~ Report of ZHPDiag v2015.2.27.24 - Nicolas Coolman (27/02/2015) ~ Launched by Owner (12/04/2015 8:43:43 PM) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : New version available ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.17420 MFIE: Mozilla Firefox 14.0.1 ---\\ Windows product information ~ Langage: Anglais Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\\ System protection software Avast Free Antivirus v10.0.2208 Malwarebytes Anti-Malware version 2.0.2.1012 Windows Defender W7 (Activate) ---\\ System optimization software ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 16 NPAPI Adobe Reader XI ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6141.1 MB (64% free) System Restore: Activé (Enable) System drive C: has 25 GB (25%) free of 98 GB ---\\ Connection to the system mode ~ Computer Name: OWNER-PC ~ User Name: Owner ~ All Users Names: Owner, HomeGroupUser$, Guest, Administrator, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Owner\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Owner\AppData\Roaming\ ~ %Desktop% : C:\Users\Owner\Desktop\ ~ %Favorites% : C:\Users\Owner\Favorites\ ~ %LocalAppData% : C:\Users\Owner\AppData\Local\ ~ %StartMenu% : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 98 Go) D: Hard drive, Flash drive, Thumb drive (Free 54 Go of 195 Go) E: Hard drive, Flash drive, Thumb drive (Free 156 Go of 195 Go) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Not Inserted) H: Hard drive, Flash drive, Thumb drive (Free 402 Go of 443 Go) I: Floppy drive, Flash card reader, USB Key (Not Inserted) J: Floppy drive, Flash card reader, USB Key (Not Inserted) K: Floppy drive, Flash card reader, USB Key (Not Inserted) L: Floppy drive, Flash card reader, USB Key (Not Inserted) M: Floppy drive, Flash card reader, USB Key (Not Inserted) N: CD-ROM drive (Free 0 Go of 2 Go) O: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 49 Legitimates Filtered in 00mn AMs ---\\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 1:19:30 AM.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/11/2014 - 10:02:44 AM.) -- C:\Windows\System32\wininet.dll [2365440] [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Windows Logon Application.) (.16/07/2014 - 9:07:24 PM.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 8:27:26 AM.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 1:45:52 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 4:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 4:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 5:43:43 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 4:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 9:37:55 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 5:52:35 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 6:06:41 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 4:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 8:34:02 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn AMs ---\\ Hidden files state (Hidden/Total) Mes images (My Pictures) : 2/2 (Modified) ~ Mes musiques (My Musics) : 1/8 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/34 ~ Mes Documents (My Documents) : 1/1449 ~ Mon Bureau (My Desktop) : 1/395 ~ Menu demarrer (Programs) : 1/66 ~ Hidden Files: Scanned in 00mn AMs ---\\ Process running [MD5.9CA037D9931896ABDDC41A214012314E] - (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6038016] [PID.3380] [MD5.5C22E50822B726F530EDD95F9BA0C601] - (.ASUSTek - TurboVHelp.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [1033216] [PID.3388] [MD5.716F5828497A7739B1BCCEE4D0E8A80F] - (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTray.exe [833240] [PID.496] [MD5.450AAE0CC3C835BFDCBD346DDBA431CA] - (.LiberKey.com - LiberKey Portabilizer.) -- D:\LiberKey\LiberKeyTools\LiberKeyPortabilizer\LiberKeyPortabilizer.exe [1311152] [PID.4160] [MD5.E2FD4CBCB269C13474109B473F2ED5D9] - (.ASUSTek - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [7238144] [PID.4236] [MD5.DF6B209525F79A95E31AFB6B945C16DC] - (.SoftPerfect Research - NetWorx Application (32-bit).) -- D:\LiberKey\Apps\NetWorx\App\NetWorx\networx.exe [3180088] [PID.4536] [MD5.4DAB37E8BEDA1F286F0C40B8AAB0D65C] - (.No owner - Everything.) -- E:\everything\Everything.exe [602624] [PID.3244] [MD5.B2B2FE2671DD98A322B0AD7079C0B2B2] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216] [PID.3240] [MD5.44ADDA5FB88EE14F57A246285775AC2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Avast\avastui.exe [5227112] [PID.3180] [MD5.BB6D3748D86BC02D55ADD8ADC1D07633] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288] [PID.4744] [MD5.82F68EBA0FCEA46BA8919D6A264A833E] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.1660] [MD5.7C0787598607A46A32726BA8AEAFEF18] - (.Google Inc. - Google Chrome.