS\System32\drivers\btwdndis.sys [118440]
O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Broadcom Bluetooth IT Manager Filter.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys [92840]
O58 - SDL:2011/08/19 04:43:00 A . (.Broadcom Corporation. - Driver for Bluetooth USB Devices.) -- C:\WINDOWS\System32\drivers\btwusb.sys [51752]
O58 - SDL:2011/06/15 09:24:59 A . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\System32\drivers\cinemst2.sys [262528]
O58 - SDL:2011/06/15 09:24:59 A . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\System32\drivers\cpqdap01.sys [11776]
O58 - SDL:2008/04/14 00:14:50 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmboot.sys [799744]
O58 - SDL:2008/04/14 00:14:48 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\System32\drivers\dmio.sys [153344]
O58 - SDL:2004/08/04 14:00:00 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmload.sys [5888]
O58 - SDL:2012/04/25 04:43:00 A . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\WINDOWS\System32\drivers\ETD.sys [222544]
O58 - SDL:2008/04/13 22:06:06 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [144384]
O58 - SDL:2011/08/19 04:43:14 RA . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECI.sys [41088]
O58 - SDL:2011/04/26 11:57:06 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\WINDOWS\System32\drivers\iaStor.sys [461080]
O58 - SDL:2011/06/22 09:58:21 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\WINDOWS\System32\drivers\iastor9.sys [461080]
O58 - SDL:2011/06/09 18:50:58 A . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\System32\drivers\idmtdi.sys [101360]
O58 - SDL:2011/08/19 04:43:15 RA . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [2014240]
O58 - SDL:2011/08/19 04:43:16 RA . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\WINDOWS\System32\drivers\Impcd.sys [132480]
O58 - SDL:2011/08/19 04:43:16 RA . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\WINDOWS\System32\drivers\IntcDAud.sys [251904]
O58 - SDL:2011/08/19 04:43:20 A . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\System32\drivers\Monfilt.sys [1395800]
O58 - SDL:2011/06/22 09:58:24 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys [13616]
O58 - SDL:2011/06/22 09:58:24 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys [5632]
O58 - SDL:2011/06/22 09:58:24 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mvxxmm.sys [13616]
O58 - SDL:2011/06/15 09:24:59 A . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\nikedrv.sys [12032]
O58 - SDL:2004/08/04 14:00:00 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\System32\drivers\ptilink.sys [17792]
O58 - SDL:2011/06/15 09:24:59 A . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\System32\drivers\rio8drv.sys [12032]
O58 - SDL:2011/06/15 09:24:59 A . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\riodrv.sys [12032]
O58 - SDL:2011/08/19 04:43:00 RA . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys [273512]
O58 - SDL:2011/08/19 04:43:21 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [6349416]
O58 - SDL:2008/04/13 22:09:16 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\WINDOWS\System32\drivers\secdrv.sys [20480]
O58 - SDL:2014/11/27 08:18:05 A . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520]
O58 - SDL:2011/06/15 09:24:59 A . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\System32\drivers\tsbvcap.sys [21376]
O58 - SDL:2011/06/15 09:24:59 A . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys [58112]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ansi.sys [9029]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\himem.sys [4768]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\key01.sys [42809]
O58 - SDL:2008/04/13 22:20:56 A . (...) -- C:\WINDOWS\System32\keyboard.sys [42537]
O58 - SDL:2000/08/24 01:19:38 A . (...) -- C:\WINDOWS\System32\MEMIO.SYS [4300]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos.sys [27866]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos404.sys [29146]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos411.sys [29370]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos412.sys [29274]
O58 - SDL:2004/08/04 14:00:00 A . (...) -- C:\WINDOWS\System32\ntdos804.sys [29146]
O58 - SDL:2008/04/13 22:19:40 A . (...) -- C:\WINDOWS\System32\ntio.sys [33840]
O58 - SDL:2008/04/13 22:19:44 A . (...) -- C:\WINDOWS\System32\ntio404.sys [34560]
O58 - SDL:2008/04/13 22:19:40 A . (...) -- C:\WINDOWS\System32\ntio411.sys [35648]
O58 - SDL:2008/04/13 22:19:44 A . (...) -- C:\WINDOWS\System32\ntio412.sys [35424]
O58 - SDL:2008/04/13 22:19:42 A . (...) -- C:\WINDOWS\System32\ntio804.sys [34560]
O58 - SDL:2010/07/04 22:51:26 A . (...) -- C:\WINDOWS\System32\UnlockerDriver5.sys [4096]

---\\ Last modified or created user files (O61) (5) - 12s
O61 - LFC: 2015/06/29 02:03:22 A . (.F-Secure Corporation.) -- C:\Documents and Settings\Administrator\My Documents\Downloads\F-SecureOnlineScanner.exe [572456]
O61 - LFC: 2015/06/23 00:32:14 A . (.AVG Technologies.) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\avg_tuht_stf_fr_2015_518_15cmp15.exe [50865464]
O61 - LFC: 2015/06/29 17:53:15 A . (..) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 2015/06/29 04:24:08 A . (.F-Secure Corporation.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\F-Secure\stubdl\F-SecureOnlineScanner.exe [6411128]
O61 - LFC: 2015/06/22 17:59:16 A . (..) -- C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin [83195]

---\\ File Associations Shell Spawning (O67) (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (...) -- "%1" %*

---\\ Start Menu Internet (SMI) (O68) (20) - 1s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- (.not file.)
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- (.not file.)
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- (.not file.)

---\\ Search Browser Infection (SBI) (O69) (3) - 3s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com/
O69 - SBI: SearchScopes [HKCU] {62EA36B6-C4B8-44AD-B159-749BD850CD2E} - (Google) - http://www.google.com/
O69 - SBI: SearchScopes [HKCU] {7B48ECB9-3B8D-4506-9EA8-FC64929E905B} - (Ask Search) - http://websearch.ask.com/ =>Toolbar.Ask

---\\ Additional Scan (O88) (1) - 0s
~ No malicious items found.

---\\ Summary of the detections found on your workstation (1) - 0s
http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask

~ End of the scan, 10908 items in 55 seconds (593)(0)()

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !