cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPDiag v2015.7.17.92 By Nicolas Coolman (2015/07/17)
~ Run by Administrator (Administrator) (2015/07/19 17:35:05)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Documents and Settings\Administrator\Desktop\ZHPDiag.txt
~ Report: C:\Documents and Settings\Administrator\Application Data\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Normal (Normal boot)
~ Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ Internet Browsers (2) - 0s
MFIE: Mozilla Firefox 39.0 (x86 en-US) v39.0
MSIE: Internet Explorer v8.0.6001.18702

---\\ System protection software (2) - 1s
Kaspersky Small Office Security v15.0.2.361
Malwarebytes Anti-Malware version 2.1.8.1057

---\\ System protection software (Superfluous) (1) - 1s
Ad-Aware Web Companion v2.0.1025.2130

---\\ Surveillance software (2) - 1s
Adobe Flash Player 18 NPAPI
Adobe Reader XI

---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 14 Stepping 12, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
~ Total physical RAM (KB): 2087288
~ System Restore: Activé (Enable)
~ System drive C: has 0 GB free of 20 GB

---\\ Connection to the system mode (3) - 0s
~ Computer Name: MEMATO-31240911
~ User Name: Administrator
~ Logged in as Administrator

---\\ Enumeration of the disk units (4) - 0s
~ Drive C: has 0 GB free of 20 GB (System)
~ Drive D: has 19 GB free of 20 GB
~ Drive E: has 19 GB free of 20 GB
~ Drive F: has 14 GB free of 16 GB

---\\ Search Generic System Files (22) - 1s
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) () -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) () -- C:\WINDOWS\System32\rundll32.exe [33280]
[MD5.A9FA95F0D7F511959AC721E4843E5967] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [919552]
[MD5.53A8857723277B1D6D5EE60A9F85B117] - (.Microsoft Corporation - Windows NT Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [509440]
[MD5.38D7B715504DA4741DF35E3594FE2099] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264]
[MD5.FB7DFD15D760AD339837A470F0E780D3] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [457472]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) () -- C:\WINDOWS\System32\drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [52352]

---\\ Process running (7) - 1s
[MD5.E7682B9CFC8BBC5FC08030F4467D5E3D] - (.Baidu, Inc. - Baidu PC Faster Service.) -- C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1713936] [PID.1500]
[MD5.D067432E2E9D9B2DA2F10287A56CD6B1] - (. - Viber.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [776400] [PID.992]
[MD5.FF7B65801373BEDD5A1530F6616CBF39] - (.Lavasoft Limited - .) -- C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792] [PID.348]
[MD5.D574391EF884BEC07FD63E11D81343A7] - (.Copyright © 2014 - SPWindowsService.) -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816] [PID.3040]
[MD5.E7682B9CFC8BBC5FC08030F4467D5E3D] - (.Baidu, Inc. - Baidu PC Faster Service.) -- C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1713936] [PID.5160]
[MD5.DC7B578A97F82AAB19906DAEB3693D1C] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3878480] [PID.3664]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.4132]

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (16) - 1s
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
P2 - FPN: [HKCU] [@iqiyi.com/npWebPlayer] - (.pps-webplayer-plugin.) -- C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll =>PUP.Optional.IQIYIVideo
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll
P2 - FPN: [HKLM] [@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098] - (.kaspersky.com.) -- C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com
P2 - FPN: [HKLM] [@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5] - (.kaspersky.com.) -- C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com
P2 - FPN: [HKLM] [@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E] - (.kaspersky.com.) -- C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.2.1] - (.VideoLAN.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (11) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

---\\ Internet Explorer, Proxy Management (R5) (3) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (1)

---\\ Browser Helper Object (BHO) (O2) (4) - 1s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} . (.Kaspersky Lab ZAO - Cumulative module contains VK, CB and OB pl.) -- C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} . (.Kaspersky Lab ZAO - Cumulative module contains VK, CB and OB pl.) -- C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} . (.Kaspersky Lab ZAO - Cumulative module contains VK, CB and OB pl.) -- C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll

---\\ Auto loading programs from Registry and folders (O4) (6) - 0s
O4 - HKCU\..\Run: [Viber] . (. - Viber.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1708537768-1897051121-1614895754-500\..\Run: [Viber] . (. - Viber.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe
O4 - HKUS\S-1-5-21-1708537768-1897051121-1614895754-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe

