Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPDiag v2015.8.13.118 By Nicolas Coolman (2015/08/13)
~ Run by koko (Administrator) (2015/08/14 00:06:24)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Documents and Settings\koko\Desktop\ZHPDiag.txt
~ Report: C:\Documents and Settings\koko\Application Data\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Normal (Normal boot)
Windows XP, 32-bit Service Pack 3 (Build 2600)
---\\ Internet Browsers (3) - 0s
GCIE: Google Chrome v44.0.2403.155
MFIE: Mozilla Firefox 8.0 (x86 en-US) v8.0
MSIE: Internet Explorer v8.0.6001.18702
---\\ System protection software (1) - 1s
Avast Free Antivirus v10.3.2223
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 15 Model 4 Stepping 3, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 2060.716 MB (38% free)
~ System Restore: Activé (Enable)
~ System drive C: has 17 GB free of 29 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: KOKO-91428864AB
~ User Name: koko
~ Logged in as Administrator
---\\ Enumeration of the disk units (4) - 0s
~ Drive C: has 17 GB free of 29 GB (System)
~ Drive D: has 16 GB free of 124 GB
~ Drive E: has 8 GB free of 124 GB
~ Drive F: has 151 GB free of 196 GB
---\\ State of the Windows Security Center (8) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
---\\ Search Generic System Files (22) - 0s
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) () -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) () -- C:\WINDOWS\System32\rundll32.exe [33280]
[MD5.4EC67FAB39F37626AD6D9895FC094ABF] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [919552]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [509440]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) () -- C:\WINDOWS\System32\drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [52352]
---\\ Process running (19) - 8s
[MD5.A97E144E84A665B22AE6E6A93E4DD465] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600] [PID.1588]
[MD5.EB7376A9F65736B659AAAF21F964BA89] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [141848] [PID.724]
[MD5.BD06FDEAC870D09856B965A88655D747] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [174104] [PID.712]
[MD5.756E7DACD8B6EDD26B8C62C2907CD845] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [144920] [PID.772]
[MD5.799450710D1B09FAF0D220B4DA3BF431] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776] [PID.868]
[MD5.A1F86A5A0DA1BEC12B7DD19C6234BB15] - (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe [966656] [PID.128]
[MD5.B86005C322AF3FEC2E0A8047760F9179] - (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe [2803128] [PID.812]
[MD5.ADE3D7AD36CA238C6D58E5E93392D2F8] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3903056] [PID.1056]
[MD5.178196930A0E1047D83869F38B4BB19B] - (.WiseCleaner.com - Wise Care 365 Tray.) -- C:\Program Files\Wise\Wise Care 365\WiseTray.exe [1177224] [PID.1164]
[MD5.2ADA28EE2FA3375DDCC0040522DF0144] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432] [PID.1308]
[MD5.E47E66538692B1CFD6CC8021546FCC83] - (.Splashtop Inc. - Splashtop Connect Firefox Software Updater.) -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384] [PID.2372]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.2436]
[MD5.147C60622CB53E901EFD8BB6D44A4C46] - (.Splashtop Inc. - Splashtop Connect IE Software Updater Servi.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480] [PID.2456]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.2368]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.700]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.3404]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.1176]
[MD5.2B3F1432B255E79209DEEDF089AA9791] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\koko\My Documents\Downloads\Programs\ZHPDiag3.exe [1902080] [PID.1560]
[MD5.2B3F1432B255E79209DEEDF089AA9791] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\koko\My Documents\Downloads\Programs\ZHPDiag3.exe [1902080] [PID.1612]
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (3) - 0s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://ar.hao123.com/ =>PUP.Optional.Browser
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (5) - 2s
M0 - MFSP: prefs.js [koko - 69s3kxjx.default] http://www.linkzb.com
M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
P2 - EXT FILE: (...) -- C:\Documents and Settings\koko\Application Data\Mozilla\Firefox\Profiles\69s3kxjx.default\extensions\testpilot@labs.mozilla.com.xpi
P2 - EXT FILE: (...) -- C:\Documents and Settings\koko\Application Data\Mozilla\Firefox\Profiles\69s3kxjx.default\extensions\webnavigation@linkzb.com.xpi
P2 - FPN: [HKLM] [@hi.com/npxbdyy] - (.(c) Hi Ltd. All rights reserved..) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\npxbdyy.dll
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (9) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
---\\ Internet Explorer, Proxy Management (R5) (3) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Browser Helper Object (BHO) (O2) (1) - 0s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
---\\ Auto loading programs from Registry and folders (O4) (12) - 1s
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [F.lux] . (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe
O4 - HKCU\..\Run: [HiMEDIA] . (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [F.lux] . (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [HiMEDIA] . (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
---\\ Lop.com/Domain Hijackers (O17) (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (7) - 2s
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) . (.Splashtop Inc. - Splashtop Connect Firefox Software Updater.) - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) . (.Splashtop Inc. - Splashtop Connect IE Software Updater Servi.) - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com - Wise BootTime Service.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe
---\\ Task Planned Automatically (O39) (5) - 3s
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\avast! Emergency Update.job [360]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [882]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [886]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\Wise Care 365.job [396]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\Wise Turbo Checker.job [376]
---\\ Software installed (O42) (28) - 11s
O42 - Logiciel: Arabic School Software - DEMO v1.0 - (...) [HKLM] -- Arabic School Software - DEMO
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM] -- Avast
O42 - Logiciel: FastStone Capture 7.1 - (.FastStone Soft.) [HKLM] -- FastStone Capture
O42 - Logiciel: FastStone Photo Resizer 3.3 - (.FastStone Soft..) [HKLM] -- FastStone Photo Resizer
O42 - Logiciel: Gambit Chess - (.Media Contact LLC.) [HKLM] -- Gambit Chess_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: HiPlayer1.14.0.138 - (.http://www.hi-player.com.) [HKLM] -- HiPlayer
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Malek - (...) [HKLM] -- Malek
O42 - Logiciel: Mozilla Firefox 8.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0 (x86 en-US)
O42 - Logiciel: Paltalk Messenger 11.6 - (.AVM Software Inc..) [HKLM] -- Paltalk Messenger
O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM] -- USB Disk Security_is1
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 - (.Microsoft Corporation.) [HKLM] -- Wdf01009
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MPC-HC 1.6.8 - (.MPC-HC Team.) [HKLM] -- {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: ON_OFF Charge B11.0110.1 - (.GIGABYTE.) [HKLM] -- {3DECD372-76A1-4483-BF10-B547790A3261}
O42 - Logiciel: Splashtop Connect IE - (.Splashtop Inc..) [HKLM] -- {418D77E2-7B60-48F8-B016-30A32699EE74}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Splashtop Connect for Firefox - (.Splashtop Inc..) [HKLM] -- {D2BF4F2C-BDF3-41C3-8D38-185F6342EC47}
O42 - Logiciel: Wise Care 365 version 2.66 - (.WiseCleaner.com, Inc..) [HKLM] -- {E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: F.lux - (...) [HKCU] -- Flux
O42 - Logiciel: Hao123-Client - (.Baidu Online Network Technology (Beijing) Co., Ltd..) [HKCU] -- hao123desk
O42 - Logiciel: Winamp Detector Plug-in - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect
---\\ HKCU & HKLM Software Keys (69) - 11s
HKLM\SOFTWARE\8322898
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\ArabicSP Software
HKLM\SOFTWARE\AVAST Software
HKLM\SOFTWARE\Avira
HKLM\SOFTWARE\BrowserChoice
HKLM\SOFTWARE\C07ft5Y
HKLM\SOFTWARE\CDDB
HKLM\SOFTWARE\cFos
HKLM\SOFTWARE\CoreCodec
HKLM\SOFTWARE\Creative Tech
HKLM\SOFTWARE\Gemplus
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\Hi
HKLM\SOFTWARE\HideAllIP
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\Nullsoft
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Program Groups
HKLM\SOFTWARE\Realtek
HKLM\SOFTWARE\ReflexiveArcade
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\Schlumberger
HKLM\SOFTWARE\Splashtop Inc.