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe [809288] [PID.2964] [MD5.9D8EE64F05FFCE71F410671F6FF0464F] - (.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe [1142864] [PID.3956] =>P2P.BitTorrent [MD5.F0F71A96CE88C4AD8843D172C2920F50] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8180736] [PID.4480] [MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Avast\AvastSvc.exe [50344] [PID.1416] [MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1724] [MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.1760] [MD5.E781164C7D47950E3D218C84B2901CB2] - (...) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112] [PID.1784] [MD5.94E69A444023870D42A0F9F0355583D8] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728] [PID.1880] [MD5.D7B38574D50F4D9287238C6E14D6DFA8] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944] [PID.1912] [MD5.BE977AA09969C80D52C879EB1DC67E38] - (.CrossLoop - CrossLoop Service.) -- C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe [569072] [PID.2012] [MD5.E5B95C75557120881076C45CD146D72C] - (.DeviceVM, Inc. - Windows Metadata Export Service.) -- C:\ASUS.SYS\config\DVMExportService.exe [319488] [PID.2040] [MD5.6E7B4E75E8A226EDC8A9A8B1C3510F9B] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1640] [MD5.06A49B7BDC36CFBF97DD90804F833369] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024] [PID.1944] ~ Processes Running: Scanned in 00mn AMs ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome Extension Folder ~ Google Lines Browser: 0 Legitimates Filtered in 05mn AMs ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (14288) ~ Hosts File: Scanned in 06mn AMs ---\\ Auto loading programs from Registry and folders (O4) O4 - HKCU\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [fsm] Orphan key O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTRAY.exe O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - HKLM\..\Wow6432Node\Run: [TurboV EVO] . (.ASUSTek - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Wow6432Node\Run: [Conime] C:\Windows\system32\conime.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [Everything] . (.No owner - Everything.) -- E:\everything\Everything.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- H:\amd\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (.not file.) O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (.not file.) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [fsm] Orphan key O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-21-1755539037-3709105905-1855503912-1000\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- E:\zoner photo\Photo Studio 16\Program32\ZPSTRAY.exe ~ Application: Scanned in 00mn AMs ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net O17 - HKLM\System\CS1\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net O17 - HKLM\System\CS2\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{EA2D575A-6298-4632-AFAB-AE61DFFA7592}: DhcpDomain = sogetel.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 ~ Domain: Scanned in 00mn AMs ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\\ Task Planned Automatically (039) [MD5.7CAC9EECA1CC3D06AD4F0EC46C33F901] [APT] [PrintProjects Communicator] (...) -- C:\ProgramData\PrintProjects\MessageCheck.exe [166056] [MD5.EBAC6DC8B90A8A1FA7D6DE862ECBEF71] [APT] [WpsNotifyTask_Owner] (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [364392] [MD5.F9D9C975B5A03927BC2BAECFFAE8B9FD] [APT] [WpsUpdateTask_Owner] (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [390504] [MD5.9CA037D9931896ABDDC41A214012314E] [APT] [ASUS SIX Engine] (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6038016] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830] O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-310 Series Invitation {D25A651D-C2E8-4422-95E7-5286C1802C5E}.job [725] O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {D25A651D-C2E8-4422-95E7-5286C1802C5E} [725] O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-310 Series Update {D25A651D-C2E8-4422-95E7-5286C1802C5E}.job [911] O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-310 Series Update {D25A651D-C2E8-4422-95E7-5286C1802C5E} [911] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [894] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [898] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755539037-3709105905-1855503912-1000Core [856] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755539037-3709105905-1855503912-1000UA [908] O39 - APT: PrintProjects Communicator - (...) -- C:\Windows\Tasks\PrintProjects Communicator.job [304] O39 - APT: PrintProjects Communicator - (...) -- C:\Windows\System32\Tasks\PrintProjects Communicator [304] O39 - APT: WpsNotifyTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\Tasks\WpsNotifyTask_Owner.job [374] O39 - APT: WpsNotifyTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\System32\Tasks\WpsNotifyTask_Owner [374] O39 - APT: WpsUpdateTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\Tasks\WpsUpdateTask_Owner.job [374] O39 - APT: WpsUpdateTask_Owner - (.Zhuhai Kingsoft Office Software Co.,Ltd.) -- C:\Windows\System32\Tasks\WpsUpdateTask_Owner [374] ~ Scheduled Task: 28 Legitimates Filtered in 02mn AMs ---\\ Software installed (O42) O42 - Logiciel: Cuttix - (.GUNSH d.o.o..) [HKLM][64Bits] -- {0486B0E7-9AB4-457A-AD5B-B290F143BB4E} O42 - Logiciel: Ideal DVD Copy V4.1.2 - (.Ideal DVD Software, Inc..) [HKLM][64Bits] -- Ideal DVD Copy_is1 O42 - Logiciel: PrintProjects - (.RocketLife Inc..) [HKLM][64Bits] -- PrintProjects O42 - Logiciel: Top Chef - (...) [HKLM][64Bits] -- BFG-Top Chef O42 - Logiciel: Zoner Photo Studio 16 - (.ZONER software.) [HKLM][64Bits] -- ZonerPhotoStudio16_EN_is1 ~ Logic: 29 Legitimates Filtered in 00mn AMs ---\\ HKCU & HKLM Software Keys [HKCU\Software\ISOWINDOWMENU] [HKLM\Software\Wow6432Node\idc] ~ Key Software: 384 Legitimates Filtered in 00mn AMs ---\\ Contents of the Common Files folders (O43) O43 - CFD: 14/03/2012 - 6:26:26 PM - [] ----D C:\Program Files (x86)\PrintProjects O43 - CFD: 02/09/2014 - 8:31:07 PM - [] ----D C:\ProgramData\ftw O43 - CFD: 14/03/2012 - 6:26:39 PM - [] ----D C:\ProgramData\PrintProjects O43 - CFD: 02/09/2014 - 8:24:16 PM - [] ----D C:\ProgramData\restore O43 - CFD: 01/07/2012 - 10:24:58 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideal DVD Copy O43 - CFD: 26/08/2011 - 5:29:55 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Burning Tools O43 - CFD: 17/02/2012 - 9:28:04 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ots Labs O43 - CFD: 14/03/2012 - 6:26:26 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects O43 - CFD: 14/07/2009 - 3:45:37 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 29/01/2012 - 12:40:03 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Top Chef O43 - CFD: 28/01/2015 - 9:22:38 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16 O43 - CFD: 04/02/2012 - 2:19:11 PM - [] ----D C:\Users\Owner\AppData\Roaming\Lonely Troops O43 - CFD: 01/12/2014 - 9:43:07 PM - [] -SH-D C:\Users\Owner\AppData\Local\EmieBrowserModeList O43 - CFD: 12/12/2014 - 6:41:23 PM - [] ----D C:\Users\Owner\AppData\Local\GUNSH_d.o.o O43 - CFD: 22/03/2015 - 3:18:01 PM - [] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Digital Studio O43 - CFD: 12/12/2014 - 6:40:37 PM - [] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gunsh ~ Program Folder: 288 Legitimates Filtered in 00mn AMs ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.4940BA735116D51D1D49188C52AD35AD] - 12/04/2015 - 7:55:54 AM --H-- . (...) -- C:\dvmexp.idx [177] ~ Files: 7 Legitimates Filtered in 14mn AMs ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{314a92f4-7fac-11e3-bd58-00261896c399}\AutoRun\command. (.GIANTS Software GmbH - Autorun.) -- N:\cdstart.exe O51 - MPSK:{d96fdb64-91b3-11df-b4d4-806e6f6e6963}\AutoRun\command. (...) -- F:\Diablo III Setup.exe (.not file.) ~ Keys: Scanned in 00mn AMs ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ~ SMSR Keys: 3 Legitimates Filtered in 00mn AMs ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 20 Legitimates Filtered in 00mn AMs ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 7 Legitimates Filtered in 00mn AMs ---\\ System Drivers List (SDL) (O58) O58 - SDL:13/05/2009 - 8:26:24 PM ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [15416] O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software O58 - SDL:03/01/2015 - 11:14:02 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software O58 - SDL:13/07/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:24/07/2009 - 7:55:10 AM ---A- . (.Primax Ltd - Primax USB Optical Mouse Driver.) -- C:\Windows\System32\Drivers\NMgamingms.sys [11264] O58 - SDL:13/07/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:14/11/2011 - 7:11:10 AM ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\Windows\System32\Drivers\uimx64.sys [59184] O58 - SDL:10/05/2011 - 7:06:08 AM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712] O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [16776] O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [9096] O58 - SDL:04/01/2008 - 12:34:42 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216] O58 - SDL:04/01/2008 - 12:34:48 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832] O58 - SDL:06/04/2009 - 2:24:30 AM R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13368] O58 - SDL:02/04/2009 - 7:30:14 AM ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296] O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14216] O58 - SDL:29/07/2011 - 1:54:56 PM ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [8456] ~ Drivers: 83 Legitimates Filtered in 04mn AMs ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 03/01/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID ~ Legacy: 90 Legitimates Filtered in 00mn AMs ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn AMs ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhslin[...] =>Toolbar.Ask O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*"); =>Toolbar.Ask O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}[...] =>Toolbar.Ask O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*"); =>Toolbar.Ask O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline[...] =>Toolbar.Ask O69 - SBI: prefs.js [Owner - y9x5hnyw.default] user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*"); =>Toolbar.Ask ~ Keys: Scanned in 00mn AMs ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.6BBF68CEC62F32142D896763001B65CF] [SPRF][01/03/2015] (.No owner - ZHPCleaner.) -- C:\Users\Owner\Desktop\ZHPCleaner.exe [1735680] ~ Files: 5 Legitimates Filtered in 01mn AMs ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{12B1A29A-BF22-41F7-8956-701BB859228A}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{07889EEE-AC23-47F5-B307-F771344D392F}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "TCP Query User{4AE621E3-31D3-481E-AC90-81E4FD72CCF7}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{7EA34DA4-DEF5-4DC1-BA30-DDF7DF60D93E}D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\liberkey\apps\utorrent\app\utorrent\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "{C3889400-98EE-48F8-87B8-4E4E15ECD6C1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "{8C4C8B97-D158-45B8-AB82-70B42AC0FD48}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent ~ Firewall: 6 Legitimates Filtered in 02mn AMs ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 04/02/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 13/08/2014 409304 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe SS - | Auto 14/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 14/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Disabled 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe SS - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe SS - | Demand 13/07/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe SS - | Demand 21/07/2010 814080 | (tvnserver) . (.GlavSoft LLC..) - C:\Users\Owner\AppData\Local\CrossLoop\tvnserver.exe SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 20/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 01/04/2009 90112 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe SR - | Auto 03/01/2015 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Avast\AvastSvc.exe SR - | Demand 03/01/2015 4012248 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe SR - | Auto 13/08/2014 384728 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe SR - | Auto 13/08/2014 777944 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe SR - | Auto 07/09/2011 569072 | (CrossLoopService) . (.CrossLoop.) - C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe SR - | Auto 17/05/2012 144560 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe SR - | Auto 15/04/2013 152640 | (EPSON_PM_RPCV4_06) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.exe SR - | Auto 16/09/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 13/05/2007 272024 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe SR - | Auto 09/08/2010 99048 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 07mn AMs ---\\ Scan Additionnel (O88) Database Version : 13008 - (27/02/2015) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 1 D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe =>P2P.BitTorrent^ ~ Additionnel Scan: 270635 Items scanned in 22mn AMs ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51) ~ AMI: 3 Legitimates Filtered in 00mn AMs ---\\ Summary of the detections found on your workstation http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask ~ MSI: 1 link(s) detected in 00mn AMs ~ 1003 Legitimates filtered by white list End of the scan (477 lines in 35mn AMs)(0.7)