---\\ Lop.com/Domain Hijackers (O17) (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (6) - 1s
O23 - Service: Kaspersky Small Office Security Service 15.0.2 (AVP15.0.2) . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe
O23 - Service: LavasoftTcpService (LavasoftTcpService) . (.Lavasoft Limited - .) - C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe =>PUA.Loadshop
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Baidu PC Faster Service 5.1.0.0 (PCFasterSvc_{PCFaster_5.1.0.0}) . (.Baidu, Inc. - Baidu PC Faster Service.) - C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe
O23 - Service: IE Search Set (SearchProtectionService) . (.Copyright © 2014 - SPWindowsService.) - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe

---\\ Task Planned Automatically (O39) (3) - 1s
O39 - APT: Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [430]
O39 - APT: Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [830]
O39 - APT: Automatic Planified Task - (...) -- C:\WINDOWS\Tasks\Baidu PC Faster Update.job [372]

---\\ Software installed (O42) (30) - 8s
O42 - Logiciel: Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01. - (.Ricoh Company.) [HKLM] -- 4569969E1360D2854474C661EF9B4D54F143EB16
O42 - Logiciel: Adobe Flash Player 18 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM] -- Baidu PC Faster 5.1.0.0
O42 - Logiciel: Dell Wireless WLAN Card - (.Dell Inc..) [HKLM] -- Broadcom 802.11b Network Adapter
O42 - Logiciel: Conexant HDA D110 MDC V.92 Modem - (...) [HKLM] -- CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (...) [HKLM] -- HDMI
O42 - Logiciel: Kaspersky Small Office Security - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{33F9240D-1887-4FF9-8A6E-35F32A05A277}
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Malwarebytes Anti-Malware version 2.1.8.1057 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes Anti-Malware_is1
O42 - Logiciel: Mozilla Firefox 39.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 39.0 (x86 en-US)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Microsoft Fortran PowerStation 4.0 - (...) [HKLM] -- MSFortranPowerStation
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: WinRAR 5.10 beta 2 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: SetPoint - (.Logitech.) [HKLM] -- {2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}
O42 - Logiciel: Kaspersky Small Office Security - (.Kaspersky Lab.) [HKLM] -- {33F9240D-1887-4FF9-8A6E-35F32A05A277}
O42 - Logiciel: Broadcom 440x 10/100 Integrated Controller - (.Broadcom Corporation.) [HKLM] -- {612B9183-67A9-4B44-9877-2F059E35B86A}
O42 - Logiciel: Ad-Aware Web Companion - (.Lavasoft.) [HKLM] -- {88B10E3E-8911-4FAC-8663-CCF6E33C58B3}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: agederar - (.ryofward.) [HKLM] -- {9f58a80e-3c37-4557-0e9d-4857a20ed324}
O42 - Logiciel: SigmaTel Audio - (.SigmaTel.) [HKLM] -- {A462213D-EED4-42C2-9A60-7BDD4D4B0B17}
O42 - Logiciel: LavasoftTcpService - (.Lavasoft.) [HKLM] -- {A923CF0A-44D9-4357-B2E8-0A2352151A3C}
O42 - Logiciel: Adobe Reader XI (11.0.08) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}
O42 - Logiciel: Broadcom Management Programs - (.Broadcom Corporation.) [HKLM] -- {C99C0593-3B48-41D9-B42F-6E035B320449}
O42 - Logiciel: Digital Line Detect - (.BVRP Software, Inc.) [HKLM] -- {E646DCF0-5A68-11D5-B229-002078017FBF}
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU] -- UnityWebPlayer
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent
O42 - Logiciel: Viber - (.Viber Media Inc.) [HKCU] -- Viber