HKLM\SOFTWARE\TI.
HKLM\SOFTWARE\Windows 3.1 Migration Status
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\WiseCleaner
HKLM\SOFTWARE\X-AVCSD
HKLM\SOFTWARE\ZbshaLab
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\AVAST Software
HKCU\SOFTWARE\Avira
HKCU\SOFTWARE\Baidu
HKCU\SOFTWARE\CoreAAC
HKCU\SOFTWARE\DownloadCenter
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\ESET
HKCU\SOFTWARE\Flux
HKCU\SOFTWARE\Gabest
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\GrandMasterChess3
HKCU\SOFTWARE\HideAllIP
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\KasperskyLabSetup
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Media Research Group
HKCU\SOFTWARE\Michael Herf
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Paltalk
HKCU\SOFTWARE\pth264
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Splashtop Inc.
HKCU\SOFTWARE\Winamp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper
---\\ Contents of the Common Files folders (O43) (125) - 12s
O43 - CFD: 2015/07/10 22:22:21 - [] D -- C:\Program Files\ArabicSP Software
O43 - CFD: 2015/07/29 22:57:31 - [] D -- C:\Program Files\AVAST Software
O43 - CFD: 2015/07/04 03:50:19 - [] D -- C:\Program Files\Avira
O43 - CFD: 2015/07/25 15:50:14 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/06/27 07:17:09 - [] D -- C:\Program Files\FastStone Capture
O43 - CFD: 2015/06/29 03:29:20 - [] D -- C:\Program Files\FastStone Photo Resizer
O43 - CFD: 2015/07/24 22:50:15 - [] D -- C:\Program Files\GameTop.com
O43 - CFD: 2015/06/27 15:23:44 - [] D -- C:\Program Files\GIGABYTE
O43 - CFD: 2015/07/09 07:12:59 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/06/27 07:59:31 - [] D -- C:\Program Files\GUMFF.tmp
O43 - CFD: 2015/06/27 15:42:13 - [] D -- C:\Program Files\Hi
O43 - CFD: 2015/06/27 15:23:44 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2015/06/27 15:22:43 - [] D -- C:\Program Files\Intel
O43 - CFD: 2015/07/09 08:06:05 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 2015/06/27 15:16:08 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/08/07 17:51:10 - [] D -- C:\Program Files\Malek
O43 - CFD: 2015/06/27 15:06:02 - [] D -- C:\Program Files\microsoft frontpage
O43 - CFD: 2015/06/27 07:20:00 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2015/06/27 07:19:36 - [] D -- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 2015/06/27 07:19:52 - [] D -- C:\Program Files\Microsoft Works
O43 - CFD: 2015/07/10 22:32:47 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/06/27 15:03:40 - [] D -- C:\Program Files\Movie Maker
O43 - CFD: 2015/08/13 07:38:21 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/06/27 15:40:34 - [] D -- C:\Program Files\MPC-HC
O43 - CFD: 2015/06/27 15:17:13 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/06/27 15:02:04 - [] D -- C:\Program Files\MSN Gaming Zone
O43 - CFD: 2015/06/27 15:03:58 - [] D -- C:\Program Files\NetMeeting
O43 - CFD: 2015/06/27 15:04:33 - [] D -- C:\Program Files\Online Services
O43 - CFD: 2015/06/27 15:03:53 - [] D -- C:\Program Files\Outlook Express
O43 - CFD: 2015/06/30 10:22:48 - [] D -- C:\Program Files\Paltalk Messenger
O43 - CFD: 2015/06/27 15:21:11 - [] D -- C:\Program Files\Realtek
O43 - CFD: 2015/06/27 15:17:08 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/06/27 15:19:12 - [] D -- C:\Program Files\Splashtop
O43 - CFD: 2015/06/27 15:11:07 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/06/30 10:16:44 - [] D -- C:\Program Files\USB Disk Security
O43 - CFD: 2015/06/27 06:50:41 - [] D -- C:\Program Files\Winamp
O43 - CFD: 2015/06/27 06:50:27 - [] D -- C:\Program Files\Winamp Detect
O43 - CFD: 2015/06/27 15:05:46 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2015/06/27 15:01:55 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2015/06/27 15:04:37 - [0] HD -- C:\Program Files\WindowsUpdate
O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/07/19 07:45:29 - [] D -- C:\Program Files\Wise
O43 - CFD: 2015/06/27 15:06:02 - [] D -- C:\Program Files\xerox
O43 - CFD: 2015/06/27 15:02:55 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/27 15:05:52 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/08/08 15:09:46 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5 ME
O43 - CFD: 2015/07/10 22:22:23 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\ArabicSP Software
O43 - CFD: 2015/07/29 23:00:20 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
O43 - CFD: 2015/08/08 15:09:46 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\cFosSpeed تشكيل حركة المرور
O43 - CFD: 2015/06/27 07:17:09 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Capture
O43 - CFD: 2015/06/29 03:29:20 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Photo Resizer
O43 - CFD: 2015/06/27 15:02:33 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
O43 - CFD: 2015/07/25 08:49:47 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\GameTop.com
O43 - CFD: 2015/07/09 07:13:12 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
O43 - CFD: 2015/06/27 15:42:52 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\HiPlayer
O43 - CFD: 2015/06/28 03:19:43 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/06/27 07:21:12 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
O43 - CFD: 2015/06/27 15:40:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
O43 - CFD: 2015/06/27 07:55:41 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
O43 - CFD: 2015/06/30 10:16:45 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
O43 - CFD: 2015/06/27 06:50:36 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
O43 - CFD: 2015/07/19 07:45:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Care 365
O43 - CFD: 2015/07/25 15:35:40 - [] D -- C:\Documents and Settings\All Users\Application Data\Adobe
O43 - CFD: 2015/07/29 22:57:16 - [] D -- C:\Documents and Settings\All Users\Application Data\AVAST Software
O43 - CFD: 2015/07/04 03:50:19 - [] D -- C:\Documents and Settings\All Users\Application Data\Avira
O43 - CFD: 2015/07/19 12:47:08 - [] D -- C:\Documents and Settings\All Users\Application Data\cFos
O43 - CFD: 2015/06/27 15:42:56 - [] D -- C:\Documents and Settings\All Users\Application Data\Hi
O43 - CFD: 2015/06/27 06:52:41 - [0] D -- C:\Documents and Settings\All Users\Application Data\IDM
O43 - CFD: 2015/06/30 12:44:48 - [] SD -- C:\Documents and Settings\All Users\Application Data\Microsoft
O43 - CFD: 2015/07/29 22:14:04 - [] D -- C:\Documents and Settings\All Users\Application Data\PlayFirst
O43 - CFD: 2015/07/25 15:35:42 - [] D -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
O43 - CFD: 2015/07/11 09:39:15 - [] D -- C:\Documents and Settings\All Users\Application Data\RogueKiller
O43 - CFD: 2015/06/27 15:23:30 - [] D -- C:\Documents and Settings\All Users\Application Data\Splashtop
O43 - CFD: 2015/06/27 15:18:42 - [] HD -- C:\Documents and Settings\All Users\Application Data\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
O43 - CFD: 2015/07/25 15:35:40 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2015/06/27 07:19:56 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2015/06/27 15:20:50 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2015/07/04 03:49:55 - [] D -- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 2015/06/27 15:03:52 - [] D -- C:\Program Files\Common Files\MSSoap
O43 - CFD: 2015/06/27 07:56:23 - [] D -- C:\Program Files\Common Files\ODBC
O43 - CFD: 2015/06/27 15:03:56 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2015/06/27 07:56:18 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2015/06/27 07:19:24 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/06/30 10:20:35 - [] D -- C:\Program Files\Common Files\Windows Live
