Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Launched by lola (31/01/2014 12:19:05)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.102 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
~ Windows Partial Key : J2KVT
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Free Antivirus v9.0.2011
Windows Defender W8
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Reader XI
Java 7 Update 51
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (85% free)
System Restore: Désactivé (Disabled)
System drive C: has 236 GB (63%) free of 372 GB
---\\ Connection to the system mode
~ Computer Name: P-CHAN
~ User Name: lola
~ All Users Names: UpdatusUser, lola, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\lola\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lola\AppData\Roaming\
~ %Desktop% : C:\Users\lola\Desktop\
~ %Favorites% : C:\Users\lola\Favorites\
~ %LocalAppData% : C:\Users\lola\AppData\Local\
~ %StartMenu% : C:\Users\lola\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 236 Go of 372 Go)
D: Hard drive, Flash drive, Thumb drive (Free 505 Go of 538 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 1 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/01/2014 - 15:45:35.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/17239
~ Mes musiques (My Musics) : 1/5404
~ Mes Videos (My Videos) : 1/14716
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/6383
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 46s
---\\ Process running
[MD5.C6D3BB61E24F66EB976C6CC55346B5F2] - (.ASUS - ASUS InstantOn.) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [1196416] [PID.3788]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.2248]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4496]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.4508]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.992]
[MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.1484]
[MD5.8C372DD07B681ADB379383342F4D1784] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.2628]
[MD5.4860117DA2E6E9B300144902629B09AC] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896] [PID.2468]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5420]
[MD5.7921D167440AF72DC11A3C4528132B12] - (.cyberlink - brs.) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78352] [PID.3992]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4616]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2432]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.5944]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.5828]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3164]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [cgbealecnakbhfoeeipcnoboempfkbjd] flash-Enhancer v.2.1 (Désactivé) =>Adware.FlashEnhancer
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Désactivé)
~ Google Browser: 21 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Les Sims™ 3 Animaux & Cie.lnk . (.Electronic Arts, Inc. - Sims 3Launcher Starter Application.) -- D:\Sims 3 animaux\Game\Bin\Sims3Launcher.exe
O4 - GS\Desktop [Public]: MuseScore.lnk . (...) -- C:\Program Files (x86)\MuseScore\bin\mscore.exe
O4 - GS\Desktop [Public]: Vegas Pro 11.0.lnk . (.Sony Creative Software Inc. - Vegas Pro.) -- C:\Program Files (x86)\Sony\Vegas Pro 11.0\vegas110.exe
O4 - GS\Desktop [Public]: Waves MAXXAudio.lnk . (...) -- C:\Program Files (x86)\Realtek\Audio\HDA\MaxxAudioControl64.exe (.not file.)
O4 - GS\Desktop [Public]: 咎狗の血.lnk . (.Nitro+ - 咎狗の血.) -- D:\Togainu no chi\咎狗の血\togainunochi.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Desktop [UpdatusUser]: SILVER CHAOS.lnk . (...) -- D:\silver chaos\VividColor\SilverChaos\MainSystem.exe
