Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2014.10.18.148 - Nicolas Coolman (18-10-2014)
~ Launched by DELL PC (03-02-2016 16:00:53)
~ Web site address : http://nicolascoolman.fr
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16438
MFIE: Mozilla Firefox 30.0
---\\ Windows product information
~ Langage: Anglais
Windows 8.1 Enterprise, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ System protection software
McAfee Security Scan Plus v3.11.266.3
Windows Defender W8 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Reader XI
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4000.2 MB (26% free)
System Restore: Activé (Enable)
System drive C: has 76 GB (62%) free of 120 GB
---\\ Connection to the system mode
~ Computer Name: DELL
~ User Name: DELL PC
~ All Users Names: said, DELL PC, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\DELL PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DELL PC\AppData\Roaming\
~ %Desktop% : C:\Users\DELL PC\Desktop\
~ %Favorites% : C:\Users\DELL PC\Favorites\
~ %LocalAppData% : C:\Users\DELL PC\AppData\Local\
~ %StartMenu% : C:\Users\DELL PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 76 Go of 120 Go)
D: Hard drive, Flash drive, Thumb drive (Free 98 Go of 173 Go)
E: Hard drive, Flash drive, Thumb drive (Free 101 Go of 172 Go)
G: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.06-01-2014 - 16:44:25.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06-01-2014 - 16:44:17.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22-08-2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22-08-2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22-08-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-2013 - 9:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22-08-2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22-08-2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.17-01-2014 - 20:57:41.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.17-01-2014 - 20:57:31.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10-03-2014 - 11:35:58.) -- C:\Windows\system32\Drivers\ntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30-09-2013 - 4:54:31.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22-08-2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 0/2
~ Mes musiques (My Musics) : 0/1
~ Mes Videos (My Videos) : 0/1
~ Mes Favoris (My Favorites) : 0/3
~ Mes Documents (My Documents) : 0/178
~ Mon Bureau (My Desktop) : 0/51
~ Menu demarrer (Programs) : 0/41
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- D:\افلام\RocketDock\gRocketDock.exe [495616] [PID.3508]
[MD5.B5622C1549F75A2E2312B59CE2293A09] - (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848] [PID.3540]
[MD5.549091E7C8387F8CAA7ABE620AF6F151] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_watch.exe [4026368] [PID.3600]
[MD5.ED254570323BB31DD0BFEB2434D175C9] - (.TechSmith Corporation - Snagit.) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe [7067464] [PID.3856]
[MD5.B977B08DD02BA559893C479BFF3AA2D2] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896608] [PID.3864]
[MD5.FAB335E6B371F764F6619239C2A190A3] - (...) -- C:\Users\DELL PC\AppData\Roaming\Ground.exe [534016] [PID.3880]
[MD5.38971D3E7F196D1B97EF935061ED5B53] - (.TechSmith Corporation - TechSmith HTML Help Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe [94024] [PID.2272]
[MD5.4F8879D0BA69C3632A481FAB5245F88A] - (.TechSmith Corporation - Snagit RPC Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe [89928] [PID.2024]
[MD5.6F487CD41FA0D9B8B2A7F69D6FD7FB80] - (.TechSmith Corporation - Snagit Editor.) -- C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe [7396680] [PID.1368]
[MD5.0A4A4263E41B2D879E20826DE5B6D524] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_hub.exe [1244160] [PID.3924]
[MD5.04186C74A660B7E29E1380F006BB849A] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_filetransfer.exe [4380672] [PID.744]
[MD5.760A8633A7AC682C020960F825431E4F] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_browser.exe [4938752] [PID.3832]
[MD5.087DE80E143D6A468F4A1DCE3DFC2918] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_central_control.exe [11057152] [PID.2224]