---\\ HKCU & HKLM Software Keys (75) - 8s
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AdwCleaner
HKLM\SOFTWARE\Baidu Security
HKLM\SOFTWARE\Baidu_Drp_pos
HKLM\SOFTWARE\Broadcom
HKLM\SOFTWARE\BrowserChoice
HKLM\SOFTWARE\BVRP Software, Inc
HKLM\SOFTWARE\C07ft5Y
HKLM\SOFTWARE\CAPCOM
HKLM\SOFTWARE\Conexant
HKLM\SOFTWARE\Creative Tech
HKLM\SOFTWARE\CXT
HKLM\SOFTWARE\CyberGhost
HKLM\SOFTWARE\Dell Computer Corporation
HKLM\SOFTWARE\DtsEncodeTools
HKLM\SOFTWARE\Gemplus
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\InstalledOptions
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\KasperskyLab
HKLM\SOFTWARE\Lavasoft
HKLM\SOFTWARE\Logitech
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Malwarebytes' Anti-Malware
HKLM\SOFTWARE\McAfee.com
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Program Groups
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\Schlumberger
HKLM\SOFTWARE\Secure
HKLM\SOFTWARE\SigmaTel
HKLM\SOFTWARE\Swearware
HKLM\SOFTWARE\TuneUp
HKLM\SOFTWARE\VideoLAN
HKLM\SOFTWARE\Windows 3.1 Migration Status
HKLM\SOFTWARE\WinRAR
HKCU\SOFTWARE\32850InstEnd
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\AOL
HKCU\SOFTWARE\Baidu Security
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Broadcom
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\Elaborate Bytes
HKCU\SOFTWARE\FlashGamesRockstarApp =>PUP.Optional.FlashGamesRockstar
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\iWebar-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\KasperskyLab
HKCU\SOFTWARE\Logitech
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\NoVooIT =>Trojan.Vonteera
HKCU\SOFTWARE\OB
HKCU\SOFTWARE\Object Browser-nv-ie =>PUP.Optional.ObjectBrowser
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\OperaOB
HKCU\SOFTWARE\PPStream
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\QyGameClient =>PUP.Optional.IQIYIVideo
HKCU\SOFTWARE\ryofward
HKCU\SOFTWARE\Sysinternals
HKCU\SOFTWARE\Unity
HKCU\SOFTWARE\Viber
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\Wget
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper

---\\ Contents of the Common Files folders (O43) (129) - 8s
O43 - CFD: 2015/05/10 23:16:27 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2015/07/14 03:10:44 - [] D -- C:\Program Files\baidu
O43 - CFD: 2015/05/16 21:09:08 - [] D -- C:\Program Files\Baidu Security
O43 - CFD: 2014/04/06 23:20:37 - [] D -- C:\Program Files\Broadcom
O43 - CFD: 2015/06/02 00:36:23 - [] D -- C:\Program Files\CAPCOM
O43 - CFD: 2015/07/18 21:44:43 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2014/04/05 16:32:54 - [0] D -- C:\Program Files\ComPlus Applications
O43 - CFD: 2014/04/09 21:00:56 - [] D -- C:\Program Files\CONEXANT
O43 - CFD: 2015/06/20 14:16:48 - [] D -- C:\Program Files\CyberGhost 5
O43 - CFD: 2015/05/16 18:20:14 - [] D -- C:\Program Files\Dell
O43 - CFD: 2014/04/06 23:19:26 - [] D -- C:\Program Files\DIFX
O43 - CFD: 2015/05/22 23:48:26 - [] D -- C:\Program Files\Elaborate Bytes
O43 - CFD: 2015/06/09 21:32:25 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/05/16 18:19:31 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2014/04/09 21:01:27 - [] D -- C:\Program Files\Intel
O43 - CFD: 2015/06/19 11:40:10 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 2015/06/10 11:56:59 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/06/20 14:01:56 - [] D -- C:\Program Files\Kaspersky Lab
O43 - CFD: 2015/06/10 12:03:39 - [] D -- C:\Program Files\Lavasoft
O43 - CFD: 2015/07/15 22:10:51 - [] D -- C:\Program Files\Malwarebytes Anti-Malware
O43 - CFD: 2014/04/05 20:05:38 - [] D -- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2014/04/05 16:39:15 - [] D -- C:\Program Files\microsoft frontpage
O43 - CFD: 2014/04/05 20:07:23 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2015/07/14 03:30:26 - [] D -- C:\Program Files\Microsoft Silverlight
O43 - CFD: 2014/04/05 20:07:22 - [] D -- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 2015/07/14 22:48:13 - [] D -- C:\Program Files\Microsoft Toolkit Final
O43 - CFD: 2015/06/20 13:56:47 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2014/04/05 16:34:59 - [] D -- C:\Program Files\Movie Maker
O43 - CFD: 2015/07/04 12:49:40 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/07/04 21:45:46 - [] D -- C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 2015/06/20 13:45:54 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2014/04/05 16:32:22 - [] D -- C:\Program Files\MSN Gaming Zone
O43 - CFD: 2014/04/05 16:35:33 - [] D -- C:\Program Files\NetMeeting
O43 - CFD: 2014/04/05 16:36:31 - [] D -- C:\Program Files\Online Services
O43 - CFD: 2014/04/05 16:35:27 - [] D -- C:\Program Files\Outlook Express
O43 - CFD: 2015/05/16 21:09:21 - [] D -- C:\Program Files\PC Faster
O43 - CFD: 2015/06/20 13:45:46 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2014/04/09 21:26:40 - [] D -- C:\Program Files\SetPoint
O43 - CFD: 2014/04/09 21:30:44 - [] D -- C:\Program Files\SigmaTel
O43 - CFD: 2014/04/05 16:47:41 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/05/11 01:24:01 - [] D -- C:\Program Files\VideoLAN
O43 - CFD: 2014/04/05 16:38:45 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2014/04/05 16:32:06 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2014/04/05 16:36:38 - [0] HD -- C:\Program Files\WindowsUpdate
O43 - CFD: 2014/04/09 21:44:34 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2014/04/05 16:39:15 - [] D -- C:\Program Files\xerox
O43 - CFD: 2015/05/16 18:20:28 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
O43 - CFD: 2014/04/05 16:38:54 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/07/19 17:26:08 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 2014/04/09 20:58:08 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
O43 - CFD: 2015/05/16 18:20:14 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless
O43 - CFD: 2014/04/05 16:33:09 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
O43 - CFD: 2015/05/16 18:18:50 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/06/20 14:04:10 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Small Office Security
O43 - CFD: 2015/06/10 12:03:41 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
O43 - CFD: 2015/07/15 22:10:52 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
O43 - CFD: 2014/04/05 20:08:24 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
O43 - CFD: 2014/04/09 21:26:31 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\SetPoint
O43 - CFD: 2014/04/05 20:08:24 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
O43 - CFD: 2015/06/19 20:51:40 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
O43 - CFD: 2015/05/16 18:19:28 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
O43 - CFD: 2014/04/09 21:44:34 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
O43 - CFD: 2015/05/16 18:18:47 - [] D -- C:\Documents and Settings\All Users\Application Data\Adobe
O43 - CFD: 2015/06/20 14:09:34 - [] D -- C:\Documents and Settings\All Users\Application Data\Avira
O43 - CFD: 2015/05/16 21:09:49 - [] D -- C:\Documents and Settings\All Users\Application Data\Baidu
O43 - CFD: 2015/05/16 21:09:07 - [] D -- C:\Documents and Settings\All Users\Application Data\Baidu Security
O43 - CFD: 2015/05/16 21:40:48 - [] D -- C:\Documents and Settings\All Users\Application Data\BCloudScan_exe
O43 - CFD: 2015/06/10 11:58:11 - [] HD -- C:\Documents and Settings\All Users\Application Data\Common Files
O43 - CFD: 2014/04/09 22:23:50 - [0] D -- C:\Documents and Settings\All Users\Application Data\IDM
O43 - CFD: 2015/07/19 17:31:19 - [] D -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
