~ Report of ZHPDiag v2013.10.1.1 - Nicolas Coolman (30/09/2013) ~ Launched by Nolirion (02/10/2013 21:40:09) ~ Web site address : http://nicolascoolman.webs.com ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : ---\\ Internet browsers MSIE: Internet Explorer v10.0.9200.16540 GCIE: Google Chrome v29.0.1547.76 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, RETAIL channel ~ Windows Partial Key : PM9DP Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software avast! Internet Security v8.0.1497.0 AVG 2013 v13.0.3204 Windows Defender W7 ---\\ System optimization software CCleaner v4.02 =>Piriform Ltd ---\\ Sharing software PeerToPeer Pando Media Booster v2.6.0.8 ---\\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 25 ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (55% free) System Restore: Active (Enable) System drive C: has 12 GB (7%) free of 149 GB ---\\ Connection to the system mode ~ Computer Name: NOLIRION-PC ~ User Name: Nolirion ~ All Users Names: UpdatusUser, Nolirion, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\TEMP.Nolirion-PC\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\TEMP.Nolirion-PC\AppData\Roaming\ ~ %Desktop% : C:\Users\TEMP.Nolirion-PC\Desktop\ ~ %Favorites% : C:\Users\TEMP.Nolirion-PC\Favorites\ ~ %LocalAppData% : C:\Users\TEMP.Nolirion-PC\AppData\Local\ ~ %StartMenu% : C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 12 Go of 149 Go) D: CD-ROM drive (Not Inserted) E: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center ~ Security Center: 36 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de demarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliotheque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du systeme de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallele.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliche instantane du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/727 ~ Mes musiques (My Musics) : 6/1304 ~ Mes Videos (My Videos) : 1/9 ~ Mes Favoris (My Favorites) : 1/28 ~ Mes Documents (My Documents) : 3/4371 ~ Mon Bureau (My Desktop) : 1/18707 ~ Menu demarrer (Programs) : 1/40 ~ Hidden Files: Scanned in 00mn 08s ---\\ Process running [MD5.6B08632F7634F344372B25A507DA7C47] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000] [PID.2144] [MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656] [PID.2188] [MD5.5DC2734641995889DF9D53C04A2786D0] - (.Glarysoft Ltd - Glary Utilities 3.) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe [470816] [PID.2500] [MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2508] [MD5.E7148BB584830E51AFD414CE9AEAE74C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.2792] [MD5.3C32D620BEA5CC151CE286690590AA88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8032768] [PID.4936] [MD5.2222073BE0232E70A397B8302293AA9D] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413472] [PID.828] [MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1152] [MD5.68E3356BC848124F56BDAC3C70C2E54B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [137960] [PID.1440] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2028] [MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.2100] [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2600] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Program [Public]: DISCIPLINE.LNK . (...) -- C:\Program Files\DISCIPLINE\DISCIPLINE.exe O4 - GS\QuickLaunch [Nolirion]: μTorrent.lnk . (.BitTorrent Inc. - μTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Nolirion]: PlanetSide 2 Beta.lnk . (.Sony Online Entertainment, LLC - LaunchPad (GameLauncher).) -- C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\LaunchPad.exe O4 - GS\Desktop [Nolirion]: StarCraft II - Raccourci.lnk . (...) -- C:\Program Files (x86)\StarCraft II\StarCraft II.exe (.not file.) ~ Global Startup: 60 Legitimates Filtered in 00mn 01s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2572046954-651867858-687166017-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-2572046954-651867858-687166017-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 00s ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{26DFE780-F47A-4031-A859-D2085675ED17}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk * ) - File not found O34 - HKLM BootExecute: (BootDefrag.exe) - File not found ~ BEX: 3 Legitimates Filtered in 00mn 00s ---\\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.00000000000000000000000000000000] [APT] [{0E1E628B-3155-43EA-A060-DD4B1BA6618B}] (...) -- E:\SETUP.