~ Report of ZHPDiag v2014.10.18.148 - Nicolas Coolman (18-10-2014) ~ Launched by DELL PC (03-02-2016 16:00:53) ~ Web site address : http://nicolascoolman.fr ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : New version available ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.16438 MFIE: Mozilla Firefox 30.0 ---\\ Windows product information ~ Langage: Anglais Windows 8.1 Enterprise, 64-bit (Build 9600) Windows Server License Manager Script : OK ---\\ System protection software McAfee Security Scan Plus v3.11.266.3 Windows Defender W8 (Deactivate) ---\\ System optimization software ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Reader XI ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4000.2 MB (26% free) System Restore: Activé (Enable) System drive C: has 76 GB (62%) free of 120 GB ---\\ Connection to the system mode ~ Computer Name: DELL ~ User Name: DELL PC ~ All Users Names: said, DELL PC, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\DELL PC\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\DELL PC\AppData\Roaming\ ~ %Desktop% : C:\Users\DELL PC\Desktop\ ~ %Favorites% : C:\Users\DELL PC\Favorites\ ~ %LocalAppData% : C:\Users\DELL PC\AppData\Local\ ~ %StartMenu% : C:\Users\DELL PC\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 76 Go of 120 Go) D: Hard drive, Flash drive, Thumb drive (Free 98 Go of 173 Go) E: Hard drive, Flash drive, Thumb drive (Free 101 Go of 172 Go) G: CD-ROM drive (Not Inserted) I: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.06-01-2014 - 16:44:25.) -- C:\Windows\Explorer.exe [2328872] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06-01-2014 - 16:44:17.) -- C:\Windows\System32\wininet.dll [2332160] [MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22-08-2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736] [MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22-08-2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22-08-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-2013 - 9:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22-08-2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22-08-2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.17-01-2014 - 20:57:41.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.17-01-2014 - 20:57:31.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.725EF69B2DBEB7B33280019A556201BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10-03-2014 - 11:35:58.) -- C:\Windows\system32\Drivers\ntfs.sys [2008408] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30-09-2013 - 4:54:31.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22-08-2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 0/2 ~ Mes musiques (My Musics) : 0/1 ~ Mes Videos (My Videos) : 0/1 ~ Mes Favoris (My Favorites) : 0/3 ~ Mes Documents (My Documents) : 0/178 ~ Mon Bureau (My Desktop) : 0/51 ~ Menu demarrer (Programs) : 0/41 ~ Hidden Files: Scanned in 00mn 00s ---\\ Process running [MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- D:\افلام\RocketDock\gRocketDock.exe [495616] [PID.3508] [MD5.B5622C1549F75A2E2312B59CE2293A09] - (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848] [PID.3540] [MD5.549091E7C8387F8CAA7ABE620AF6F151] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_watch.exe [4026368] [PID.3600] [MD5.ED254570323BB31DD0BFEB2434D175C9] - (.TechSmith Corporation - Snagit.) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe [7067464] [PID.3856] [MD5.B977B08DD02BA559893C479BFF3AA2D2] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896608] [PID.3864] [MD5.FAB335E6B371F764F6619239C2A190A3] - (...) -- C:\Users\DELL PC\AppData\Roaming\Ground.exe [534016] [PID.3880] [MD5.38971D3E7F196D1B97EF935061ED5B53] - (.TechSmith Corporation - TechSmith HTML Help Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe [94024] [PID.2272] [MD5.4F8879D0BA69C3632A481FAB5245F88A] - (.TechSmith Corporation - Snagit RPC Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe [89928] [PID.2024] [MD5.6F487CD41FA0D9B8B2A7F69D6FD7FB80] - (.TechSmith Corporation - Snagit Editor.) -- C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe [7396680] [PID.1368] [MD5.0A4A4263E41B2D879E20826DE5B6D524] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_hub.exe [1244160] [PID.3924] [MD5.04186C74A660B7E29E1380F006BB849A] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_filetransfer.exe [4380672] [PID.744] [MD5.760A8633A7AC682C020960F825431E4F] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_browser.exe [4938752] [PID.3832] [MD5.087DE80E143D6A468F4A1DCE3DFC2918] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_central_control.exe [11057152] [PID.2224] [MD5.681D0C1F19BD8817166E92E46A5E234D] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_monitor.exe [2422784] [PID.4108] [MD5.EBAF0596F8423F89B099609D2A788980] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\gMediaFire Desktop.exe [5709312] [PID.4164] [MD5.2C42883A4C3AA38A51B6984293999954] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_dialogs.exe [8341504] [PID.4748] [MD5.1F751071E0484F2A050F2516BE5DBF4E] - (.Baidu.com, Inc. - spark.) -- C:\Program Files (x86)\baidu\Spark\SparkUpdate.exe [1371960] [PID.3960] [MD5.FD5F799E81F27C728D3FF7D24750C874] - (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\spark.exe [982840] [PID.3520] [MD5.1CEA2C2C9658D84A8E5E1207E1780E8C] - (.Arcai.com - NetCut Arp Spoof Application.) -- C:\Program Files (x86)\netcut\netcut.exe [897024] [PID.5380] [MD5.6E2C6FA5AEA1061AB68523E7D522392B] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3929296] [PID.2512] [MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4428] [MD5.16E1EA189D721E60D17D1BC8E0392702] - (.Google Inc. - Google Chrome.) -- C:\Users\DELL PC\AppData\Local\Google\Chrome\Application\gchrome.exe [815944] [PID.5856] [MD5.45A1CA432B079FB439FCBA6285EF2C96] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe [277920] [PID.5980] [MD5.7787F1E659DCDF85E47BBF374B502FAC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8113664] [PID.6932] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\DELL PC\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome Extension Folder ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Snagit - [HKLM]{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - Snagit Add-in for Internet Explorer.) -- C:\Program Files (x86)\TechSmith\Snagit 10\dllx64\SnagitIEAddin64.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: Facebook.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe O4 - GS\Desktop [Public]: Google.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe ~ Global Startup: 2 Legitimates Filtered in 00mn 03s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [RocketDock] . (...) -- D:\افلام\RocketDock\gRocketDock.exe O4 - HKCU\..\Run: [WebcamMaxAutoRun] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe O4 - HKCU\..\Run: [NetBalancer] . (.SeriousBit - SeriousBit.NetBalancer.Tray.) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe O4 - HKCU\..\Run: [MediaFire Tray] . (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_watch.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [RocketDock] . (...) -- D:\افلام\RocketDock\gRocketDock.exe O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [WebcamMaxAutoRun] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [NetBalancer] . (.SeriousBit - SeriousBit.NetBalancer.Tray.) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [MediaFire Tray] . (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_watch.exe ~ Application: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{20B53D7E-972D-4C65-BEF1-B9C6D2C3AF13}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D8437E88-CB66-431E-8DDA-AC8898F1A7F8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{20B53D7E-972D-4C65-BEF1-B9C6D2C3AF13}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{D8437E88-CB66-431E-8DDA-AC8898F1A7F8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: MediaFire NTFS Monitor (MF NTFS Monitor) . (...) - C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe O23 - Service: Baidu PC Faster Mini Service (PCFasterMiniSvc) . (...) - C:\Users\DELL PC\AppData\Local\PCFMiniService\MiniService.exe O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe ~ Services: 10 Legitimates Filtered in 00mn 19s ---\\ Task Planned Automatically (039) [MD5.65C90A9B036731C9D1EBCEA9F301A9B9] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3582464] =>Trojan.AutoKMS [MD5.1F751071E0484F2A050F2516BE5DBF4E] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files (x86)\baidu\Spark\SparkUpdate.exe [1371960] ~ Scheduled Task: 6 Legitimates Filtered in 00mn 13s ---\\ Software installed (O42) O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM][64Bits] -- Spark O42 - Logiciel: Dirrect X11Beta - (.Creatormaster Dev.) [HKLM][64Bits] -- {AF52AC44-8AE8-44C4-83A4-F9921AB72B83}_is1 