[MD5.681D0C1F19BD8817166E92E46A5E234D] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_monitor.exe [2422784] [PID.4108]
[MD5.EBAF0596F8423F89B099609D2A788980] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\gMediaFire Desktop.exe [5709312] [PID.4164]
[MD5.2C42883A4C3AA38A51B6984293999954] - (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_dialogs.exe [8341504] [PID.4748]
[MD5.1F751071E0484F2A050F2516BE5DBF4E] - (.Baidu.com, Inc. - spark.) -- C:\Program Files (x86)\baidu\Spark\SparkUpdate.exe [1371960] [PID.3960]
[MD5.FD5F799E81F27C728D3FF7D24750C874] - (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\spark.exe [982840] [PID.3520]
[MD5.1CEA2C2C9658D84A8E5E1207E1780E8C] - (.Arcai.com - NetCut Arp Spoof Application.) -- C:\Program Files (x86)\netcut\netcut.exe [897024] [PID.5380]
[MD5.6E2C6FA5AEA1061AB68523E7D522392B] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3929296] [PID.2512]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4428]
[MD5.16E1EA189D721E60D17D1BC8E0392702] - (.Google Inc. - Google Chrome.) -- C:\Users\DELL PC\AppData\Local\Google\Chrome\Application\gchrome.exe [815944] [PID.5856]
[MD5.45A1CA432B079FB439FCBA6285EF2C96] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe [277920] [PID.5980]
[MD5.7787F1E659DCDF85E47BBF374B502FAC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8113664] [PID.6932]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\DELL PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Snagit - [HKLM]{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - Snagit Add-in for Internet Explorer.) -- C:\Program Files (x86)\TechSmith\Snagit 10\dllx64\SnagitIEAddin64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Facebook.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe
O4 - GS\Desktop [Public]: Google.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe
~ Global Startup: 2 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [RocketDock] . (...) -- D:\افلام\RocketDock\gRocketDock.exe
O4 - HKCU\..\Run: [WebcamMaxAutoRun] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe
O4 - HKCU\..\Run: [NetBalancer] . (.SeriousBit - SeriousBit.NetBalancer.Tray.) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
O4 - HKCU\..\Run: [MediaFire Tray] . (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_watch.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [RocketDock] . (...) -- D:\افلام\RocketDock\gRocketDock.exe
O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [WebcamMaxAutoRun] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe
O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [NetBalancer] . (.SeriousBit - SeriousBit.NetBalancer.Tray.) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
O4 - HKUS\S-1-5-21-3306719117-2253334283-2767146145-1001\..\Run: [MediaFire Tray] . (...) -- C:\Users\DELL PC\AppData\Local\MediaFire Desktop\mf_watch.exe
~ Application: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B53D7E-972D-4C65-BEF1-B9C6D2C3AF13}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8437E88-CB66-431E-8DDA-AC8898F1A7F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{20B53D7E-972D-4C65-BEF1-B9C6D2C3AF13}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8437E88-CB66-431E-8DDA-AC8898F1A7F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: MediaFire NTFS Monitor (MF NTFS Monitor) . (...) - C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe
O23 - Service: Baidu PC Faster Mini Service (PCFasterMiniSvc) . (...) - C:\Users\DELL PC\AppData\Local\PCFMiniService\MiniService.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe
~ Services: 10 Legitimates Filtered in 00mn 19s
---\\ Task Planned Automatically (039)
[MD5.65C90A9B036731C9D1EBCEA9F301A9B9] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3582464] =>Trojan.AutoKMS
[MD5.1F751071E0484F2A050F2516BE5DBF4E] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files (x86)\baidu\Spark\SparkUpdate.exe [1371960]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 13s
---\\ Software installed (O42)
O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM][64Bits] -- Spark
O42 - Logiciel: Dirrect X11Beta - (.Creatormaster Dev.) [HKLM][64Bits] -- {AF52AC44-8AE8-44C4-83A4-F9921AB72B83}_is1