O4 - GS\QuickLaunch [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [lola]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [lola]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [lola]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lola\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [lola]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [lola]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [lola]: DMMd.lnk . (.☆翼の夢★舞の城☆聯盟 - www.otomedream.com.) -- D:\dmmd\DRAMAtical Murder\DMMd_crack_for_ver110.exe
O4 - GS\Desktop [lola]: DMMdREC.lnk . (.翼之梦舞之城联盟 - www.otomedream.com.) -- D:\dmmd reconnect\DRAMAtical Murder reconnect\DMMdrc_crack.exe
O4 - GS\Desktop [lola]: MPC-HC x64.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files\MPC-HC\mpc-hc64.exe
O4 - GS\Desktop [lola]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [lola]: SILVER CHAOS.lnk . (...) -- D:\silver chaos\VividColor\SilverChaos\MainSystem.exe
~ Global Startup: 69 Legitimates Filtered in 00mn 02s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS InstantKey] . (.ASUS - Ikey_start.) -- C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [BDRegion] . (.cyberlink - brs.) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C1BB2F-4B82-455B-9F22-453F05736930}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D4C1BB2F-4B82-455B-9F22-453F05736930}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Asus WebStorage Windows Service (Asus WebStorage Windows Service) . (.No owner - Asus WebStorage Windows Service.) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: 19 Legitimates Filtered in 00mn 07s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [RegistryDr_Start] (...) -- C:\Program Files (x86)\Registry Dr\RegistryDr.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 07s
---\\ Software installed (O42)
O42 - Logiciel: The Wolf Among Us - (...) [HKLM][64Bits] -- Steam App 250320
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
O42 - Logiciel: 咎狗の血 - (...) [HKLM][64Bits] -- {F004C3DF-05BA-48AA-98E4-22A7F686AD1F}
~ Logic: 30 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AmiExt] =>Adware.FlashEnhancer
[HKCU\Software\RegistryDrLanguage]
[HKCU\Software\VividColor]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 272 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 31/01/2014 - 03:10:13 - [0] ----D C:\Program Files (x86)\AmiExt =>Adware.FlashEnhancer
O43 - CFD: 31/01/2014 - 03:10:59 - [0] ----D C:\Program Files (x86)\Registry Dr
O43 - CFD: 31/01/2014 - 03:09:45 - [0,489] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 31/01/2014 - 03:08:49 - [0] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 31/01/2014 - 02:16:08 - [0,471] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 31/01/2014 - 11:55:18 - [1,228] ----D C:\Users\lola\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 31/01/2014 - 02:16:58 - [1,224] ----D C:\Users\lola\AppData\Local\genienext
O43 - CFD: 28/01/2014 - 16:13:07 - [0] ----D C:\Users\lola\AppData\Local\PackageStaging
O43 - CFD: 31/01/2014 - 02:20:41 - [0] ----D C:\Users\lola\AppData\Local\RegistryDR
~ Program Folder: 167 Legitimates Filtered in 00mn 28s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D0C2AAA169EB4CC776367EE1FB353680] - 28/01/2014 - 15:23:45 ---A- . (...) -- C:\Windows\comsetup.log [1568]
O44 - LFC:[MD5.A68BF8C7348172E2563EAF6CFD270336] - 28/01/2014 - 15:34:00 ---A- . (...) -- C:\Windows\WindowsUpdate (1).log [2025011]
O44 - LFC:[MD5.312724D7BF502428A01F7AA7E3346A8B] - 28/01/2014 - 15:49:57 ---A- . (...) -- C:\Windows\System32\Drivers\RTWAVES30.dat [82944]