O42 - Logiciel: KingRoot 版本 3.1.0 - (.KingRoot.) [HKLM][64Bits] -- {FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1 O42 - Logiciel: Kingo ROOT version 1.4.3.2539 - (.Kingosoft Technology Ltd..) [HKLM][64Bits] -- {AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1 O42 - Logiciel: PESMix 2016 Patch V1.0 Full Bundesliga - (.FTP Patch.) [HKLM][64Bits] -- {44BB9BCE-8855-4FB4-B7E4-96402F76EF41} ~ Logic: 25 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Baidu Security] [HKCU\Software\Baidu] [HKCU\Software\Shell Labs] [HKCU\Software\Tencent] =>Adware.TencentAddressBar [HKLM\Software\Wow6432Node\Baidu] [HKLM\Software\Wow6432Node\Baidu_Drp_pos] [HKLM\Software\Wow6432Node\CloudOPTInfo] [HKLM\Software\Wow6432Node\FTP Patch] [HKLM\Software\Wow6432Node\Ground] [HKLM\Software\Wow6432Node\PCFMini] [HKLM\Software\Wow6432Node\Shell Labs] ~ Key Software: 188 Legitimates Filtered in 00mn 01s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 27-01-2016 - 14:09:55 - [] ----D C:\Program Files (x86)\baidu O43 - CFD: 31-01-2016 - 23:34:46 - [] ----D C:\Program Files (x86)\Baidu Security O43 - CFD: 27-01-2016 - 15:59:20 - [] ----D C:\Program Files (x86)\dzrepack games O43 - CFD: 02-02-2016 - 12:21:27 - [] ----D C:\Program Files (x86)\Kingo ROOT O43 - CFD: 02-02-2016 - 16:42:41 - [] ----D C:\Program Files (x86)\KingRoot O43 - CFD: 27-01-2016 - 14:09:50 - [] ----D C:\ProgramData\Baidu O43 - CFD: 31-01-2016 - 23:34:46 - [] ----D C:\ProgramData\Baidu Security O43 - CFD: 27-01-2016 - 14:44:33 - [] ----D C:\Users\DELL PC\AppData\Roaming\Baidu O43 - CFD: 02-02-2016 - 12:21:23 - [] ----D C:\Users\DELL PC\AppData\Roaming\Kingosoft O43 - CFD: 02-02-2016 - 16:09:36 - [] ----D C:\Users\DELL PC\AppData\Roaming\KingRoot O43 - CFD: 27-01-2016 - 21:43:26 - [] ----D C:\Users\DELL PC\AppData\Roaming\Tencent =>Adware.TencentAddressBar O43 - CFD: 02-02-2016 - 12:13:02 - [] ----D C:\Users\DELL PC\AppData\Local\Kingosoft O43 - CFD: 31-01-2016 - 23:50:27 - [] ----D C:\Users\DELL PC\AppData\Local\PCFMiniService ~ Program Folder: 133 Legitimates Filtered in 00mn 01s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.5F23F2F936BDFAC90BB0A4970AD365CF] - 02-02-2016 - 12:15:13 ---A- . (.Google, inc - Android ADB API (WinUsb).) -- C:\AdbWinUsbApi.dll [60928] O44 - LFC:[MD5.47A6EE3F186B2C2F5057028906BAC0C6] - 02-02-2016 - 12:15:13 ---A- . (.Google, inc - Android ADB API.) -- C:\AdbWinApi.dll [96256] O44 - LFC:[MD5.68D1FF99334621ED5DF16C05427335F0] - 02-02-2016 - 12:15:13 -SH-- . (...) -- C:\gadb.exe [822840] O44 - LFC:[MD5.88CCBAF4504EB6CFC60999CD208CB3F4] - 02-02-2016 - 14:30:29 ---A- . (...) -- C:\adb.exe [534016] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02-02-2016 - 14:30:29 ---A- . (...) -- C:\gadb.ico [0] O44 - LFC:[MD5.0574AF96D86AD36CAEDFAA94D256C1F3] - 02-02-2016 - 15:21:24 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696] O44 - LFC:[MD5.BBF824D518F5ABA9A26CD8928D6E0E0F] - 02-02-2016 - 16:14:06 -SH-- . (...) -- C:\gwinencrypt.exe [70656] O44 - LFC:[MD5.D79BD66884E4F9FE04CFACAC81390F07] - 03-02-2016 - 12:55:06 ---A- . (...) -- C:\Ground.lnk [696] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 03-02-2016 - 12:55:27 ---A- . (...) -- C:\gwinencrypt.ico [0] O44 - LFC:[MD5.FAB335E6B371F764F6619239C2A190A3] - 03-02-2016 - 12:55:27 ---A- . (...) -- C:\winencrypt.exe [534016] O44 - LFC:[MD5.85C7AC41C921A24B23A01559717B968D] - 27-01-2016 - 13:24:03 ---A- . (...) -- C:\Windows\DtcInstall.log [2664] O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 27-01-2016 - 13:40:41 ---A- . (...) -- C:\Windows\win.ini [167] O44 - LFC:[MD5.3C32FF010F869BC184DF71290477384E] - 27-01-2016 - 13:43:46 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664] O44 - LFC:[MD5.AC86D930E25974F4B283F296FD97F816] - 27-01-2016 - 13:55:22 ---A- . (...) -- C:\Windows\System32\Drivers\BCM43142A0_001.001.011.0197.0229.hex [57575] O44 - LFC:[MD5.8A63A03AE53A58DCD77C31B5DD1D591A] - 28-01-2016 - 11:23:36 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [118] O44 - LFC:[MD5.0055B62657CE7561F68136FB1E54AFAC] - 28-01-2016 - 1:38:42 ---A- . (...) -- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat [401] O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 29-01-2016 - 20:02:58 ---A- . (...) -- C:\Windows\diagerr.xml [1908] O44 - LFC:[MD5.5D4A20B5FC5040A7722DD91BD5D9BD82] - 29-01-2016 - 20:02:59 ---A- . (...) -- C:\Windows\diagwrn.xml [2606] ~ Files: 73 Legitimates Filtered