O42 - Logiciel: KingRoot 版本 3.1.0 - (.KingRoot.) [HKLM][64Bits] -- {FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1
O42 - Logiciel: Kingo ROOT version 1.4.3.2539 - (.Kingosoft Technology Ltd..) [HKLM][64Bits] -- {AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1
O42 - Logiciel: PESMix 2016 Patch V1.0 Full Bundesliga - (.FTP Patch.) [HKLM][64Bits] -- {44BB9BCE-8855-4FB4-B7E4-96402F76EF41}
~ Logic: 25 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Shell Labs]
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\CloudOPTInfo]
[HKLM\Software\Wow6432Node\FTP Patch]
[HKLM\Software\Wow6432Node\Ground]
[HKLM\Software\Wow6432Node\PCFMini]
[HKLM\Software\Wow6432Node\Shell Labs]
~ Key Software: 188 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 27-01-2016 - 14:09:55 - [] ----D C:\Program Files (x86)\baidu
O43 - CFD: 31-01-2016 - 23:34:46 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 27-01-2016 - 15:59:20 - [] ----D C:\Program Files (x86)\dzrepack games
O43 - CFD: 02-02-2016 - 12:21:27 - [] ----D C:\Program Files (x86)\Kingo ROOT
O43 - CFD: 02-02-2016 - 16:42:41 - [] ----D C:\Program Files (x86)\KingRoot
O43 - CFD: 27-01-2016 - 14:09:50 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 31-01-2016 - 23:34:46 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27-01-2016 - 14:44:33 - [] ----D C:\Users\DELL PC\AppData\Roaming\Baidu
O43 - CFD: 02-02-2016 - 12:21:23 - [] ----D C:\Users\DELL PC\AppData\Roaming\Kingosoft
O43 - CFD: 02-02-2016 - 16:09:36 - [] ----D C:\Users\DELL PC\AppData\Roaming\KingRoot
O43 - CFD: 27-01-2016 - 21:43:26 - [] ----D C:\Users\DELL PC\AppData\Roaming\Tencent =>Adware.TencentAddressBar
O43 - CFD: 02-02-2016 - 12:13:02 - [] ----D C:\Users\DELL PC\AppData\Local\Kingosoft
O43 - CFD: 31-01-2016 - 23:50:27 - [] ----D C:\Users\DELL PC\AppData\Local\PCFMiniService
~ Program Folder: 133 Legitimates Filtered in 00mn 01s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.5F23F2F936BDFAC90BB0A4970AD365CF] - 02-02-2016 - 12:15:13 ---A- . (.Google, inc - Android ADB API (WinUsb).) -- C:\AdbWinUsbApi.dll [60928]
O44 - LFC:[MD5.47A6EE3F186B2C2F5057028906BAC0C6] - 02-02-2016 - 12:15:13 ---A- . (.Google, inc - Android ADB API.) -- C:\AdbWinApi.dll [96256]
O44 - LFC:[MD5.68D1FF99334621ED5DF16C05427335F0] - 02-02-2016 - 12:15:13 -SH-- . (...) -- C:\gadb.exe [822840]
O44 - LFC:[MD5.88CCBAF4504EB6CFC60999CD208CB3F4] - 02-02-2016 - 14:30:29 ---A- . (...) -- C:\adb.exe [534016]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02-02-2016 - 14:30:29 ---A- . (...) -- C:\gadb.ico [0]
O44 - LFC:[MD5.0574AF96D86AD36CAEDFAA94D256C1F3] - 02-02-2016 - 15:21:24 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696]
O44 - LFC:[MD5.BBF824D518F5ABA9A26CD8928D6E0E0F] - 02-02-2016 - 16:14:06 -SH-- . (...) -- C:\gwinencrypt.exe [70656]
O44 - LFC:[MD5.D79BD66884E4F9FE04CFACAC81390F07] - 03-02-2016 - 12:55:06 ---A- . (...) -- C:\Ground.lnk [696]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 03-02-2016 - 12:55:27 ---A- . (...) -- C:\gwinencrypt.ico [0]
O44 - LFC:[MD5.FAB335E6B371F764F6619239C2A190A3] - 03-02-2016 - 12:55:27 ---A- . (...) -- C:\winencrypt.exe [534016]
O44 - LFC:[MD5.85C7AC41C921A24B23A01559717B968D] - 27-01-2016 - 13:24:03 ---A- . (...) -- C:\Windows\DtcInstall.log [2664]
O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 27-01-2016 - 13:40:41 ---A- . (...) -- C:\Windows\win.ini [167]
O44 - LFC:[MD5.3C32FF010F869BC184DF71290477384E] - 27-01-2016 - 13:43:46 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O44 - LFC:[MD5.AC86D930E25974F4B283F296FD97F816] - 27-01-2016 - 13:55:22 ---A- . (...) -- C:\Windows\System32\Drivers\BCM43142A0_001.001.011.0197.0229.hex [57575]
O44 - LFC:[MD5.8A63A03AE53A58DCD77C31B5DD1D591A] - 28-01-2016 - 11:23:36 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [118]
O44 - LFC:[MD5.0055B62657CE7561F68136FB1E54AFAC] - 28-01-2016 - 1:38:42 ---A- . (...) -- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat [401]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 29-01-2016 - 20:02:58 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.5D4A20B5FC5040A7722DD91BD5D9BD82] - 29-01-2016 - 20:02:59 ---A- . (...) -- C:\Windows\diagwrn.xml [2606]
