~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014) ~ Launched by lola (31/01/2014 12:19:05) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v32.0.1700.102 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel ~ Windows Partial Key : J2KVT Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software avast! Free Antivirus v9.0.2011 Windows Defender W8 ---\\ System optimization software ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Reader XI Java 7 Update 51 ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8077 MB (85% free) System Restore: Désactivé (Disabled) System drive C: has 236 GB (63%) free of 372 GB ---\\ Connection to the system mode ~ Computer Name: P-CHAN ~ User Name: lola ~ All Users Names: UpdatusUser, lola, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\lola\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\lola\AppData\Roaming\ ~ %Desktop% : C:\Users\lola\Desktop\ ~ %Favorites% : C:\Users\lola\Favorites\ ~ %LocalAppData% : C:\Users\lola\AppData\Local\ ~ %StartMenu% : C:\Users\lola\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 236 Go of 372 Go) D: Hard drive, Flash drive, Thumb drive (Free 505 Go of 538 Go) E: CD-ROM drive (Not Inserted) F: CD-ROM drive (Free 0 Go of 1 Go) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 40 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/01/2014 - 15:45:35.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736] [MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824] [MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/17239 ~ Mes musiques (My Musics) : 1/5404 ~ Mes Videos (My Videos) : 1/14716 ~ Mes Favoris (My Favorites) : 1/7 ~ Mes Documents (My Documents) : 1/6383 ~ Mon Bureau (My Desktop) : 1/14 ~ Menu demarrer (Programs) : 1/37 ~ Hidden Files: Scanned in 00mn 46s ---\\ Process running [MD5.C6D3BB61E24F66EB976C6CC55346B5F2] - (.ASUS - ASUS InstantOn.) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [1196416] [PID.3788] [MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.2248] [MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4496] [MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.4508] [MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.992] [MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.1484] [MD5.8C372DD07B681ADB379383342F4D1784] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.2628] [MD5.4860117DA2E6E9B300144902629B09AC] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896] [PID.2468] [MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5420] [MD5.7921D167440AF72DC11A3C4528132B12] - (.cyberlink - brs.) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78352] [PID.3992] [MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4616] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2432] [MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.5944] [MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.5828] [MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3164] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [cgbealecnakbhfoeeipcnoboempfkbjd] flash-Enhancer v.2.1 (Désactivé) =>Adware.FlashEnhancer G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Désactivé) ~ Google Browser: 21 Legitimates Filtered in 00mn 03s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.) ~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Desktop [Public]: Les Sims™ 3 Animaux & Cie.lnk . (.Electronic Arts, Inc. - Sims 3Launcher Starter Application.) -- D:\Sims 3 animaux\Game\Bin\Sims3Launcher.exe O4 - GS\Desktop [Public]: MuseScore.lnk . (...) -- C:\Program Files (x86)\MuseScore\bin\mscore.exe O4 - GS\Desktop [Public]: Vegas Pro 11.0.lnk . (.Sony Creative Software Inc. - Vegas Pro.) -- C:\Program Files (x86)\Sony\Vegas Pro 11.0\vegas110.exe O4 - GS\Desktop [Public]: Waves MAXXAudio.lnk . (...) -- C:\Program Files (x86)\Realtek\Audio\HDA\MaxxAudioControl64.exe (.not file.) O4 - GS\Desktop [Public]: 咎狗の血.lnk . (.Nitro+ - 咎狗の血.) -- D:\Togainu no chi\咎狗の血\togainunochi.exe O4 - GS\Program [Public]: Desktop.lnk - Orphan key O4 - GS\Desktop [UpdatusUser]: SILVER CHAOS.lnk . (...) -- D:\silver chaos\VividColor\SilverChaos\MainSystem.exe O4 - GS\QuickLaunch [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\QuickLaunch [lola]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\QuickLaunch [lola]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\QuickLaunch [lola]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lola\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [lola]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Program [lola]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Desktop [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\Desktop [lola]: DMMd.lnk . (.