O43 - CFD: 2015/07/25 15:36:20 - [] D -- C:\Documents and Settings\koko\Application Data\Adobe
O43 - CFD: 2015/07/29 23:00:42 - [] D -- C:\Documents and Settings\koko\Application Data\AVAST Software
O43 - CFD: 2015/07/04 03:56:56 - [] D -- C:\Documents and Settings\koko\Application Data\Avira
O43 - CFD: 2015/06/27 15:43:18 - [] D -- C:\Documents and Settings\koko\Application Data\Baidu
O43 - CFD: 2015/08/13 15:25:10 - [] D -- C:\Documents and Settings\koko\Application Data\DMCache
O43 - CFD: 2015/06/29 03:29:30 - [] D -- C:\Documents and Settings\koko\Application Data\FastStone
O43 - CFD: 2015/07/29 22:21:13 - [] D -- C:\Documents and Settings\koko\Application Data\Gamelab
O43 - CFD: 2015/06/27 15:43:16 - [] D -- C:\Documents and Settings\koko\Application Data\Hi
O43 - CFD: 2015/06/27 15:11:09 - [] D -- C:\Documents and Settings\koko\Application Data\Identities
O43 - CFD: 2015/06/28 08:23:55 - [] D -- C:\Documents and Settings\koko\Application Data\IDM
O43 - CFD: 2015/07/24 18:11:53 - [] D -- C:\Documents and Settings\koko\Application Data\Macromedia
O43 - CFD: 2015/07/10 22:18:10 - [] D -- C:\Documents and Settings\koko\Application Data\Media Player Classic
O43 - CFD: 2015/08/07 09:26:00 - [] SD -- C:\Documents and Settings\koko\Application Data\Microsoft
O43 - CFD: 2015/06/27 15:32:51 - [] D -- C:\Documents and Settings\koko\Application Data\Mozilla
O43 - CFD: 2015/06/30 10:22:47 - [] D -- C:\Documents and Settings\koko\Application Data\Paltalk
O43 - CFD: 2015/07/29 22:14:04 - [] D -- C:\Documents and Settings\koko\Application Data\PlayFirst
O43 - CFD: 2015/06/27 15:18:41 - [] D -- C:\Documents and Settings\koko\Application Data\Splashtop
O43 - CFD: 2015/07/11 08:07:14 - [] D -- C:\Documents and Settings\koko\Application Data\Winamp
O43 - CFD: 2015/06/27 15:35:52 - [] D -- C:\Documents and Settings\koko\Application Data\WinRAR
O43 - CFD: 2015/08/13 23:37:26 - [] D -- C:\Documents and Settings\koko\Application Data\Wise Care 365
O43 - CFD: 2015/06/30 10:16:49 - [] D -- C:\Documents and Settings\koko\Application Data\Zbshareware Lab
O43 - CFD: 2015/08/14 00:06:56 - [] D -- C:\Documents and Settings\koko\Application Data\ZHP
O43 - CFD: 2015/08/07 17:19:10 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Adobe
O43 - CFD: 2015/06/29 03:29:30 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\FastStone
O43 - CFD: 2015/07/09 07:13:18 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Google
O43 - CFD: 2015/07/03 09:50:07 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Identities
O43 - CFD: 2015/07/16 02:42:34 - [] SD -- C:\Documents and Settings\koko\Local Settings\Application Data\Microsoft
O43 - CFD: 2015/06/27 15:32:47 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Mozilla
O43 - CFD: 2015/06/27 06:48:43 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Temp
O43 - CFD: 2015/07/16 02:43:02 - [0] D -- C:\Documents and Settings\koko\Local Settings\Application Data\WMTools Downloaded Files
O43 - CFD: 2015/06/27 15:11:18 - [] RD -- C:\Documents and Settings\koko\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/27 15:34:28 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Flux
O43 - CFD: 2015/06/27 15:42:58 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Hao123
O43 - CFD: 2015/06/28 03:19:43 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/06/30 10:22:52 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Paltalk Messenger
O43 - CFD: 2015/07/09 08:38:54 - [] RD -- C:\Documents and Settings\koko\Start Menu\Programs\Startup
O43 - CFD: 2015/06/27 06:50:27 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Winamp Detector Plug-in
O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\WinRAR
O43 - CFD: 2015/06/27 15:05:52 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/27 07:55:41 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Startup
---\\ System Drivers List (SDL) (O58) (57) - 58s
O58 - SDL:2009/11/17 16:16:00 A . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480]
O58 - SDL:2011/01/10 18:16:16 A . (...) -- C:\WINDOWS\System32\drivers\AppleCharger.sys [18544]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! HWID.) -- C:\WINDOWS\System32\drivers\aswHwid.sys [24016]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [76000]
O58 - SDL:2015/07/29 22:58:40 A . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [55200]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! Revert.) -- C:\WINDOWS\System32\drivers\aswRvrt.sys [49776]
O58 - SDL:2015/07/29 22:58:20 A . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\System32\drivers\aswSnx.sys [788784]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [433264]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! Stream Filter.) -- C:\WINDOWS\System32\drivers\aswStmXP.sys [161472]
O58 - SDL:2015/06/27 15:27:56 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\System32\drivers\aswTap.sys [35144]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [57888]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! VM Monitor.) -- C:\WINDOWS\System32\drivers\aswVmm.sys [208664]
O58 - SDL:2009/05/11 11:49:28 A . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\System32\drivers\avgntdd.sys [45416]
O58 - SDL:2010/02/16 13:24:01 A . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [60936]
O58 - SDL:2009/05/11 11:49:28 A . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [22360]
O58 - SDL:2010/03/01 09:05:24 A . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [124784]
O58 - SDL:2011/03/04 12:44:12 N . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see Px.) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [9072]
O58 - SDL:2011/03/04 12:44:12 N . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [9200]
O58 - SDL:2012/05/09 06:07:03 A . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\System32\drivers\cinemst2.sys [262528]
O58 - SDL:2012/05/09 06:07:03 A . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\System32\drivers\cpqdap01.sys [11776]
O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmboot.sys [799744]
O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\System32\drivers\dmio.sys [153344]
O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmload.sys [5888]
O58 - SDL:2008/04/14 05:00:00 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [144384]
O58 - SDL:2014/11/28 17:37:06 A . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\System32\drivers\idmtdi.sys [123360]
O58 - SDL:2010/04/20 17:42:38 RA . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [1917344]
O58 - SDL:2011/03/22 00:58:42 RA . (.Atheros Communications, Inc. - Atheros AR813x/AR815x PCI-E Ethernet Contro.) -- C:\WINDOWS\System32\drivers\l1c51x86.sys [65136]
O58 - SDL:2009/11/17 16:17:00 A . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\System32\drivers\Monfilt.sys [1395800]
O58 - SDL:2012/05/09 06:12:42 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys [13616]
O58 - SDL:2012/05/09 06:12:43 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys [5632]
O58 - SDL:2012/05/09 06:12:43 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mvxxmm.sys [13616]
O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\nikedrv.sys [12032]
O58 - SDL:2008/04/14 05:00:00 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\System32\drivers\ptilink.sys [17792]
O58 - SDL:2011/03/04 12:44:14 N . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\System32\drivers\PxHelp20.sys [45648]
O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\System32\drivers\rio8drv.sys [12032]
O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\riodrv.sys [12032]