O43 - CFD: 2015/06/10 11:46:10 - [] D -- C:\Documents and Settings\All Users\Application Data\Lavasoft
O43 - CFD: 2015/07/14 23:36:43 - [] D -- C:\Documents and Settings\All Users\Application Data\LocalStorage
O43 - CFD: 2015/07/15 22:10:46 - [] D -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
O43 - CFD: 2015/06/18 22:30:35 - [] D -- C:\Documents and Settings\All Users\Application Data\McAfee
O43 - CFD: 2014/04/09 22:22:19 - [] SD -- C:\Documents and Settings\All Users\Application Data\Microsoft
O43 - CFD: 2015/07/14 02:31:18 - [] D -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
O43 - CFD: 2014/04/09 23:03:02 - [] D -- C:\Documents and Settings\All Users\Application Data\Mozilla
O43 - CFD: 2015/07/14 21:48:48 - [] D -- C:\Documents and Settings\All Users\Application Data\Package Cache
O43 - CFD: 2015/05/16 21:10:35 - [] D -- C:\Documents and Settings\All Users\Application Data\PC Faster
O43 - CFD: 2015/07/14 03:26:24 - [] D -- C:\Documents and Settings\All Users\Application Data\QiYi
O43 - CFD: 2015/06/10 11:58:10 - [] D -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
O43 - CFD: 2015/06/10 11:58:29 - [] SHD -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 2015/05/10 23:17:05 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2014/04/05 20:07:40 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2014/04/09 21:26:12 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2014/04/09 21:26:31 - [] D -- C:\Program Files\Common Files\Logitech
O43 - CFD: 2014/04/05 20:08:10 - [] D -- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 2014/04/05 16:35:26 - [] D -- C:\Program Files\Common Files\MSSoap
O43 - CFD: 2014/04/05 19:17:48 - [] D -- C:\Program Files\Common Files\ODBC
O43 - CFD: 2014/04/05 16:35:31 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2014/04/05 19:17:43 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2015/07/14 03:29:07 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/05/16 18:18:46 - [] D -- C:\Documents and Settings\Administrator\Application Data\Adobe
O43 - CFD: 2015/07/14 03:10:22 - [] D -- C:\Documents and Settings\Administrator\Application Data\agederar
O43 - CFD: 2015/05/16 21:34:50 - [] D -- C:\Documents and Settings\Administrator\Application Data\Baidu
O43 - CFD: 2015/06/09 21:28:29 - [] D -- C:\Documents and Settings\Administrator\Application Data\Charles
O43 - CFD: 2015/07/18 21:47:19 - [] D -- C:\Documents and Settings\Administrator\Application Data\DMCache
O43 - CFD: 2014/04/13 03:43:54 - [] D -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
O43 - CFD: 2014/04/05 16:47:46 - [] D -- C:\Documents and Settings\Administrator\Application Data\Identities
O43 - CFD: 2015/07/05 06:25:01 - [] D -- C:\Documents and Settings\Administrator\Application Data\IDM
O43 - CFD: 2014/04/06 06:32:05 - [] D -- C:\Documents and Settings\Administrator\Application Data\InstallShield
O43 - CFD: 2015/07/15 22:00:06 - [0] D -- C:\Documents and Settings\Administrator\Application Data\Lavasoft
O43 - CFD: 2014/04/09 21:26:50 - [] D -- C:\Documents and Settings\Administrator\Application Data\Logitech
O43 - CFD: 2014/04/09 22:22:11 - [] D -- C:\Documents and Settings\Administrator\Application Data\Macromedia
O43 - CFD: 2015/06/11 22:46:38 - [] SD -- C:\Documents and Settings\Administrator\Application Data\Microsoft
O43 - CFD: 2015/06/09 21:43:40 - [] D -- C:\Documents and Settings\Administrator\Application Data\Mozilla
O43 - CFD: 2015/06/09 21:22:42 - [] D -- C:\Documents and Settings\Administrator\Application Data\Unity
O43 - CFD: 2015/07/15 00:13:05 - [] D -- C:\Documents and Settings\Administrator\Application Data\uTorrent
O43 - CFD: 2015/07/19 17:16:07 - [] D -- C:\Documents and Settings\Administrator\Application Data\ViberPC
O43 - CFD: 2015/07/12 17:28:42 - [] D -- C:\Documents and Settings\Administrator\Application Data\vlc
O43 - CFD: 2014/04/09 22:13:19 - [] D -- C:\Documents and Settings\Administrator\Application Data\WinRAR
O43 - CFD: 2015/07/19 17:35:13 - [] D -- C:\Documents and Settings\Administrator\Application Data\ZHP
O43 - CFD: 2015/06/18 22:42:26 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
O43 - CFD: 2015/06/09 21:32:08 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
O43 - CFD: 2014/09/23 03:11:05 - [] SD -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
O43 - CFD: 2014/04/05 20:05:11 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
O43 - CFD: 2014/04/09 23:03:08 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
O43 - CFD: 2015/06/09 21:03:14 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
O43 - CFD: 2015/07/19 17:16:03 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber
O43 - CFD: 2014/04/05 16:47:52 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
O43 - CFD: 2015/07/18 21:39:17 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/05/16 21:09:53 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 2015/07/11 00:50:58 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Fortran PowerStation 4.0
O43 - CFD: 2015/05/16 18:18:50 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/07/14 23:32:32 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
O43 - CFD: 2014/04/09 21:44:34 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
O43 - CFD: 2014/04/05 16:38:54 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Accessories
O43 - CFD: 2015/07/19 17:26:08 - [] D -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 2014/04/05 19:16:58 - [] RD -- C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Startup