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{107AAF9F-4702-4031-947F-3556B68641A4}] (...) -- F:\ATLASV14ETrial.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1CF5EBD5-6FE4-4191-A23B-2A6C9F861B3A}] (...) -- C:\ILLUSION\RapeLay\RL Harem 2\RL Harem 2.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1F14C4D2-EA11-4712-8B71-63A1F4E375B4}] (...) -- C:\Users\Nolirion\Downloads\NetFx20SP2_ia64.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{22D911C5-7C00-466F-9771-CB5E28EFA904}] (...) -- C:\ILLUSION\RapeLay\RL Harem 2\RL Harem 2.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4AB271F2-41E7-4C47-9DCD-1F9FAEE7E0AF}] (...) -- C:\Users\Nolirion\Downloads\RL Harem 2 v1.01.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4E98D88B-575A-4BAC-B6A2-B1B3037FAD35}] (...) -- C:\Users\Nolirion\Downloads\RL Harem BETA v1.02.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A8D0A3A2-8E38-4E35-ADF7-3B277BC86552}] (...) -- E:\BLEEDUST.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{DAC5710D-3917-475B-A3FD-3CDD21A45C4D}] (...) -- C:\Program Files (x86)\Eushully\moo\Uninst200.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E66E49F0-E125-45C1-AD35-7AD7886B09B2}] (...) -- C:\Users\Nolirion\Downloads\MassEffect_BDtS_ES_a.exe (.not file.) [0] ~ Scheduled Task: 27 Legitimates Filtered in 00mn 02s ---\\ Software installed (O42) O42 - Logiciel: BitRaider Web Client - (.BitRaider, LLC.) [HKLM][64Bits] -- BitRaider Web Client O42 - Logiciel: GameFly - (.GameFly, Inc..) [HKLM][64Bits] -- GameFly O42 - Logiciel: ILLUSION SchoolMate - (.ILLUSION.) [HKLM][64Bits] -- {52ABC760-CAFC-4FCD-A0AA-5661366199D5} O42 - Logiciel: ILLUSION でじたるメイト - (.ILLUSION.) [HKLM][64Bits] -- {2F59EC4C-80B9-4B35-9D8B-BA97D77E8BFD} O42 - Logiciel: ILLUSION プレミアムプレイ - (.ILLUSION.) [HKLM][64Bits] -- {0578A699-51A3-453B-B3F7-433EFD189942} O42 - Logiciel: ILLUSION ワケあり! - (.ILLUSION.) [HKLM][64Bits] -- {FD1E17BC-2956-4AD7-B937-D23F06F1A5E8} O42 - Logiciel: MeCab 0.98 - (.Taku Kudo.) [HKLM][64Bits] -- MeCab_is1 O42 - Logiciel: Milftoon Beach V2.191 - (...) [HKLM][64Bits] -- Milftoon Beach V2.191 O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57-4638-A8D1-1D88671913B7} O42 - Logiciel: 神採りアルケミーマイスター - (.Eushully.) [HKLM][64Bits] -- InstallShield_{41810510-3CE0-425B-BE07-B9793731737F} O42 - Logiciel: 神採りアルケミーマイスター - (.Eushully.) [HKLM][64Bits] -- {41810510-3CE0-425B-BE07-B9793731737F} O42 - Logiciel: 神採りアルケミーマイスター Append01 - (.Eushully.) [HKLM][64Bits] -- InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35} O42 - Logiciel: 神採りアルケミーマイスター Append01 - (.Eushully.) [HKLM][64Bits] -- {EFE563B0-DDDB-45AF-B49A-C109C93E5F35} O42 - Logiciel: 神採りアルケミーマイスター Append02 - (.Eushully.) [HKLM][64Bits] -- InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C} O42 - Logiciel: 神採りアルケミーマイスター Append02 - (.Eushully.) [HKLM][64Bits] -- {19B5CAAF-3E36-40F4-83F2-45E0D258000C} O42 - Logiciel: 神採りアルケミーマイスター Ver2.00 Update - (.Eushully.) [HKLM][64Bits] -- InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D} O42 - Logiciel: 神採りアルケミーマイスター Ver2.00 Update - (.Eushully.) [HKLM][64Bits] -- {C7B5C8A0-CE3F-4645-A0B6-B5515794076D} ~ Logic: 83 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ACTIVEJP.INI] [HKCU\Software\Altap] [HKCU\Software\Eushully] [HKCU\Software\GameFly] [HKCU\Software\GuiltyPLUS] [HKCU\Software\IGNITION] [HKCU\Software\INTERHEART] [HKCU\Software\IncrediMail] [HKCU\Software\MS] [HKCU\Software\MeCab] [HKCU\Software\No Reply Games] [HKCU\Software\Will] [HKCU\Software\XMoonProd] [HKCU\Software\akibain] [HKCU\Software\illusion] [HKCU\Software\sakuradite.org] [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\MeCab] [HKLM\Software\Wow6432Node\SCRiN] [HKLM\Software\illusion] ~ Key Software: 191 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 03/07/2013 - 23:20:54 - [0,708] ----D C:\Program Files (x86)\AMPLITUDE O43 - CFD: 15/06/2013 - 19:20:20 - [735,192] ----D C:\Program Files (x86)\Eushully O43 - CFD: 09/07/2013 - 11:55:38 - [55,317] ----D C:\Program Files (x86)\GameFly O43 - CFD: 18/03/2013 - 19:26:31 - [0,460] ----D C:\Program Files (x86)\Illusion Registry Fixer O43 - CFD: 09/07/2013 - 11:55:41 - [99,167] ----D C:\Program Files (x86)\MeCab O43 - CFD: 28/09/2013 - 00:41:00 - [375,563] ----D C:\Program Files (x86)\Milftoon Beach V2.191 O43 - CFD: 03/06/2013 - 01:52:47 - [377,383] ----D C:\Program Files (x86)\mu soft O43 - CFD: 15/09/2013 - 23:48:27 - [1,473] ----D C:\Program Files (x86)\ss helper =>Adware.SaveShare O43 - CFD: 15/09/2013 - 23:48:42 - [0] ----D C:\ProgramData\0 O43 - CFD: 30/09/2013 - 21:32:39 - [7,285] ----D C:\ProgramData\BitRaider O43 - CFD: 15/09/2013 - 23:48:42 - [2,226] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 18/05/2013 - 18:28:18 - [3,290] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\GameFly O43 - CFD: 06/04/2013 - 14:11:59 - [0,007] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\INTERHEART O43 - CFD: 29/09/2013 - 21:28:57 - [3,723] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\org.sakuradite.reader O43 - CFD: 21/09/2013 - 22:59:01 - [0,784] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\RenPy O43 - CFD: 23/02/2013 - 22:31:16 - [18,225] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\Eushully O43 - CFD: 29/04/2013 - 23:43:32 - [0,002] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\Kerberos_Productions O43 - CFD: 28/09/2013 - 00:41:21 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\Milftoon O43 - CFD: 22/09/2013 - 17:28:40 - [481,007] ----D C:\Users\TEMP.Nolirion-PC\AppData\Local\XMoonProd O43 - CFD: 10/09/2013 - 17:11:42 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameFly O43 - CFD: 28/09/2013 - 00:41:01 - [0,003] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Milftoon Beach V2.191 O43 - CFD: 03/06/2013 - 01:53:31 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mu soft O43 - CFD: 22/09/2013 - 17:28:40 - [0,001] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMoonProd O43 - CFD: 06/04/2013 - 01:40:09 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\インターハート O43 - CFD: 03/07/2013 - 09:31:50 - [0] ----D C:\Users\TEMP.Nolirion-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\痴漢電車男2 ~ Program Folder: 183 Legitimates Filtered in 00mn 05s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.1054DEA0541F0BAF9B3B13F5EE6B321D] - 29/09/2013 - 23:13:33 ---A- . (...) -- C:\DiskDefrag.log [75] ~ Files: 8 Legitimates Filtered in 00mn 03s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{3ff03bf0-672a-11e2-950d-002215444ca0}\AutoRun\command. (...) -- F:\Startme.exe (.not file.) O51 - MPSK:{ccd2b11e-21cd-11e2-8898-002215444ca0}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 29/03/2005 - 01:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192] ~ Drivers: 18 Legitimates Filtered in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 02/01/1601 - No owner (BootDefragDriver) .(...) - LEGACY_BOOTDEFRAGDRIVER O64 - Services: CurCS - 14/09/2013 - C:\ProgramData\BitRaider\BRDriver64.sys (BRDriver64) .(.BitRaider - BitRaider WISDA 64-Bit Filter Driver.) - LEGACY_BRDRIVER64 O64 - Services: CurCS - 11/04/2013 - C:\Windows\System32\drivers\gfiark.sys (gfiark) .