O58 - SDL:2011/06/07 05:57:28 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [6353000]
O58 - SDL:2008/04/14 05:00:00 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\WINDOWS\System32\drivers\secdrv.sys [20480]
O58 - SDL:2009/05/11 09:12:49 A . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520]
O58 - SDL:2015/07/18 10:26:31 A . (...) -- C:\WINDOWS\System32\drivers\TrueSight.sys [35064]
O58 - SDL:2012/05/09 06:07:03 A . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\System32\drivers\tsbvcap.sys [21376]
O58 - SDL:2012/05/09 06:07:03 A . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys [58112]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ansi.sys [9029]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\himem.sys [4768]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\key01.sys [42809]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\keyboard.sys [42537]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos.sys [27866]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos404.sys [29146]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos411.sys [29370]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos412.sys [29274]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos804.sys [29146]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio.sys [33840]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio404.sys [34560]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio411.sys [35648]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio412.sys [35424]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio804.sys [34560]
---\\ Last modified or created user files (O61) (1) - 7s
O61 - LFC: 2015/08/07 09:42:58 A . (..) -- C:\Documents and Settings\koko\Application Data\IDM\DwnlData\koko\iLividSetup_110\iLividSetup.exe [116800] =>PUP.Optional.Bandoo
---\\ File Associations Shell Spawning (O67) (9) - 0s
O67 - Shell Spawning: <.bat>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O67 - Shell Spawning: <.js>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O67 - Shell Spawning: <.reg>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.scr>[HKLM\..\open\Command] (...) -- "%1" /S
---\\ Start Menu Internet (SMI) (O68) (13) - 1s
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
---\\ Search Browser Infection (SBI) (O69) (6) - 3s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com/
O69 - SBI: SearchScopes [HKCU] {24BAD8B5-E1F4-44b8-A40B-ECB0441B375E} - (Bing) - http://www.bing.com/
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com/
O69 - SBI: SearchScopes [HKCU] {7420FDA3-8E8D-4c8b-9A76-A17D0BCCF425} - (Yahoo) - http://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {96AD1988-2FFA-4a33-B2FE-F207363AD2BB} - (Google) - http://www.google.com/
O69 - SBI: SearchScopes [HKCU] {9AD09901-06DD-4DDD-A62D-6D2243B771AB} [DefaultScope] - (MyPlayCity) - http://start.myplaycity.com/
---\\ Search Svchost Services (SSS) (O83) (40) - 2s
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\WINDOWS\system32\appmgmts.dll [167936]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Logical Disk Manager service dll.) -- C:\WINDOWS\system32\dmserver.dll [23552]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - DHCP Client Service.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - .) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\System32\hidserv.dll [0]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [134144]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Network Connections Manager.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\WINDOWS\system32\mswsock.dll [245248]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Removable Storage Manager.) -- C:\WINDOWS\system32\ntmssvc.dll [435200]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Task Scheduler Engine.) -- C:\WINDOWS\system32\schedsvc.dll [192512]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\system32\ipnathlp.dll [330752]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - System Restore Service.) -- C:\WINDOWS\system32\srsvc.dll [171008]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [175616]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Wireless Zero Configuration Service.) -- C:\WINDOWS\system32\wzcsvc.dll [483328]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\WINDOWS\system32\advapi32.dll [617472]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\wmisvc.dll [144896]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Quarantine Agent Service Run-Time.) -- C:\WINDOWS\system32\qagentrt.dll [291328]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [22520]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\mspmsnsv.dll [52224]
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (9) - 46s
SS - Auto [2010/02/24 09:28:09] [ 135336] Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - Auto [2010/03/16 15:36:32] [ 267432] Avira AntiVir Guard (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - Demand [2010/04/06 16:30:38] [ 31272] AppleChargerSrv (AppleChargerSrv) . (...) - C:\WINDOWS\system32\AppleChargerSrv.exe
SR - Auto [2015/07/29 22:58:28] [ 146600] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - Auto [2015/07/09 07:12:43] [ 107848] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - Demand [2015/07/09 07:12:43] [ 107848] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - Auto [2011/03/23 21:37:18] [ 493384] Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
SR - Auto [2011/03/22 01:37:16] [ 497480] Splashtop Connect IE Software Updater Service (WCUService_STC_IE) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
SS - Auto [2013/04/25 18:12:00] [ 580232] Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe
---\\ Additional Scan (O88) (1) - 0s
C:\Documents and Settings\koko\Application Data\IDM\DwnlData\koko\iLividSetup_110\iLividSetup.exe =>PUP.Optional.Bandoo
---\\ Summary of the elements found on your workstation (2) - 0s
http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser
http://www.nicolascoolman.fr/adware-bandoo/ =>PUP.Optional.Bandoo
~ End of the scan, 9990 items in 221 seconds (509)(0)()
~ Run by koko (Administrator) (2015/08/14 00:06:24)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Documents and Settings\koko\Desktop\ZHPDiag.txt
~ Report: C:\Documents and Settings\koko\Application Data\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Normal (Normal boot)
Windows XP, 32-bit Service Pack 3 (Build 2600)
---\\ Internet Browsers (3) - 0s
GCIE: Google Chrome v44.0.2403.155
MFIE: Mozilla Firefox 8.0 (x86 en-US) v8.0
MSIE: Internet Explorer v8.0.6001.18702
---\\ System protection software (1) - 1s
Avast Free Antivirus v10.3.2223
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 15 Model 4 Stepping 3, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 2060.716 MB (38% free)
~ System Restore: Activé (Enable)
~ System drive C: has 17 GB free of 29 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: KOKO-91428864AB
~ User Name: koko
~ Logged in as Administrator
---\\ Enumeration of the disk units (4) - 0s
~ Drive C: has 17 GB free of 29 GB (System)
~ Drive D: has 16 GB free of 124 GB
~ Drive E: has 8 GB free of 124 GB
~ Drive F: has 151 GB free of 196 GB
---\\ State of the Windows Security Center (8) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
---\\ Search Generic System Files (22) - 0s
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) () -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) () -- C:\WINDOWS\System32\rundll32.exe [33280]
[MD5.4EC67FAB39F37626AD6D9895FC094ABF] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [919552]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [509440]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) () -- C:\WINDOWS\System32\drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [52352]