---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (11) - 1s
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\apphide [Key] . (...) -- C:\Program Files\baidu\baidu.exe
O53 - SMSR:HKLM\...\startupreg\Broadcom Wireless Manager UI [Key] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\WINDOWS\system32\WLTRAY.EXE
O53 - SMSR:HKLM\...\startupreg\CTFMON.EXE [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O53 - SMSR:HKLM\...\startupreg\SigmatelSysTrayApp [Key] . (...) -- %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (. - Viber.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe

---\\ System Drivers List (SDL) (O58) (67) - 7s
O58 - SDL:2006/11/21 09:25:44 RA . (.Broadcom Corporation - Broadcom Corporation NDIS 5.1 ethernet driv.) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys [45568]
O58 - SDL:2007/10/10 00:17:42 A . (.Broadcom Corp. - Broadcom 802.11 Network Adapter wireless dr.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS [1123328]
O58 - SDL:2007/10/10 00:17:40 A . (.CACE Technologies - npf.) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS [33664]
O58 - SDL:2015/03/31 14:22:52 A . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\System32\drivers\Bhbase.sys [46440]
O58 - SDL:2015/03/31 14:22:54 A . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\System32\drivers\BprotectEx.sys [113992]
O58 - SDL:2011/04/15 00:33:17 A . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\System32\drivers\cinemst2.sys [262528]
O58 - SDL:2015/06/23 22:10:53 A . (.Kaspersky Lab UK Ltd - Cryptographic Module.) -- C:\WINDOWS\System32\drivers\cm_km_w.sys [197864]
O58 - SDL:2011/04/15 00:33:17 A . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\System32\drivers\cpqdap01.sys [11776]
O58 - SDL:2008/04/14 20:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmboot.sys [799744]
O58 - SDL:2008/04/14 20:00:00 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\System32\drivers\dmio.sys [153344]
O58 - SDL:2008/04/14 20:00:00 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\drivers\dmload.sys [5888]
O58 - SDL:2008/04/14 20:00:00 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [144384]
O58 - SDL:2005/12/01 06:40:12 A . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys [192512]
O58 - SDL:2005/12/01 06:40:08 A . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys [669696]
O58 - SDL:2005/12/01 06:40:56 A . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys [936960]
O58 - SDL:2015/04/18 09:06:22 A . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\System32\drivers\idmtdi.sys [127224]
O58 - SDL:2007/03/31 02:34:14 A . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [5704672]
O58 - SDL:2015/06/23 22:11:23 A . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\kl1.sys [153784]
O58 - SDL:2015/06/23 22:11:24 A . (.Kaspersky Lab ZAO - Virtual Disk fre_wnet_x86.) -- C:\WINDOWS\System32\drivers\kldisk.sys [54640]
O58 - SDL:2015/06/23 22:11:07 A . (.Kaspersky Lab ZAO - Filter Core [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\klflt.sys [125656]
O58 - SDL:2015/06/30 22:52:11 A . (.Kaspersky Lab ZAO - KLHK [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\klhk.sys [43184]
O58 - SDL:2015/06/23 22:11:09 A . (.Kaspersky Lab ZAO - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\klif.sys [695992]
O58 - SDL:2013/04/19 10:44:54 A . (.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) -- C:\WINDOWS\System32\drivers\klim5.sys [36448]
O58 - SDL:2015/06/23 22:11:11 A . (.Kaspersky Lab ZAO - KLKBDFLT Keyboard Device Filter [fre_wnet_x.) -- C:\WINDOWS\System32\drivers\klkbdflt.sys [35696]
O58 - SDL:2015/06/23 22:11:12 A . (.Kaspersky Lab ZAO - KLMOUFLT Mouse Device Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\klmouflt.sys [35184]
O58 - SDL:2015/06/23 22:11:27 A . (.Kaspersky Lab ZAO - KLPD [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\klpd.sys [23920]
O58 - SDL:2014/11/06 17:36:28 A . (.Kaspersky Lab ZAO - Kaspersky TDI Filter [fre_wxp_x86].) -- C:\WINDOWS\System32\drivers\kltdf.sys [68808]
O58 - SDL:2015/06/23 22:11:28 A . (.Kaspersky Lab ZAO - Network filtering component [fre_wxp_x86].) -- C:\WINDOWS\System32\drivers\kltdi.sys [54328]
O58 - SDL:2015/06/23 22:11:28 A . (.Kaspersky Lab ZAO - KNEPS Power [fre_wxp_x86].) -- C:\WINDOWS\System32\drivers\kneps.sys [157240]
O58 - SDL:2005/12/20 22:53:44 A . (.Logitech, Inc. - Logitech PS2 Keyboard Filter Driver..) -- C:\WINDOWS\System32\drivers\L8042Kbd.SYS [13440]
O58 - SDL:2005/12/20 22:53:54 A . (.Logitech, Inc. - Logitech PS/2 Mouse Filter Driver..) -- C:\WINDOWS\System32\drivers\L8042MOU.SYS [55424]
O58 - SDL:2005/12/20 22:54:28 A . (.Logitech, Inc. - Logitech Filter Driver for Mouse Class..) -- C:\WINDOWS\System32\drivers\LMOUKE.sys [69376]
O58 - SDL:2015/06/18 08:41:36 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [23256]
O58 - SDL:2015/06/18 08:41:46 A . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [121560]
O58 - SDL:2015/07/19 17:16:30 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [98520]
O58 - SDL:2005/10/05 04:57:08 A . (.Conexant - Diagnostic Interface DRIVER.) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys [12544]
O58 - SDL:2011/04/15 00:43:35 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys [13616]
O58 - SDL:2011/04/15 00:43:35 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys [5632]
O58 - SDL:2011/04/15 00:43:36 A . (.Marvell Semiconductor Inc. - Marvell Aux NV Bridge DLL.) -- C:\WINDOWS\System32\drivers\mvxxmm.sys [13616]
O58 - SDL:2011/04/15 00:33:17 A . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\nikedrv.sys [12032]
O58 - SDL:2008/04/14 20:00:00 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\System32\drivers\ptilink.sys [17792]
O58 - SDL:2006/11/15 05:16:24 A . (.REDC - RICOH MMC Driver.) -- C:\WINDOWS\System32\drivers\rimmptsk.sys [32256]
O58 - SDL:2006/11/15 00:42:46 A . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\System32\drivers\rimsptsk.sys [43520]
O58 - SDL:2011/04/15 00:33:17 A . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\System32\drivers\rio8drv.sys [12032]
O58 - SDL:2011/04/15 00:33:17 A . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\System32\drivers\riodrv.sys [12032]
O58 - SDL:2006/11/14 22:35:20 A . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\System32\drivers\rixdptsk.sys [37376]
O58 - SDL:2008/04/14 20:00:00 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\WINDOWS\System32\drivers\secdrv.sys [20480]
O58 - SDL:2007/05/10 15:24:34 A . (.SigmaTel, Inc. - NDRC.) -- C:\WINDOWS\System32\drivers\sthda.sys [1222840]
O58 - SDL:2013/08/22 20:40:22 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\System32\drivers\tap0901.sys [35288]
O58 - SDL:2011/04/15 00:33:17 A . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\System32\drivers\tsbvcap.sys [21376]
O58 - SDL:2011/01/16 00:20:14 A . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\WINDOWS\System32\drivers\VClone.sys [30208]
O58 - SDL:2011/04/15 00:33:17 A . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys [58112]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ansi.sys [9029]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\himem.sys [4768]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\key01.sys [42809]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\keyboard.sys [42537]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntdos.sys [27866]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntdos404.sys [29146]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntdos411.sys [29370]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntdos412.sys [29274]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntdos804.sys [29146]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntio.sys [33840]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntio404.sys [34560]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntio411.sys [35648]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntio412.sys [35424]
O58 - SDL:2008/04/14 20:00:00 A . (...) -- C:\WINDOWS\System32\ntio804.sys [34560]