(.ThreatTrack Security - gfiark64.sys.) - LEGACY_GFIARK ~ Legacy: 89 Legitimates Filtered in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Internet Feature Controls (IFC) (O81) O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.B75518F00DDF086FD6544733221A7A9D] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363875131.bdinstall.bin [704932] [MD5.38C0E220F2FADDA94E505080CAB62595] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363878944.bdinstall.bin [439058] [MD5.D11DD7A331F148684B5F62E8257B4424] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363880026.bdinstall.bin [232158] [MD5.B6EC6B341827A687817AE3FCBC36B195] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363880591.bdinstall.bin [690377] [MD5.DA10F82FEDA05DE17D0EA32C9D577997] [SPRF][21/03/2013] (...) -- C:\ProgramData\1363881656.bdinstall.bin [229487] [MD5.D53B2BA563DDD6CEEA83D357F8379298] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373354920.bdinstall.bin [318106] [MD5.31A0739858B0E53DA6BF228D20446D40] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373362024.bdinstall.bin [566687] [MD5.0CB7C7BDE3E5A370CF626336A92ECE7A] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373362710.bdinstall.bin [242711] [MD5.F4059296167B163F0F25CE94AE4BF177] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373364112.bdinstall.bin [515632] [MD5.01FDA9AE99CEA944676ED152E0D18886] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373365143.bdinstall.bin [449872] [MD5.0D402AD34F9FD1FC33F00B4B3300EE2F] [SPRF][09/07/2013] (...) -- C:\ProgramData\1373367827.bdinstall.bin [240847] [MD5.0AEA84EB22563F7E05144311AFE8233D] [SPRF][04/04/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\train2sv.bin [2923100] [MD5.9182C3ECAB695D72C5937499705D68FB] [SPRF][01/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\Temp\Quarantine.exe [344601] [MD5.F779D4401049C5592A34B2D4DA14A0EE] [SPRF][02/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\Temp\~gu3-ver.dat [107] [MD5.08512BFFB233FFA2D77379B74C4EBB54] [SPRF][02/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\AppData\Local\Temp\~upgrade.dat [936] [MD5.5611140E8CC5927D371C27EA1F9E71A6] [SPRF][02/10/2013] (...) -- C:\Users\TEMP.Nolirion-PC\Desktop\AdwCleaner.exe [1045226] [MD5.F949E47CBC3E395AE9388084DEC9F84B] [SPRF][12/09/2013] (...) -- C:\Users\TEMP.Nolirion-PC\Desktop\Reset_Reregister_Windows_Update_Components.bat [1709] [MD5.666BD24BE5A29F1FF17D91CC280BD2EE] [SPRF][02/10/2013] (.No owner - Nettoyage des fichiers temporaires.) -- C:\Users\TEMP.Nolirion-PC\Desktop\SFTGC.exe [1064060] ~ Files: 19 Legitimates Filtered in 00mn 01s ---\\ Product Upgrade Codes (PUC) (O90) O90 - PUC: "996A87503A15B3543B7F34E3DF819924" . (.ILLUSION プレミアムプレイ.) -- C:\Windows\Installer\{0578A699-51A3-453B-B3F7-433EFD189942}\ARPPRODUCTICON.exe ~ Update Products: 43 Legitimates Filtered in 00mn 00s ---\\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.A985AA23C4FA8774D7A6A420990D70C0] [WIS][05/01/2013] (.ILLUSION - プレミアムプレイ.) -- C:\Windows\Installer\1bf1d5b.msi [623104] ~ WIS: 20 Legitimates Filtered in 00mn 02s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe SS - | Demand 26/09/2013 484592 | (BRSptSvc) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptSvc.exe SS - | Auto 28/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 28/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe SR - | Auto 27/08/2013 14997280 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 21/06/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 06/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 21/06/2013 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Search Master Boot Record Infection (MBR)(O80) Run by Nolirion at 02/10/2013 21:41:22 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Nolirion at 02/10/2013 21:41:24 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12932 - (30/09/2013) Cles trouvees (Keys found) : 5 Valeurs trouvees (Values found) : 0 Dossiers trouves (Folders found) : 2 Fichiers trouves (Files found) : 0 [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole] =>Toolbar.AdAware [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ C:\Program Files (x86)\ss helper =>Adware.SaveShare^ C:\ProgramData\InstallMate =>PUP.Tarma^ ~ Additionnel Scan: 163035 Items scanned in 00mn 24s ---\\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/31929570-adware-saveshare =>Adware.SaveShare ~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss =>Rootkit.TDSS ~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ MSI: 4 link(s) detected in 00mn 24s ~ 821 Legitimates filtered by white list End of the scan (485 lines in 01mn 40s)(0)