---\\ Process running (19) - 8s
[MD5.A97E144E84A665B22AE6E6A93E4DD465] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600] [PID.1588]
[MD5.EB7376A9F65736B659AAAF21F964BA89] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [141848] [PID.724]
[MD5.BD06FDEAC870D09856B965A88655D747] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [174104] [PID.712]
[MD5.756E7DACD8B6EDD26B8C62C2907CD845] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [144920] [PID.772]
[MD5.799450710D1B09FAF0D220B4DA3BF431] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776] [PID.868]
[MD5.A1F86A5A0DA1BEC12B7DD19C6234BB15] - (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe [966656] [PID.128]
[MD5.B86005C322AF3FEC2E0A8047760F9179] - (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe [2803128] [PID.812]
[MD5.ADE3D7AD36CA238C6D58E5E93392D2F8] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3903056] [PID.1056]
[MD5.178196930A0E1047D83869F38B4BB19B] - (.WiseCleaner.com - Wise Care 365 Tray.) -- C:\Program Files\Wise\Wise Care 365\WiseTray.exe [1177224] [PID.1164]
[MD5.2ADA28EE2FA3375DDCC0040522DF0144] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432] [PID.1308]
[MD5.E47E66538692B1CFD6CC8021546FCC83] - (.Splashtop Inc. - Splashtop Connect Firefox Software Updater.) -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384] [PID.2372]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.2436]
[MD5.147C60622CB53E901EFD8BB6D44A4C46] - (.Splashtop Inc. - Splashtop Connect IE Software Updater Servi.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480] [PID.2456]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.2368]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.700]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.3404]
[MD5.F820401D0D2754C3A78C707927058A41] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.1176]
[MD5.2B3F1432B255E79209DEEDF089AA9791] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\koko\My Documents\Downloads\Programs\ZHPDiag3.exe [1902080] [PID.1560]
[MD5.2B3F1432B255E79209DEEDF089AA9791] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\koko\My Documents\Downloads\Programs\ZHPDiag3.exe [1902080] [PID.1612]
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (3) - 0s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://ar.hao123.com/ =>PUP.Optional.Browser
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (5) - 2s
M0 - MFSP: prefs.js [koko - 69s3kxjx.default] http://www.linkzb.com
M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
P2 - EXT FILE: (...) -- C:\Documents and Settings\koko\Application Data\Mozilla\Firefox\Profiles\69s3kxjx.default\extensions\testpilot@labs.mozilla.com.xpi
P2 - EXT FILE: (...) -- C:\Documents and Settings\koko\Application Data\Mozilla\Firefox\Profiles\69s3kxjx.default\extensions\webnavigation@linkzb.com.xpi
P2 - FPN: [HKLM] [@hi.com/npxbdyy] - (.(c) Hi Ltd. All rights reserved..) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\npxbdyy.dll
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (9) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
---\\ Internet Explorer, Proxy Management (R5) (3) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Browser Helper Object (BHO) (O2) (1) - 0s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
---\\ Auto loading programs from Registry and folders (O4) (12) - 1s
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [F.lux] . (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe
O4 - HKCU\..\Run: [HiMEDIA] . (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [F.lux] . (...) -- C:\Documents and Settings\koko\Local Settings\Apps\F.lux\flux.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [HiMEDIA] . (.HiPlayer Inc. - HiPlayerPlayer.) -- C:\Program Files\Hi\HiPlayer\1.14.0.138\HiPlayer.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-527237240-1532298954-343818398-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
---\\ Lop.com/Domain Hijackers (O17) (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 208.67.222.123 208.67.220.123
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (7) - 2s
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) . (.Splashtop Inc. - Splashtop Connect Firefox Software Updater.) - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) . (.Splashtop Inc. - Splashtop Connect IE Software Updater Servi.) - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com - Wise BootTime Service.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe
---\\ Task Planned Automatically (O39) (5) - 3s
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\avast! Emergency Update.job [360]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [882]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [886]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\Wise Care 365.job [396]
O39 - APT: Orphean - (...) -- C:\WINDOWS\Tasks\Wise Turbo Checker.job [376]
---\\ Software installed (O42) (28) - 11s
O42 - Logiciel: Arabic School Software - DEMO v1.0 - (...) [HKLM] -- Arabic School Software - DEMO
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM] -- Avast
O42 - Logiciel: FastStone Capture 7.1 - (.FastStone Soft.) [HKLM] -- FastStone Capture
O42 - Logiciel: FastStone Photo Resizer 3.3 - (.FastStone Soft..) [HKLM] -- FastStone Photo Resizer
O42 - Logiciel: Gambit Chess - (.Media Contact LLC.) [HKLM] -- Gambit Chess_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: HiPlayer1.14.0.138 - (.http://www.hi-player.com.) [HKLM] -- HiPlayer
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Malek - (...) [HKLM] -- Malek
O42 - Logiciel: Mozilla Firefox 8.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0 (x86 en-US)
O42 - Logiciel: Paltalk Messenger 11.6 - (.AVM Software Inc..) [HKLM] -- Paltalk Messenger
O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM] -- USB Disk Security_is1
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 - (.Microsoft Corporation.) [HKLM] -- Wdf01009
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MPC-HC 1.6.8 - (.MPC-HC Team.) [HKLM] -- {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: ON_OFF Charge B11.0110.1 - (.GIGABYTE.) [HKLM] -- {3DECD372-76A1-4483-BF10-B547790A3261}
O42 - Logiciel: Splashtop Connect IE - (.Splashtop Inc..) [HKLM] -- {418D77E2-7B60-48F8-B016-30A32699EE74}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Splashtop Connect for Firefox - (.Splashtop Inc..) [HKLM] -- {D2BF4F2C-BDF3-41C3-8D38-185F6342EC47}
O42 - Logiciel: Wise Care 365 version 2.66 - (.WiseCleaner.com, Inc..) [HKLM] -- {E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: F.lux - (...) [HKCU] -- Flux
O42 - Logiciel: Hao123-Client - (.Baidu Online Network Technology (Beijing) Co., Ltd..) [HKCU] -- hao123desk
O42 - Logiciel: Winamp Detector Plug-in - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect
---\\ HKCU & HKLM Software Keys (69) - 11s
HKLM\SOFTWARE\8322898
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\ArabicSP Software
HKLM\SOFTWARE\AVAST Software
HKLM\SOFTWARE\Avira
HKLM\SOFTWARE\BrowserChoice
HKLM\SOFTWARE\C07ft5Y
HKLM\SOFTWARE\CDDB
HKLM\SOFTWARE\cFos
HKLM\SOFTWARE\CoreCodec
HKLM\SOFTWARE\Creative Tech
HKLM\SOFTWARE\Gemplus
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\Hi
HKLM\SOFTWARE\HideAllIP
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\Nullsoft
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Program Groups
HKLM\SOFTWARE\Realtek
HKLM\SOFTWARE\ReflexiveArcade
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\Schlumberger
HKLM\SOFTWARE\Splashtop Inc.