~ Files: 73 Legitimates Filtered in 00mn 07s
---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:13-08-2013 - 0:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:28-01-2016 - 10:20:10 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [209056]
O58 - SDL:12-01-2016 - 18:37:03 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696]
O58 - SDL:08-12-2015 - 4:00:54 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [122160]
O58 - SDL:08-12-2015 - 4:00:58 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [214832]
O58 - SDL:08-12-2015 - 4:01:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [214832]
O58 - SDL:22-08-2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:22-08-2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:15-04-2012 - 22:32:14 ---A- . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\Drivers\wcmvcam64.sys [1071032]
~ Drivers: 53 Legitimates Filtered in 00mn 05s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.No owner - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.FAB335E6B371F764F6619239C2A190A3] [SPRF][28-01-2016] (...) -- C:\Users\DELL PC\AppData\Roaming\Ground.exe [534016]
[MD5.E6024207219D5C74178288E5A79FD23B] [SPRF][08-08-2009] (.Ada99.com - eBook Workshop.) -- C:\Users\DELL PC\Desktop\gmoyasar.exe [42532120]
[MD5.E0415F022DFE349DA589E99E1E0ABF76] [SPRF][28-01-2016] (...) -- C:\Users\DELL PC\Desktop\moyasar.exe [534016]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 14-11-2013 2251992 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe
SS - | Demand 01-12-2015 433760 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SS - | Demand 09-08-2015 288688 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 08-02-2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 02-12-2015 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe
SS - | Demand 12-01-2016 210416 | (MediaFire Desktop Updater Service) . (...) - C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe =>Adware.IncrediBar
SS - | Demand 06-06-2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 31-01-2016 534016 | (PCFasterMiniSvc) . (...) - C:\Users\DELL PC\AppData\Local\PCFMiniService\MiniService.exe
SS - | Demand 25-06-2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Demand 07-05-2014 1628352 | (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe
SS - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22-08-2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13-12-2015 82128 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28-07-2011 262144 | (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\AIPS.exe
SR - | Auto 01-12-2015 413280 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 01-12-2015 855648 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
SR - | Auto 09-08-2015 355232 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Demand 08-06-2015 625648 | (Lenovo EasyPlus Hotspot) . (.Lenovo.) - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
SR - | Auto 12-01-2016 456176 | (MF NTFS Monitor) . (...) - C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe
SR - | Auto 15-01-2016 145272 | (NetBalancerService) . (.SeriousBit.) - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
SR - | Auto 01-02-2016 97080 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe
SR - | Demand 10-07-1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10-07-1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 22s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (18-10-2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2
[HKLM\Software\Classes\AppID\BHO.DLL] =>Toolbar.Agent
C:\Users\DELL PC\AppData\Roaming\Tencent =>Adware.TencentAddressBar^
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
~ Additionnel Scan: 186978 Items scanned in 01mn 02s
---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/trojan-autokms =>Trojan.AutoKMS
http://nicolascoolman.fr/adware-tencentaddressbar =>Adware.TencentAddressBar
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
~ MSI: 4 link(s) detected in 00mn 00s
~ 596 Legitimates filtered by white list
End of the scan (439 lines in 02mn 49s)(0)