O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 28/01/2014 - 15:51:43 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3426956]
O44 - LFC:[MD5.788CB0D22F5924A29485140338999728] - 28/01/2014 - 15:59:51 ---A- . (...) -- C:\Windows\DtcInstall.log [4893]
O44 - LFC:[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - 28/01/2014 - 16:01:43 ---A- . (...) -- C:\Windows\diagerr.xml [15243]
O44 - LFC:[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - 28/01/2014 - 16:01:44 ---A- . (...) -- C:\Windows\diagwrn.xml [15243]
O44 - LFC:[MD5.5ADC743C4B4473A628194048A90C464F] - 31/01/2014 - 02:17:48 ---A- . (...) -- C:\extensions.ini [76]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 31/01/2014 - 02:17:48 ---A- . (...) -- C:\extensions.sqlite [0]
~ Files: 90 Legitimates Filtered in 00mn 42s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.68F4EF5806069E04C3307E48BD1F3D12] - 28/01/2014 - 15:54:34 ---A- - C:\Windows\Prefetch\WIMSERV.EXE-E72A31F3.pf
O45 - LFCP:[MD5.24A2091E06C2EB8FDE78F96475C8C5B9] - 28/01/2014 - 16:08:00 ---A- - C:\Windows\Prefetch\OOBELDR.EXE-FF0601A2.pf
O45 - LFCP:[MD5.F35A348B6D30CF536F595638F8C57F15] - 28/01/2014 - 16:10:02 ---A- - C:\Windows\Prefetch\SETUPHOST.EXE-DAD1C30D.pf
O45 - LFCP:[MD5.743634703B28EE19A072558751B8D470] - 28/01/2014 - 16:10:07 ---A- - C:\Windows\Prefetch\SETUPPLATFORM.EXE-3A7405C0.pf
O45 - LFCP:[MD5.EB3F811A758D62C821BC2AED22B35D0F] - 28/01/2014 - 16:11:37 ---A- - C:\Windows\Prefetch\GENVALOBJ.EXE-034E3E42.pf
O45 - LFCP:[MD5.A831DC7804F7909401F5A3802AA27842] - 28/01/2014 - 16:21:53 ---A- - C:\Windows\Prefetch\GFXUIEX.EXE-9CA5FF42.pf
O45 - LFCP:[MD5.6BD9D0147EDE6278C0FD1763E6C7FCAD] - 29/01/2014 - 00:15:13 ---A- - C:\Windows\Prefetch\IMJPDCT.EXE-1C328E85.pf
O45 - LFCP:[MD5.E55D5CC064F58E678C7072D847F5D07C] - 29/01/2014 - 00:15:16 ---A- - C:\Windows\Prefetch\IMEBROKER.EXE-09F9CB44.pf
O45 - LFCP:[MD5.113F8FE5FEF62EA0FAF72658002C9581] - 29/01/2014 - 00:17:31 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf
O45 - LFCP:[MD5.6DED5F484DEE0CC255847EA80D6D886E] - 29/01/2014 - 00:18:06 ---A- - C:\Windows\Prefetch\BULKOPERATIONHOST.EXE-1D031CC3.pf
O45 - LFCP:[MD5.8C04627FA94846C008BF5D4C71CB987B] - 29/01/2014 - 17:17:23 ---A- - C:\Windows\Prefetch\MPC-HC64.EXE-C13A3A72.pf
O45 - LFCP:[MD5.D5A2B4944D7336CCF1764AD5FCE50545] - 29/01/2014 - 17:57:28 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-1D400121.pf
O45 - LFCP:[MD5.2CA7448FD22782FC074EB1225371B894] - 29/01/2014 - 22:47:41 ---A- - C:\Windows\Prefetch\DYNAMICLINKMEDIASERVER.EXE-53CA87A1.pf
O45 - LFCP:[MD5.F6C919AAB8831F2D76A6964D4185A3D4] - 30/01/2014 - 02:21:50 ---A- - C:\Windows\Prefetch\DMMDRC_CRACK.EXE-53A33BC6.pf
O45 - LFCP:[MD5.03664D7C4778A0C71F060D97E9FAC337] - 30/01/2014 - 17:58:05 ---A- - C:\Windows\Prefetch\MAINSYSTEM.EXE-2A18E96C.pf
O45 - LFCP:[MD5.549568A0B6F330ED1A60BAF62A5F7BBC] - 31/01/2014 - 01:54:56 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-41AF7861.pf =>P2P.BitTorrent
O45 - LFCP:[MD5.07F8C753A451A0CF4679B3AB40A9C323] - 31/01/2014 - 02:14:43 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER_UNI.EXE-08D9B947.pf =>Adware.Lollipop
O45 - LFCP:[MD5.CF26EDA25C7925E7EACC851BD53D32A7] - 31/01/2014 - 02:14:59 ---A- - C:\Windows\Prefetch\REGISTRYDRSETUP_S.EXE-6BE10E85.pf
O45 - LFCP:[MD5.6807162AB4E2AC71052AA913A3A9FFFD] - 31/01/2014 - 02:15:37 ---A- - C:\Windows\Prefetch\REGISTRYDR.EXE-B5AA38A1.pf
O45 - LFCP:[MD5.443C6E30ED3E820AEE32C03C565BA8F8] - 31/01/2014 - 02:15:38 ---A- - C:\Windows\Prefetch\AMT_AWESOMEHP.EXE-5CEAE2A5.pf =>PUP.Awesomehp
O45 - LFCP:[MD5.841F3D835B9DD7B2F5E6DD1BBFFB8763] - 31/01/2014 - 02:16:03 ---A- - C:\Windows\Prefetch\WPM.EXE-8C096E31.pf =>PUP.WpManager