HKLM\SOFTWARE\TI.
HKLM\SOFTWARE\Windows 3.1 Migration Status
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\WiseCleaner
HKLM\SOFTWARE\X-AVCSD
HKLM\SOFTWARE\ZbshaLab
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\AVAST Software
HKCU\SOFTWARE\Avira
HKCU\SOFTWARE\Baidu
HKCU\SOFTWARE\CoreAAC
HKCU\SOFTWARE\DownloadCenter
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\ESET
HKCU\SOFTWARE\Flux
HKCU\SOFTWARE\Gabest
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\GrandMasterChess3
HKCU\SOFTWARE\HideAllIP
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\KasperskyLabSetup
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Media Research Group
HKCU\SOFTWARE\Michael Herf
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Paltalk
HKCU\SOFTWARE\pth264
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Splashtop Inc.
HKCU\SOFTWARE\Winamp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper
---\\ Contents of the Common Files folders (O43) (125) - 12s
O43 - CFD: 2015/07/10 22:22:21 - [] D -- C:\Program Files\ArabicSP Software
O43 - CFD: 2015/07/29 22:57:31 - [] D -- C:\Program Files\AVAST Software
O43 - CFD: 2015/07/04 03:50:19 - [] D -- C:\Program Files\Avira
O43 - CFD: 2015/07/25 15:50:14 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/06/27 07:17:09 - [] D -- C:\Program Files\FastStone Capture
O43 - CFD: 2015/06/29 03:29:20 - [] D -- C:\Program Files\FastStone Photo Resizer
O43 - CFD: 2015/07/24 22:50:15 - [] D -- C:\Program Files\GameTop.com
O43 - CFD: 2015/06/27 15:23:44 - [] D -- C:\Program Files\GIGABYTE
O43 - CFD: 2015/07/09 07:12:59 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/06/27 07:59:31 - [] D -- C:\Program Files\GUMFF.tmp
O43 - CFD: 2015/06/27 15:42:13 - [] D -- C:\Program Files\Hi
O43 - CFD: 2015/06/27 15:23:44 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2015/06/27 15:22:43 - [] D -- C:\Program Files\Intel
O43 - CFD: 2015/07/09 08:06:05 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 2015/06/27 15:16:08 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/08/07 17:51:10 - [] D -- C:\Program Files\Malek
O43 - CFD: 2015/06/27 15:06:02 - [] D -- C:\Program Files\microsoft frontpage
O43 - CFD: 2015/06/27 07:20:00 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2015/06/27 07:19:36 - [] D -- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 2015/06/27 07:19:52 - [] D -- C:\Program Files\Microsoft Works
O43 - CFD: 2015/07/10 22:32:47 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/06/27 15:03:40 - [] D -- C:\Program Files\Movie Maker
O43 - CFD: 2015/08/13 07:38:21 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/06/27 15:40:34 - [] D -- C:\Program Files\MPC-HC
O43 - CFD: 2015/06/27 15:17:13 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/06/27 15:02:04 - [] D -- C:\Program Files\MSN Gaming Zone
O43 - CFD: 2015/06/27 15:03:58 - [] D -- C:\Program Files\NetMeeting
O43 - CFD: 2015/06/27 15:04:33 - [] D -- C:\Program Files\Online Services
O43 - CFD: 2015/06/27 15:03:53 - [] D -- C:\Program Files\Outlook Express
O43 - CFD: 2015/06/30 10:22:48 - [] D -- C:\Program Files\Paltalk Messenger
O43 - CFD: 2015/06/27 15:21:11 - [] D -- C:\Program Files\Realtek
O43 - CFD: 2015/06/27 15:17:08 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/06/27 15:19:12 - [] D -- C:\Program Files\Splashtop
O43 - CFD: 2015/06/27 15:11:07 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/06/30 10:16:44 - [] D -- C:\Program Files\USB Disk Security
O43 - CFD: 2015/06/27 06:50:41 - [] D -- C:\Program Files\Winamp
O43 - CFD: 2015/06/27 06:50:27 - [] D -- C:\Program Files\Winamp Detect
O43 - CFD: 2015/06/27 15:05:46 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2015/06/27 15:01:55 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2015/06/27 15:04:37 - [0] HD -- C:\Program Files\WindowsUpdate
O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/07/19 07:45:29 - [] D -- C:\Program Files\Wise
O43 - CFD: 2015/06/27 15:06:02 - [] D -- C:\Program Files\xerox
O43 - CFD: 2015/06/27 15:02:55 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/27 15:05:52 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/08/08 15:09:46 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5 ME
O43 - CFD: 2015/07/10 22:22:23 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\ArabicSP Software
O43 - CFD: 2015/07/29 23:00:20 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
O43 - CFD: 2015/08/08 15:09:46 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\cFosSpeed تشكيل حركة المرور
O43 - CFD: 2015/06/27 07:17:09 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Capture
O43 - CFD: 2015/06/29 03:29:20 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Photo Resizer
O43 - CFD: 2015/06/27 15:02:33 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
O43 - CFD: 2015/07/25 08:49:47 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\GameTop.com
O43 - CFD: 2015/07/09 07:13:12 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
O43 - CFD: 2015/06/27 15:42:52 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\HiPlayer
O43 - CFD: 2015/06/28 03:19:43 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/06/27 07:21:12 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
O43 - CFD: 2015/06/27 15:40:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
O43 - CFD: 2015/06/27 07:55:41 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
O43 - CFD: 2015/06/30 10:16:45 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
O43 - CFD: 2015/06/27 06:50:36 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
O43 - CFD: 2015/07/19 07:45:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Care 365
O43 - CFD: 2015/07/25 15:35:40 - [] D -- C:\Documents and Settings\All Users\Application Data\Adobe
O43 - CFD: 2015/07/29 22:57:16 - [] D -- C:\Documents and Settings\All Users\Application Data\AVAST Software
O43 - CFD: 2015/07/04 03:50:19 - [] D -- C:\Documents and Settings\All Users\Application Data\Avira
O43 - CFD: 2015/07/19 12:47:08 - [] D -- C:\Documents and Settings\All Users\Application Data\cFos
O43 - CFD: 2015/06/27 15:42:56 - [] D -- C:\Documents and Settings\All Users\Application Data\Hi
O43 - CFD: 2015/06/27 06:52:41 - [0] D -- C:\Documents and Settings\All Users\Application Data\IDM
O43 - CFD: 2015/06/30 12:44:48 - [] SD -- C:\Documents and Settings\All Users\Application Data\Microsoft
O43 - CFD: 2015/07/29 22:14:04 - [] D -- C:\Documents and Settings\All Users\Application Data\PlayFirst
O43 - CFD: 2015/07/25 15:35:42 - [] D -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
O43 - CFD: 2015/07/11 09:39:15 - [] D -- C:\Documents and Settings\All Users\Application Data\RogueKiller
O43 - CFD: 2015/06/27 15:23:30 - [] D -- C:\Documents and Settings\All Users\Application Data\Splashtop
O43 - CFD: 2015/06/27 15:18:42 - [] HD -- C:\Documents and Settings\All Users\Application Data\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
O43 - CFD: 2015/07/25 15:35:40 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2015/06/27 07:19:56 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2015/06/27 15:20:50 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2015/07/04 03:49:55 - [] D -- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 2015/06/27 15:03:52 - [] D -- C:\Program Files\Common Files\MSSoap