---\\ Last modified or created user files (O61) (17) - 48s
O61 - LFC: 2015/07/14 03:28:03 A . (..) -- C:\Documents and Settings\Administrator\TempWmicBatchFile.bat [0]
O61 - LFC: 2015/07/18 21:37:36 A . (.Swearware.) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe [5633411]
O61 - LFC: 2015/07/13 23:25:50 A . (..) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\pes 2010\cards\asas.bin [131072]
O61 - LFC: 2015/07/13 23:25:52 A . (..) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\pes 2010\cards\sasa.bin [131072]
O61 - LFC: 2015/07/14 03:26:56 A . (.Unity Technologies ApS.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe [644549]
O61 - LFC: 2015/07/16 06:14:53 A . (.Unity Technologies ApS.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\UnityBugReporter.exe [741664]
O61 - LFC: 2015/07/16 06:14:53 A . (.Unity Technologies ApS.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\UnityWebPlayerUpdate.exe [584992]
O61 - LFC: 2015/07/16 06:14:53 A . (.Unity Technologies ApS.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [971552]
O61 - LFC: 2015/07/14 23:04:22 A . (..) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin [85248]
O61 - LFC: 2015/07/19 17:31:11 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components2\idmcchandler2.dll [332824]
O61 - LFC: 2015/07/19 17:31:11 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components2\idmcchandler2_64.dll [460824]
O61 - LFC: 2015/07/19 17:31:12 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components2\idmmzcc.dll [34216]
O61 - LFC: 2015/07/19 17:31:12 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components2\idmmzcc64.dll [28512]
O61 - LFC: 2015/07/19 17:31:11 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components12\idmmzcc.dll [26648]
O61 - LFC: 2015/07/19 17:31:11 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components12\idmmzcc64.dll [31768]
O61 - LFC: 2015/07/19 17:31:11 A . (.Tonec Inc..) -- C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5\components\idmmzcc.dll [34216]
O61 - LFC: 2015/07/14 03:10:39 A . (..) -- C:\Documents and Settings\Administrator\Application Data\agederar\deernty.dll [127488]