in 00mn 07s ---\\ Local Security Authority-LSA Deny (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:13-08-2013 - 0:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:28-01-2016 - 10:20:10 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [209056] O58 - SDL:12-01-2016 - 18:37:03 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696] O58 - SDL:08-12-2015 - 4:00:54 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [122160] O58 - SDL:08-12-2015 - 4:00:58 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [214832] O58 - SDL:08-12-2015 - 4:01:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [214832] O58 - SDL:22-08-2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:22-08-2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664] O58 - SDL:15-04-2012 - 22:32:14 ---A- . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\Drivers\wcmvcam64.sys [1071032] ~ Drivers: 53 Legitimates Filtered in 00mn 05s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.FAB335E6B371F764F6619239C2A190A3] [SPRF][28-01-2016] (...) -- C:\Users\DELL PC\AppData\Roaming\Ground.exe [534016] [MD5.E6024207219D5C74178288E5A79FD23B] [SPRF][08-08-2009] (.Ada99.com - eBook Workshop.) -- C:\Users\DELL PC\Desktop\gmoyasar.exe [42532120] [MD5.E0415F022DFE349DA589E99E1E0ABF76] [SPRF][28-01-2016] (...) -- C:\Users\DELL PC\Desktop\moyasar.exe [534016] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ MyComputer Name Space (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Legitimates Filtered in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 14-11-2013 2251992 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe SS - | Demand 01-12-2015 433760 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe SS - | Demand 09-08-2015 288688 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 08-02-2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 02-12-2015 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe SS - | Demand 12-01-2016 210416 | (MediaFire Desktop Updater Service) . (...) - C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe =>Adware.IncrediBar SS - | Demand 06-06-2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 31-01-2016 534016 | (PCFasterMiniSvc) . (...) - C:\Users\DELL PC\AppData\Local\PCFMiniService\MiniService.exe SS - | Demand 25-06-2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe SS - | Demand 07-05-2014 1628352 | (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe SS - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Demand 22-08-2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 13-12-2015 82128 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 28-07-2011 262144 | (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\AIPS.exe SR - | Auto 01-12-2015 413280 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe SR - | Auto 01-12-2015 855648 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe SR - | Auto 09-08-2015 355232 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe SR - | Demand 08-06-2015 625648 | (Lenovo EasyPlus Hotspot) . (.Lenovo.) - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe SR - | Auto 12-01-2016 456176 | (MF NTFS Monitor) . (...) - C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe SR - | Auto 15-01-2016 145272 | (NetBalancerService) . (.SeriousBit.) - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe SR - | Auto 01-02-2016 97080 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe SR - | Demand 10-07-1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10-07-1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe ~ Services: Scanned in 00mn 22s ---\\ Scan Additionnel (O88) Database Version : 13026 - (18-10-2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 2 [HKLM\Software\Classes\AppID\BHO.DLL] =>Toolbar.Agent C:\Users\DELL PC\AppData\Roaming\Tencent =>Adware.TencentAddressBar^ C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^ [HKCU\Software\Tencent] =>Adware.TencentAddressBar^ ~ Additionnel Scan: 186978 Items scanned in 01mn 02s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Summary of the detections found on your workstation http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS http://nicolascoolman.fr/adware-tencentaddressbar =>Adware.TencentAddressBar http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent ~ MSI: 4 link(s) detected in 00mn 00s ~ 596 Legitimates filtered by white list End of the scan (439 lines in 02mn 49s)(0)