O43 - CFD: 2015/06/27 07:56:23 - [] D -- C:\Program Files\Common Files\ODBC
O43 - CFD: 2015/06/27 15:03:56 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2015/06/27 07:56:18 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2015/06/27 07:19:24 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/06/30 10:20:35 - [] D -- C:\Program Files\Common Files\Windows Live
O43 - CFD: 2015/07/25 15:36:20 - [] D -- C:\Documents and Settings\koko\Application Data\Adobe
O43 - CFD: 2015/07/29 23:00:42 - [] D -- C:\Documents and Settings\koko\Application Data\AVAST Software
O43 - CFD: 2015/07/04 03:56:56 - [] D -- C:\Documents and Settings\koko\Application Data\Avira
O43 - CFD: 2015/06/27 15:43:18 - [] D -- C:\Documents and Settings\koko\Application Data\Baidu
O43 - CFD: 2015/08/13 15:25:10 - [] D -- C:\Documents and Settings\koko\Application Data\DMCache
O43 - CFD: 2015/06/29 03:29:30 - [] D -- C:\Documents and Settings\koko\Application Data\FastStone
O43 - CFD: 2015/07/29 22:21:13 - [] D -- C:\Documents and Settings\koko\Application Data\Gamelab
O43 - CFD: 2015/06/27 15:43:16 - [] D -- C:\Documents and Settings\koko\Application Data\Hi
O43 - CFD: 2015/06/27 15:11:09 - [] D -- C:\Documents and Settings\koko\Application Data\Identities
O43 - CFD: 2015/06/28 08:23:55 - [] D -- C:\Documents and Settings\koko\Application Data\IDM
O43 - CFD: 2015/07/24 18:11:53 - [] D -- C:\Documents and Settings\koko\Application Data\Macromedia
O43 - CFD: 2015/07/10 22:18:10 - [] D -- C:\Documents and Settings\koko\Application Data\Media Player Classic
O43 - CFD: 2015/08/07 09:26:00 - [] SD -- C:\Documents and Settings\koko\Application Data\Microsoft
O43 - CFD: 2015/06/27 15:32:51 - [] D -- C:\Documents and Settings\koko\Application Data\Mozilla
O43 - CFD: 2015/06/30 10:22:47 - [] D -- C:\Documents and Settings\koko\Application Data\Paltalk
O43 - CFD: 2015/07/29 22:14:04 - [] D -- C:\Documents and Settings\koko\Application Data\PlayFirst
O43 - CFD: 2015/06/27 15:18:41 - [] D -- C:\Documents and Settings\koko\Application Data\Splashtop
O43 - CFD: 2015/07/11 08:07:14 - [] D -- C:\Documents and Settings\koko\Application Data\Winamp
O43 - CFD: 2015/06/27 15:35:52 - [] D -- C:\Documents and Settings\koko\Application Data\WinRAR
O43 - CFD: 2015/08/13 23:37:26 - [] D -- C:\Documents and Settings\koko\Application Data\Wise Care 365
O43 - CFD: 2015/06/30 10:16:49 - [] D -- C:\Documents and Settings\koko\Application Data\Zbshareware Lab
O43 - CFD: 2015/08/14 00:06:56 - [] D -- C:\Documents and Settings\koko\Application Data\ZHP
O43 - CFD: 2015/08/07 17:19:10 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Adobe
O43 - CFD: 2015/06/29 03:29:30 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\FastStone
O43 - CFD: 2015/07/09 07:13:18 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Google
O43 - CFD: 2015/07/03 09:50:07 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Identities
O43 - CFD: 2015/07/16 02:42:34 - [] SD -- C:\Documents and Settings\koko\Local Settings\Application Data\Microsoft
O43 - CFD: 2015/06/27 15:32:47 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Mozilla
O43 - CFD: 2015/06/27 06:48:43 - [] D -- C:\Documents and Settings\koko\Local Settings\Application Data\Temp
O43 - CFD: 2015/07/16 02:43:02 - [0] D -- C:\Documents and Settings\koko\Local Settings\Application Data\WMTools Downloaded Files
O43 - CFD: 2015/06/27 15:11:18 - [] RD -- C:\Documents and Settings\koko\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/27 15:34:28 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Flux
O43 - CFD: 2015/06/27 15:42:58 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Hao123
O43 - CFD: 2015/06/28 03:19:43 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/06/30 10:22:52 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Paltalk Messenger
O43 - CFD: 2015/07/09 08:38:54 - [] RD -- C:\Documents and Settings\koko\Start Menu\Programs\Startup
O43 - CFD: 2015/06/27 06:50:27 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\Winamp Detector Plug-in
O43 - CFD: 2015/06/27 15:35:34 - [] D -- C:\Documents and Settings\koko\Start Menu\Programs\WinRAR
O43 - CFD: 2015/06/27 15:05:52 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/27 07:55:41 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Startup
---\\ System Drivers List (SDL) (O58) (57) - 58s
O58 - SDL:2009/11/17 16:16:00 A . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480]
O58 - SDL:2011/01/10 18:16:16 A . (...) -- C:\WINDOWS\System32\drivers\AppleCharger.sys [18544]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! HWID.) -- C:\WINDOWS\System32\drivers\aswHwid.sys [24016]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [76000]
O58 - SDL:2015/07/29 22:58:40 A . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [55200]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! Revert.) -- C:\WINDOWS\System32\drivers\aswRvrt.sys [49776]
O58 - SDL:2015/07/29 22:58:20 A . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\System32\drivers\aswSnx.sys [788784]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [433264]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! Stream Filter.) -- C:\WINDOWS\System32\drivers\aswStmXP.sys [161472]
O58 - SDL:2015/06/27 15:27:56 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\System32\drivers\aswTap.sys [35144]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [57888]
O58 - SDL:2015/07/29 22:58:41 A . (.AVAST Software - avast! VM Monitor.) -- C:\WINDOWS\System32\drivers\aswVmm.sys [208664]
O58 - SDL:2009/05/11 11:49:28 A . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\System32\drivers\avgntdd.sys [45416]
O58 - SDL:2010/02/16 13:24:01 A . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [60936]
O58 - SDL:2009/05/11 11:49:28 A . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [22360]
O58 - SDL:2010/03/01 09:05:24 A . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [124784]
O58 - SDL:2011/03/04 12:44:12 N . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see Px.) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [9072]
O58 - SDL:2011/03/04 12:44:12 N . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [9200]
O58 - SDL:2012/05/09 06:07:03 A . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\System32\drivers\cinemst2.sys [262528]
O58 - SDL:2012/05/09 06:07:03 A . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\System32\drivers\cpqdap01.sys [11776]
O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmboot.sys [799744]
O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\System32\drivers\dmio.sys [153344]
O58 - SDL:2008/04/14 05:00:00 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmload.sys [5888]
O58 - SDL:2008/04/14 05:00:00 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [144384]
O58 - SDL:2014/11/28 17:37:06 A . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\System32\drivers\idmtdi.sys [123360]
O58 - SDL:2010/04/20 17:42:38 RA . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [1917344]