☆翼の夢★舞の城☆聯盟 - www.otomedream.com.) -- D:\dmmd\DRAMAtical Murder\DMMd_crack_for_ver110.exe O4 - GS\Desktop [lola]: DMMdREC.lnk . (.翼之梦舞之城联盟 - www.otomedream.com.) -- D:\dmmd reconnect\DRAMAtical Murder reconnect\DMMdrc_crack.exe O4 - GS\Desktop [lola]: MPC-HC x64.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files\MPC-HC\mpc-hc64.exe O4 - GS\Desktop [lola]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe O4 - GS\Desktop [lola]: SILVER CHAOS.lnk . (...) -- D:\silver chaos\VividColor\SilverChaos\MainSystem.exe ~ Global Startup: 69 Legitimates Filtered in 00mn 02s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe O4 - HKLM\..\Wow6432Node\Run: [ASUS InstantKey] . (.ASUS - Ikey_start.) -- C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [BDRegion] . (.cyberlink - brs.) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Orphan key ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C1BB2F-4B82-455B-9F22-453F05736930}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{D4C1BB2F-4B82-455B-9F22-453F05736930}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - AppInit_DLLs: . (...) - C:\Windows\system32\nvinitx.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Asus WebStorage Windows Service (Asus WebStorage Windows Service) . (.No owner - Asus WebStorage Windows Service.) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: 19 Legitimates Filtered in 00mn 07s ---\\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [RegistryDr_Start] (...) -- C:\Program Files (x86)\Registry Dr\RegistryDr.exe (.not file.) [0] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 07s ---\\ Software installed (O42) O42 - Logiciel: The Wolf Among Us - (...) [HKLM][64Bits] -- Steam App 250320 O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager O42 - Logiciel: 咎狗の血 - (...) [HKLM][64Bits] -- {F004C3DF-05BA-48AA-98E4-22A7F686AD1F} ~ Logic: 30 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AmiExt] =>Adware.FlashEnhancer [HKCU\Software\RegistryDrLanguage] [HKCU\Software\VividColor] [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager [HKLM\Software\Wow6432Node\supTab] [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager ~ Key Software: 272 Legitimates Filtered in 00mn 01s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 31/01/2014 - 03:10:13 - [0] ----D C:\Program Files (x86)\AmiExt =>Adware.FlashEnhancer O43 - CFD: 31/01/2014 - 03:10:59 - [0] ----D C:\Program Files (x86)\Registry Dr O43 - CFD: 31/01/2014 - 03:09:45 - [0,489] ----D C:\Program Files (x86)\SupTab O43 - CFD: 31/01/2014 - 03:08:49 - [0] ----D C:\ProgramData\IePluginService =>Trojan.SProtector O43 - CFD: 31/01/2014 - 02:16:08 - [0,471] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 31/01/2014 - 11:55:18 - [1,228] ----D C:\Users\lola\AppData\Roaming\newnext.me =>PUP.NextLive O43 - CFD: 31/01/2014 - 02:16:58 - [1,224] ----D C:\Users\lola\AppData\Local\genienext O43 - CFD: 28/01/2014 - 16:13:07 - [0] ----D C:\Users\lola\AppData\Local\PackageStaging O43 - CFD: 31/01/2014 - 02:20:41 - [0] ----D C:\Users\lola\AppData\Local\RegistryDR ~ Program Folder: 167 Legitimates Filtered in 00mn 28s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.D0C2AAA169EB4CC776367EE1FB353680] - 28/01/2014 - 15:23:45 ---A- . (...) -- C:\Windows\comsetup.log [1568] O44 - LFC:[MD5.A68BF8C7348172E2563EAF6CFD270336] - 28/01/2014 - 15:34:00 ---A- . (...) -- C:\Windows\WindowsUpdate (1).log [2025011] O44 - LFC:[MD5.312724D7BF502428A01F7AA7E3346A8B] - 28/01/2014 - 15:49:57 ---A- . (...) -- C:\Windows\System32\Drivers\RTWAVES30.dat [82944] O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 28/01/2014 - 15:51:43 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3426956] O44 - LFC:[MD5.788CB0D22F5924A29485140338999728] - 28/01/2014 - 15:59:51 ---A- . (...) -- C:\Windows\DtcInstall.log [4893] O44 - LFC:[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - 28/01/2014 - 16:01:43 ---A- . (...) -- C:\Windows\diagerr.xml [15243] O44 - LFC:[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - 28/01/2014 - 16:01:44 ---A- . (...) -- C:\Windows\diagwrn.xml [15243] O44 - LFC:[MD5.5ADC743C4B4473A628194048A90C464F] - 31/01/2014 - 02:17:48 ---A- . (...) -- C:\extensions.ini [76] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 31/01/2014 - 02:17:48 ---A- . (...) -- C:\extensions.sqlite [0] ~ Files: 90 Legitimates Filtered in 00mn 42s ---\\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.68F4EF5806069E04C3307E48BD1F3D12] - 28/01/2014 - 15:54:34 ---A- - C:\Windows\Prefetch\WIMSERV.EXE-E72A31F3.pf O45 - LFCP:[MD5.24A2091E06C2EB8FDE78F96475C8C5B9] - 28/01/2014 - 16:08:00 ---A- - C:\Windows\Prefetch\OOBELDR.EXE-FF0601A2.pf O45 - LFCP:[MD5.F35A348B6D30CF536F595638F8C57F15] - 28/01/2014 - 16:10:02 ---A- - C:\Windows\Prefetch\SETUPHOST.EXE-DAD1C30D.pf O45 - LFCP:[MD5.743634703B28EE19A072558751B8D470] - 28/01/2014 - 16:10:07 ---A- - C:\Windows\Prefetch\SETUPPLATFORM.EXE-3A7405C0.pf O45 - LFCP:[MD5.EB3F811A758D62C821BC2AED22B35D0F] - 28/01/2014 - 16:11:37 ---A- - C:\Windows\Prefetch\GENVALOBJ.EXE-034E3E42.pf O45 - LFCP:[MD5.A831DC7804F7909401F5A3802AA27842] - 28/01/2014 - 16:21:53 ---A- - C:\Windows\Prefetch\GFXUIEX.EXE-9CA5FF42.pf O45 - LFCP:[MD5.6BD9D0147EDE6278C0FD1763E6C7FCAD] - 29/01/2014 - 00:15:13 ---A- - C:\Windows\Prefetch\IMJPDCT.EXE-1C328E85.pf O45 - LFCP:[MD5.E55D5CC064F58E678C7072D847F5D07C] - 29/01/2014 - 00:15:16 ---A- - C:\Windows\Prefetch\IMEBROKER.EXE-09F9CB44.pf O45 - LFCP:[MD5.113F8FE5FEF62EA0FAF72658002C9581] - 29/01/2014 - 00:17:31 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf O45 - LFCP:[MD5.6DED5F484DEE0CC255847EA80D6D886E] - 29/01/2014 - 00:18:06 ---A- - C:\Windows\Prefetch\BULKOPERATIONHOST.EXE-1D031CC3.pf O45 - LFCP:[MD5.8C04627FA94846C008BF5D4C71CB987B] - 29/01/2014 - 17:17:23 ---A- - C:\Windows\Prefetch\MPC-HC64.EXE-C13A3A72.pf O45 - LFCP:[MD5.D5A2B4944D7336CCF1764AD5FCE50545] - 29/01/2014 - 17:57:28 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-1D400121.pf O45 - LFCP:[MD5.2CA7448FD22782FC074EB1225371B894] - 29/01/2014 - 22:47:41 ---A- - C:\Windows\Prefetch\DYNAMICLINKMEDIASERVER.EXE-53CA87A1.pf O45 - LFCP:[MD5.F6C919AAB8831F2D76A6964D4185A3D4] - 30/01/2014 - 02:21:50 ---A- - C:\Windows\Prefetch\DMMDRC_CRACK.EXE-53A33BC6.pf O45 - LFCP:[MD5.03664D7C4778A0C71F060D97E9FAC337] - 30/01/2014 - 17:58:05 ---A- - C:\Windows\Prefetch\MAINSYSTEM.EXE-2A18E96C.pf O45 - LFCP:[MD5.549568A0B6F330ED1A60BAF62A5F7BBC] - 31/01/2014 - 01:54:56 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-41AF7861.pf =>P2P.BitTorrent O45 - LFCP:[MD5.07F8C753A451A0CF4679B3AB40A9C323] - 31/01/2014 - 02:14:43 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER_UNI.EXE-08D9B947.pf =>Adware.Lollipop O45 - LFCP:[MD5.CF26EDA25C7925E7EACC851BD53D32A7] - 31/01/2014 - 02:14:59 ---A- - C:\Windows\Prefetch\REGISTRYDRSETUP_S.EXE-6BE10E85.pf O45 - LFCP:[MD5.6807162AB4E2AC71052AA913A3A9FFFD] - 31/01/2014 - 02:15:37 ---A- - C:\Windows\Prefetch\REGISTRYDR.EXE-B5AA38A1.pf O45 - LFCP:[MD5.443C6E30ED3E820AEE32C03C565BA8F8] - 31/01/2014 - 02:15:38 ---A- - C:\Windows\Prefetch\AMT_AWESOMEHP.EXE-5CEAE2A5.pf =>PUP.Awesomehp O45 - LFCP:[MD5.841F3D835B9DD7B2F5E6DD1BBFFB8763] - 31/01/2014 - 02:16:03 ---A- - C:\Windows\Prefetch\WPM.EXE-8C096E31.pf =>PUP.WpManager O45 - LFCP:[MD5.D85D57E7A8D1775B1BD42E9EFE7BFF66] - 31/01/2014 - 02:16:10 ---A- - C:\Windows\Prefetch\BHOENABLER.EXE-8A9E3100.pf O45 - LFCP:[MD5.4EC8770F711D78F1281D423F6DF5323E] - 31/01/2014 - 02:16:11 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-E58B8870.pf O45 - LFCP:[MD5.EF3EB3908F99BDCC8F93446056C9AB51] - 31/01/2014 - 02:16:13 ---A- - C:\Windows\Prefetch\MOBOGENIE_SETUP_2.1.37_506.EX-209A849E.pf =>PUP.Mobogenie O45 - LFCP:[MD5.EBD36A217D9230403ADE860D586EFCCC] - 31/01/2014 - 02:16:19 ---A- - C:\Windows\Prefetch\WPROTECTMANAGER.EXE-D98082CE.pf O45 - LFCP:[MD5.EC45E0497527D62339511512A4AB14DA] - 31/01/2014 - 02:17:05 ---A- - C:\Windows\Prefetch\MGADB.EXE-281F1F6B.pf O45 - LFCP:[MD5.469AF849DCB703A4AFFD43C141C9D081] - 31/01/2014 - 02:17:06 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-7EA50C05.pf =>PUP.Mobogenie O45 - LFCP:[MD5.8E4C1DB5207DAC911E96B20CD4482A14] - 31/01/2014 - 02:17:09 ---A- - C:\Windows\Prefetch\FEBUNDLE.EXE-A7E0778C.pf O45 - LFCP:[MD5.BB68097D47631FB1DCFDF65311A74839] - 31/01/2014 - 02:17:10 ---A- - C:\Windows\Prefetch\FLASHENHANCERINSTALLER.EXE-9F9264FD.pf O45 - LFCP:[MD5.1B6727A4543C254A8EDDD14CBF03261C] - 31/01/2014 - 02:17:57 ---A- - C:\Windows\Prefetch\LIGHTSPARK-0.5.3-WIN32.EXE-57EAC837.pf O45 - LFCP:[MD5.ECAD13365B100DEFD7C3F5F0257D2089] - 31/01/2014 - 02:36:23 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf O45 - LFCP:[MD5.CB460796605E9514310056803E5E3DC9] - 31/01/2014 - 02:40:51 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-8549B983.pf =>Adware.Lollipop O45 - LFCP:[MD5.80CA28F42A72BE09B2136325CCEF0D2A] - 31/01/2014 - 02:41:36 ---A- - C:\Windows\Prefetch\OLD_MGASSIST.EXE-4249EAA1.pf O45 - LFCP:[MD5.A1900661F585DCD686153BF04BC28E5B] - 31/01/2014 - 03:06:06 ---A- - C:\Windows\Prefetch\UPDATEMOBOGENIE.EXE-B1DE5CE4.pf =>PUP.Mobogenie O45 - LFCP:[MD5.B9DEEBB0C8356855BCE3EB3E3BCFEBD3] - 31/01/2014 - 03:06:23 ---A- - C:\Windows\Prefetch\DAEMONPROCESS.EXE-E4BDA2BB.pf O45 - LFCP:[MD5.88A302BC9F59BFF36A8B71D07C2CAD8E] - 31/01/2014 - 03:08:49 ---A- - C:\Windows\Prefetch\PLUGINSERVICE.EXE-2E241DB1.pf O45 - LFCP:[MD5.862DF7CD6EDE8A8ED4360020E1B9E0EB] - 31/01/2014 - 03:09:10 ---A- - C:\Windows\Prefetch\UNINST.EXE-AFC06609.pf O45 - LFCP:[MD5.85958A8C2F6922FF45002C73868CD38B] - 31/01/2014 - 03:09:13 ---A- - C:\Windows\Prefetch\MGASSIST.EXE-D2ABF8B3.pf O45 - LFCP:[MD5.BDE9955E09E1BFEB87F0734DD1902715] - 31/01/2014 - 03:10:12 ---A- - C:\Windows\Prefetch\AMISTORAGE.EXE-0E27F55F.pf O45 - LFCP:[MD5.D4915D8AF5F3E9B3662449483B072A57] - 31/01/2014 - 03:10:46 ---A- - C:\Windows\Prefetch\INSTACT.EXE-A82BFCAC.pf O45 - LFCP:[MD5.34BF285196A0FD08A3DA720C59AF3B5F] - 31/01/2014 - 03:10:58 ---A- - C:\Windows\Prefetch\XCOPY.EXE-85839ADD.pf O45 - LFCP:[MD5.707845F84871B6AA67FCB8778DD705EF] - 31/01/2014 - 03:31:23 ---A- - C:\Windows\Prefetch\BRS.EXE-CF01349B.pf O45 - LFCP:[MD5.45508BC6946DC772F0FF49392C227833] - 31/01/2014 - 03:31:23 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf O45 - LFCP:[MD5.804F6E74C3DF73F9DAB0C437247DAB85] - 31/01/2014 - 03:32:43 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf O45 - LFCP:[MD5.EA6939DFBBCC1A29ED8BA95B69B68545] - 31/01/2014 - 03:34:18 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf O45 - LFCP:[MD5.04947A77F6EBB351DDBEF3638A4DE8A4] - 31/01/2014 - 03:34:49 ---A- - C:\Windows\Prefetch\PfPre_76806de3.db O45 - LFCP:[MD5.EFEB94CF0938CA73C47C9FD761151314] - 31/01/2014 - 12:03:31 ---A- - C:\Windows\Prefetch\WD DRIVE UNLOCK.EXE-6D36B2B3.pf O45 - LFCP:[MD5.58F64571C1E42545802E84293405B6EE] - 31/01/2014 - 12:04:28 ---A- - C:\Windows\Prefetch\WGET.DAT-604A4BAD.pf O45 - LFCP:[MD5.B2BB80AEABCE566B512F9D37486BE5C9] - 31/01/2014 - 12:04:32 ---A- - C:\Windows\Prefetch\JRT.EXE-5E066B41.pf O45 - LFCP:[MD5.02B5A5AB64B77A6FA7C0D6FEC149E30D] - 31/01/2014 - 12:12:51 ---A- - C:\Windows\Prefetch\FC.EXE-A601B343.pf O45 - LFCP:[MD5.E8D46BAEAA8D768F8FA3959693C12E02] - 31/01/2014 - 12:13:29 ---A- - C:\Windows\Prefetch\CUT.DAT-0D44B436.pf O45 - LFCP:[MD5.1DE8FDFF6358374D76CF5992299EB915] - 31/01/2014 - 12:13:44 ---A- - C:\Windows\Prefetch\FIND.EXE-3298DC3B.pf O45 - LFCP:[MD5.23FE87B871BBFB214298581D344BFFE4] - 31/01/2014 - 12:14:28 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-8C6CD1AE.pf O45 - LFCP:[MD5.B746067403ABDF9FBF8DBD52935BDC97] - 31/01/2014 - 12:14:29 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-9D776983.pf O45 - LFCP:[MD5.8311E32373C9F8770B5372805EEBFB87] - 31/01/2014 - 12:17:35 ---A- - C:\Windows\Prefetch\JPNIME.EXE-59D7407E.pf ~ Prefetcher: 304 Legitimates Filtered in 00mn 03s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{1877fd0c-691a-11e3-be71-6c71d98539e2}\AutoRun\command. (...) -- G:\WD Drive Unlock.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1 ~ MWPS: 20 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 11/01/2014 - 16:38:34 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 11/01/2014 - 16:38:34 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] - 02/08/2012 - 04:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992] O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] ~ Drivers: 20 Legitimates Filtered in 00mn 03s ---\\ Last modified or created user files (O61) O61 - LFC: 04/07/2015 - 12:22:41 ---A- . (...) -- C:\Users\lola\Documents\DS & GBA\Ds\Lola\Pokemon Mystery Dungeon - Explorers of Time (EU) (M5)\2433-Pokemon Mystery Dungeon - Explorers of Time (EU) (M5).nds [134217728] O61 - LFC: 28/01/2014 - 12:21:53 ---A- . (...) -- C:\Users\lola\AppData\Local\Intel_Corporation\GfxUIEx.exe_Url_pid13cxzvy1ivbtinqdinsz1omfrwsew\8.15.10.3308\user.config [1913] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\bklg.npf [136968] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\cmt.npf [67] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\cpt.npf [18] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\date.npf [32] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\frames.npf [490348] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\script.npf [5794079] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\thum.npf [46682] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\tm.npf [21] O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\val.npf [1008672] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER09.BIN [27099] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER09.HIS [568096] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER10.BIN [27239] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER10.HIS [573404] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER11.BIN [26823] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER11.HIS [527854] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-6a.BIT [512] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7a.BIT [512] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7b.BIT [512] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-9.BIT [512] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\pam03.BIT [512] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Desktop.lnk [434] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Downloads.lnk [879] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Images.lnk [715] O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\RecentPlaces.lnk [383] O61 - LFC: 28/01/2014 - 12:25:13 ---A- . (...) -- C:\Users\lola\Searches\winrt--{S-1-5-21-201074216-106343273-3953965673-1002}-.searchconnector-ms [852] O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\MPC-HC\default.mpcpl [122] O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\Microsoft\IME\15.0\IMEJP\UserDict\imjp15cu.dic [266240] O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\Microsoft\IME\15.0\IMEJP\UserDict\imjp15cu.dic_bak [2] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER01.BIN [27050] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER01.HIS [364720] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER02.BIN [26766] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER02.HIS [175422] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER03.BIN [27042] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER03.HIS [177800] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-2.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector002.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector005.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector006.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector007.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector008.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector009.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector010.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector011.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector012.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector013.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector014a.BIT [512] O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector014b.BIT [512] O61 - LFC: 29/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\ONE PIECE 15th Anniversary BEST ALBUM\Tracklist.txt [1253] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\bklg.npf [148058] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\cmt.npf [47] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\cpt.npf [18] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\date.npf [32] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\frames.npf [385752] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\script.npf [5817312] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\thum.npf [46682] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\tm.npf [21] O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\val.npf [1012768] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\bklg.npf [151460] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\cmt.npf [66] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\cpt.npf [18] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\date.npf [32] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\frames.npf [484192] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\script.npf [5794113] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\thum.npf [46682] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\tm.npf [21] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\val.npf [1137696] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\bklg.npf [150316] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\cmt.npf [66] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\cpt.npf [18] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\date.npf [32] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\frames.npf [486244] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\script.npf [5794113] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\thum.npf [46682] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\tm.npf [21] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\val.npf [1112096] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\bklg.npf [150316] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\frames.npf [488296] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\script.npf [5794113] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\thum.npf [46682] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\val.npf [1095712] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\common\cqst.npf [6472972] O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\common\val.npf [1548320] O61 - LFC: 30/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-1.BIT [512] O61 - LFC: 30/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-10.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER04.BIN [27050] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER04.HIS [374816] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER05.BIN [27322] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER05.HIS [142146] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER07.BIN [27239] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER07.HIS [538250] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER12.BIN [27107] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER12.HIS [601576] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER13.BIN [27099] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER13.HIS [540038] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER16.BIN [26823] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER16.HIS [585672] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER31.BIN [26823] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER31.HIS [585672] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER99.BIN [27099] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER99.HIS [634890] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-11.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-12.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-4b.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-5b.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-6b.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7c.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-8.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector001.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector003.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector004.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\init.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\kurt02.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\kurt03.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\lorence02.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh001.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh002.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh003.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh004.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh005.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji001.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji002.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji003.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji004.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji005.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji006.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\pam02.BIT [512] O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\rag.BIT [512] O61 - LFC: 30/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\[HorribleSubs] Pupa - 04 [720p].mkv [57447617] O61 - LFC: 30/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\[HorribleSubs] Pupa - 04 [720p].mkv.torrent [4637] O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\.android\adbkey [1704] O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\.android\adbkey.pub [716] O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5] O61 - LFC: 31/01/2014 - 12:21:52 ---A- . (...) -- C:\Users\lola\AppData\Local\Google\Chrome\User Data\Local State [57875] O61 - LFC: 31/01/2014 - 12:22:13 ---A- . (...) -- C:\Users\lola\AppData\Local\RegistryDR\RegistryDr.exe_Url_tjtb5njljispwd0rqytn4c5hyzoj12gk\2.4.7.0\user.config [319] O61 - LFC: 31/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.cookie [3072] =>PUP.NextLive O61 - LFC: 31/01/2014 - 12:22:32 ---A- . (...) -- C:\Users\lola\AppData\Roaming\sp_data.sys [73] O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\AppData\Roaming\ZHP\Log.txt [16346] =>.Nicolas Coolman O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\AppData\Roaming\ZHP\TestsZHPDiag.txt [2801] =>.Nicolas Coolman O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\daemonprocess.txt [0] O61 - LFC: 31/01/2014 - 12:23:39 ---A- . (...) -- C:\Users\lola\Documents\RegistryDr\log.txt [23302] O61 - LFC: 31/01/2014 - 12:23:39 ---A- . (...) -- C:\Users\lola\Documents\RegistryDr\logerror.txt [807] O61 - LFC: 31/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\current.his [0] O61 - LFC: 31/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SYSTEM.BIN [8848] O61 - LFC: 31/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\lorence03.BIT [512] O61 - LFC: 31/01/2014 - 12:25:14 ---A- . (.Amônétízé Ltd.) -- C:\Users\lola\Videos\FlashPlayersetup__3873_i312099945_il155.exe [337960] ~ 27 Fichiers temporaires (Temporary files) ~ Files: 1633 Legitimates Filtered in 04mn 50s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (CKF) (O82) C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\Keygen By SkyHunters.exe C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\SonyVegasPro Patch By SkyHunters.exe C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\Keygen By SkyHunters.exe C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\SonyVegasPro Patch By SkyHunters.exe ~ Files: Scanned in 00mn 48s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576] [MD5.CEF11352FC03684CEAD72CAA1B34057B] [SPRF][31/01/2014] (...) -- C:\Users\lola\AppData\Local\Temp\fEBundle.exe [16138021] [MD5.AAA030DF2C7F689E7860DE127442EAC8] [SPRF][31/01/2014] (.Amônétízé Ltd - Installer.) -- C:\Users\lola\AppData\Local\Temp\FlashPlayersetup__3873_i312099945_il155.exe [337960] [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\lola\AppData\Local\Temp\Quarantine.exe [344355] [MD5.A3EFBD847A81424CB9CFE36161E6DB47] [SPRF][31/01/2014] (...) -- C:\Users\lola\AppData\Roaming\sp_data.sys [73] [MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][31/01/2014] (...) -- C:\Users\lola\Desktop\adwcleaner.exe [1166132] ~ Files: 8 Legitimates Filtered in 00mn 01s ---\\ MyComputer Name Space (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Legitimates Filtered in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 09/10/2012 243728 | (CLKMSVC10_38F51D56) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 19/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 10/12/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Demand 07/01/2014 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe SR - | Auto 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe SR - | Auto 25/01/2013 227456 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe SR - | Auto 11/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe SR - | Auto 31/10/2012 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 31/01/2014 493568 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager SR - | Auto 24/01/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: Scanned in 00mn 11s ---\\ Search Master Boot Record Infection (MBR)(O80) Run by lola at 31/01/2014 12:27:51 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by lola at 31/01/2014 12:27:53 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13030 - (25/01/2014) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 11 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 3 [HKLM\Software\Google\Chrome\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd] =>Adware.FlashEnhancer^ [HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NextLive =>PUP.NextLive^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^ C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd =>Adware.FlashEnhancer^ C:\Program Files (x86)\AmiExt =>Adware.FlashEnhancer^ C:\ProgramData\IePluginService =>Trojan.SProtector^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\lola\AppData\Roaming\newnext.me =>PUP.NextLive^ [HKCU\Software\AmiExt] =>Adware.FlashEnhancer^ [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ ~ Additionnel Scan: 236306 Items scanned in 00mn 47s ---\\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/40653881-adware-flashenhancer =>Adware.FlashEnhancer ~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp ~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive ~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager ~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop ~ MSI: 7 link(s) detected in 00mn 47s ~ 2968 Legitimates filtered by white list End of the scan (732 lines in 09mn 38s)(4)