---\\ File Associations Shell Spawning (O67) (10) - 1s
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

---\\ Start Menu Internet (SMI) (O68) (8) - 0s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe

---\\ Search Browser Infection (SBI) (O69) (10) - 9s
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.description", "iWebar"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.expi[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.valu[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledWithHash.[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_notBundledArr_.e[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_notBundledArr_.v[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_regBundledWithSo[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.name", "iWebar"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Administrator - l0cf6u4u.default-1434771663281] user_pref("extensions.crossrider.bic", "14e9206f303f1fdbd34138ca564b819d"); =>PUP.Optional.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/

---\\ Search Svchost Services (SSS) (O83) (40) - 2s
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\WINDOWS\system32\appmgmts.dll [167936]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Logical Disk Manager service dll.) -- C:\WINDOWS\system32\dmserver.dll [23552]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - DHCP Client Service.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - .) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\system32\hidserv.dll [21504]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [134144]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Network Connections Manager.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\WINDOWS\system32\mswsock.dll [245248]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Removable Storage Manager.) -- C:\WINDOWS\system32\ntmssvc.dll [435200]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Task Scheduler Engine.) -- C:\WINDOWS\system32\schedsvc.dll [192512]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\system32\ipnathlp.dll [330752]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - System Restore Service.) -- C:\WINDOWS\system32\srsvc.dll [171008]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [175616]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Wireless Zero Configuration Service.) -- C:\WINDOWS\system32\wzcsvc.dll [483328]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\WINDOWS\system32\advapi32.dll [617472]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\wmisvc.dll [144896]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Quarantine Agent Service Run-Time.) -- C:\WINDOWS\system32\qagentrt.dll [291328]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [22520]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\mspmsnsv.dll [52224]

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (9) - 22s
SS - Demand [2015/07/16 23:10:38] [ 268976] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - Auto [2015/06/23 22:07:56] [ 194000] Kaspersky Small Office Security Service 15.0.2 (AVP15.0.2) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe
SR - Auto [2015/06/08 13:58:00] [ 2751792] LavasoftTcpService (LavasoftTcpService) . (.Lavasoft Limited.) - C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
SS - Auto [2015/06/18 08:39:46] [ 1871160] (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - Auto [2015/06/18 08:39:50] [ 1133880] (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - Demand [2015/07/04 01:30:13] [ 148136] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - Auto [2015/05/13 16:25:12] [ 1713936] Baidu PC Faster Service 5.1.0.0 (PCFasterSvc_{PCFaster_5.1.0.0}) . (.Baidu, Inc..) - C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe
SR - Auto [2015/06/08 14:12:04] [ 19816] IE Search Set (SearchProtectionService) . (.Copyright © 2014.) - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
SS - Demand [2007/10/10 00:17:44] [ 24064] Dell Wireless WLAN Tray Service (wltrysvc) . (...) - C:\WINDOWS\system32\WLTRYSVC.EXE

---\\ Additional Scan (O88) (7) - 0s
HKLM\SYSTEM\CurrentControlSet\Services\LavasoftTcpService =>PUA.Loadshop
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe =>PUA.Loadshop
HKCU\SOFTWARE\FlashGamesRockstarApp =>PUP.Optional.FlashGamesRockstar
HKCU\SOFTWARE\iWebar-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\NoVooIT =>Trojan.Vonteera
HKCU\SOFTWARE\Object Browser-nv-ie =>PUP.Optional.ObjectBrowser
HKCU\SOFTWARE\QyGameClient =>PUP.Optional.IQIYIVideo

---\\ Summary of the elements found on your workstation (7) - 0s
http://www.nicolascoolman.fr/blog =>PUP.Optional.IQIYIVideo
http://www.nicolascoolman.fr/blog =>PUA.Loadshop
http://www.nicolascoolman.fr/blog =>PUP.Optional.FlashGamesRockstar
http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/trojan-vonteera/ =>Trojan.Vonteera
http://www.nicolascoolman.fr/pup-objectbrowser/ =>PUP.Optional.ObjectBrowser
http://www.nicolascoolman.fr/blog =>PUP.Optional.Monetization

~ End of the scan, 29887 items in 125 seconds (557)(0)()

Publicité


Signaler le contenu de ce document

Publicité