O58 - SDL:2011/03/22 00:58:42 RA . (.Atheros Communications, Inc. - Atheros AR813x/AR815x PCI-E Ethernet Contro.) -- C:\WINDOWS\System32\drivers\l1c51x86.sys [65136]
O58 - SDL:2009/11/17 16:17:00 A . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\System32\drivers\Monfilt.sys [1395800]
O58 - SDL:2012/05/09 06:12:42 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys [13616]
O58 - SDL:2012/05/09 06:12:43 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys [5632]
O58 - SDL:2012/05/09 06:12:43 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mvxxmm.sys [13616]
O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\nikedrv.sys [12032]
O58 - SDL:2008/04/14 05:00:00 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\System32\drivers\ptilink.sys [17792]
O58 - SDL:2011/03/04 12:44:14 N . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\System32\drivers\PxHelp20.sys [45648]
O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\System32\drivers\rio8drv.sys [12032]
O58 - SDL:2012/05/09 06:07:03 A . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\riodrv.sys [12032]
O58 - SDL:2011/06/07 05:57:28 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [6353000]
O58 - SDL:2008/04/14 05:00:00 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\WINDOWS\System32\drivers\secdrv.sys [20480]
O58 - SDL:2009/05/11 09:12:49 A . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520]
O58 - SDL:2015/07/18 10:26:31 A . (...) -- C:\WINDOWS\System32\drivers\TrueSight.sys [35064]
O58 - SDL:2012/05/09 06:07:03 A . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\System32\drivers\tsbvcap.sys [21376]
O58 - SDL:2012/05/09 06:07:03 A . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys [58112]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ansi.sys [9029]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\himem.sys [4768]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\key01.sys [42809]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\keyboard.sys [42537]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos.sys [27866]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos404.sys [29146]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos411.sys [29370]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos412.sys [29274]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntdos804.sys [29146]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio.sys [33840]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio404.sys [34560]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio411.sys [35648]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio412.sys [35424]
O58 - SDL:2008/04/14 05:00:00 A . (...) -- C:\WINDOWS\System32\ntio804.sys [34560]
---\\ Last modified or created user files (O61) (1) - 7s
O61 - LFC: 2015/08/07 09:42:58 A . (..) -- C:\Documents and Settings\koko\Application Data\IDM\DwnlData\koko\iLividSetup_110\iLividSetup.exe [116800] =>PUP.Optional.Bandoo
---\\ File Associations Shell Spawning (O67) (9) - 0s
O67 - Shell Spawning: <.bat>
O67 - Shell Spawning: <.cpl>
O67 - Shell Spawning: <.cmd>
O67 - Shell Spawning: <.com>
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.reg>
O67 - Shell Spawning: <.scr>
---\\ Start Menu Internet (SMI) (O68) (13) - 1s
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
---\\ Search Browser Infection (SBI) (O69) (6) - 3s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com/
O69 - SBI: SearchScopes [HKCU] {24BAD8B5-E1F4-44b8-A40B-ECB0441B375E} - (Bing) - http://www.bing.com/
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com/
O69 - SBI: SearchScopes [HKCU] {7420FDA3-8E8D-4c8b-9A76-A17D0BCCF425} - (Yahoo) - http://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {96AD1988-2FFA-4a33-B2FE-F207363AD2BB} - (Google) - http://www.google.com/
O69 - SBI: SearchScopes [HKCU] {9AD09901-06DD-4DDD-A62D-6D2243B771AB} [DefaultScope] - (MyPlayCity) - http://start.myplaycity.com/
---\\ Search Svchost Services (SSS) (O83) (40) - 2s
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\WINDOWS\system32\appmgmts.dll [167936]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Logical Disk Manager service dll.) -- C:\WINDOWS\system32\dmserver.dll [23552]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - DHCP Client Service.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - .) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\System32\hidserv.dll [0]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [134144]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Network Connections Manager.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\WINDOWS\system32\mswsock.dll [245248]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Removable Storage Manager.) -- C:\WINDOWS\system32\ntmssvc.dll [435200]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Task Scheduler Engine.) -- C:\WINDOWS\system32\schedsvc.dll [192512]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\system32\ipnathlp.dll [330752]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - System Restore Service.) -- C:\WINDOWS\system32\srsvc.dll [171008]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [175616]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Wireless Zero Configuration Service.) -- C:\WINDOWS\system32\wzcsvc.dll [483328]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\WINDOWS\system32\advapi32.dll [617472]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\wmisvc.dll [144896]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Quarantine Agent Service Run-Time.) -- C:\WINDOWS\system32\qagentrt.dll [291328]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [22520]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\mspmsnsv.dll [52224]
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (9) - 46s
SS - Auto [2010/02/24 09:28:09] [ 135336] Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - Auto [2010/03/16 15:36:32] [ 267432] Avira AntiVir Guard (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - Demand [2010/04/06 16:30:38] [ 31272] AppleChargerSrv (AppleChargerSrv) . (...) - C:\WINDOWS\system32\AppleChargerSrv.exe
SR - Auto [2015/07/29 22:58:28] [ 146600] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - Auto [2015/07/09 07:12:43] [ 107848] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - Demand [2015/07/09 07:12:43] [ 107848] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - Auto [2011/03/23 21:37:18] [ 493384] Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
SR - Auto [2011/03/22 01:37:16] [ 497480] Splashtop Connect IE Software Updater Service (WCUService_STC_IE) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
SS - Auto [2013/04/25 18:12:00] [ 580232] Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe
---\\ Additional Scan (O88) (1) - 0s
C:\Documents and Settings\koko\Application Data\IDM\DwnlData\koko\iLividSetup_110\iLividSetup.exe =>PUP.Optional.Bandoo
---\\ Summary of the elements found on your workstation (2) - 0s
http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser
http://www.nicolascoolman.fr/adware-bandoo/ =>PUP.Optional.Bandoo
~ End of the scan, 9990 items in 221 seconds (509)(0)()