O45 - LFCP:[MD5.D85D57E7A8D1775B1BD42E9EFE7BFF66] - 31/01/2014 - 02:16:10 ---A- - C:\Windows\Prefetch\BHOENABLER.EXE-8A9E3100.pf
O45 - LFCP:[MD5.4EC8770F711D78F1281D423F6DF5323E] - 31/01/2014 - 02:16:11 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-E58B8870.pf
O45 - LFCP:[MD5.EF3EB3908F99BDCC8F93446056C9AB51] - 31/01/2014 - 02:16:13 ---A- - C:\Windows\Prefetch\MOBOGENIE_SETUP_2.1.37_506.EX-209A849E.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.EBD36A217D9230403ADE860D586EFCCC] - 31/01/2014 - 02:16:19 ---A- - C:\Windows\Prefetch\WPROTECTMANAGER.EXE-D98082CE.pf
O45 - LFCP:[MD5.EC45E0497527D62339511512A4AB14DA] - 31/01/2014 - 02:17:05 ---A- - C:\Windows\Prefetch\MGADB.EXE-281F1F6B.pf
O45 - LFCP:[MD5.469AF849DCB703A4AFFD43C141C9D081] - 31/01/2014 - 02:17:06 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-7EA50C05.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.8E4C1DB5207DAC911E96B20CD4482A14] - 31/01/2014 - 02:17:09 ---A- - C:\Windows\Prefetch\FEBUNDLE.EXE-A7E0778C.pf
O45 - LFCP:[MD5.BB68097D47631FB1DCFDF65311A74839] - 31/01/2014 - 02:17:10 ---A- - C:\Windows\Prefetch\FLASHENHANCERINSTALLER.EXE-9F9264FD.pf
O45 - LFCP:[MD5.1B6727A4543C254A8EDDD14CBF03261C] - 31/01/2014 - 02:17:57 ---A- - C:\Windows\Prefetch\LIGHTSPARK-0.5.3-WIN32.EXE-57EAC837.pf
O45 - LFCP:[MD5.ECAD13365B100DEFD7C3F5F0257D2089] - 31/01/2014 - 02:36:23 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf
O45 - LFCP:[MD5.CB460796605E9514310056803E5E3DC9] - 31/01/2014 - 02:40:51 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-8549B983.pf =>Adware.Lollipop
O45 - LFCP:[MD5.80CA28F42A72BE09B2136325CCEF0D2A] - 31/01/2014 - 02:41:36 ---A- - C:\Windows\Prefetch\OLD_MGASSIST.EXE-4249EAA1.pf
O45 - LFCP:[MD5.A1900661F585DCD686153BF04BC28E5B] - 31/01/2014 - 03:06:06 ---A- - C:\Windows\Prefetch\UPDATEMOBOGENIE.EXE-B1DE5CE4.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.B9DEEBB0C8356855BCE3EB3E3BCFEBD3] - 31/01/2014 - 03:06:23 ---A- - C:\Windows\Prefetch\DAEMONPROCESS.EXE-E4BDA2BB.pf
O45 - LFCP:[MD5.88A302BC9F59BFF36A8B71D07C2CAD8E] - 31/01/2014 - 03:08:49 ---A- - C:\Windows\Prefetch\PLUGINSERVICE.EXE-2E241DB1.pf
O45 - LFCP:[MD5.862DF7CD6EDE8A8ED4360020E1B9E0EB] - 31/01/2014 - 03:09:10 ---A- - C:\Windows\Prefetch\UNINST.EXE-AFC06609.pf
O45 - LFCP:[MD5.85958A8C2F6922FF45002C73868CD38B] - 31/01/2014 - 03:09:13 ---A- - C:\Windows\Prefetch\MGASSIST.EXE-D2ABF8B3.pf
O45 - LFCP:[MD5.BDE9955E09E1BFEB87F0734DD1902715] - 31/01/2014 - 03:10:12 ---A- - C:\Windows\Prefetch\AMISTORAGE.EXE-0E27F55F.pf
O45 - LFCP:[MD5.D4915D8AF5F3E9B3662449483B072A57] - 31/01/2014 - 03:10:46 ---A- - C:\Windows\Prefetch\INSTACT.EXE-A82BFCAC.pf
O45 - LFCP:[MD5.34BF285196A0FD08A3DA720C59AF3B5F] - 31/01/2014 - 03:10:58 ---A- - C:\Windows\Prefetch\XCOPY.EXE-85839ADD.pf
O45 - LFCP:[MD5.707845F84871B6AA67FCB8778DD705EF] - 31/01/2014 - 03:31:23 ---A- - C:\Windows\Prefetch\BRS.EXE-CF01349B.pf
O45 - LFCP:[MD5.45508BC6946DC772F0FF49392C227833] - 31/01/2014 - 03:31:23 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.804F6E74C3DF73F9DAB0C437247DAB85] - 31/01/2014 - 03:32:43 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.EA6939DFBBCC1A29ED8BA95B69B68545] - 31/01/2014 - 03:34:18 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.04947A77F6EBB351DDBEF3638A4DE8A4] - 31/01/2014 - 03:34:49 ---A- - C:\Windows\Prefetch\PfPre_76806de3.db
O45 - LFCP:[MD5.EFEB94CF0938CA73C47C9FD761151314] - 31/01/2014 - 12:03:31 ---A- - C:\Windows\Prefetch\WD DRIVE UNLOCK.EXE-6D36B2B3.pf
O45 - LFCP:[MD5.58F64571C1E42545802E84293405B6EE] - 31/01/2014 - 12:04:28 ---A- - C:\Windows\Prefetch\WGET.DAT-604A4BAD.pf
O45 - LFCP:[MD5.B2BB80AEABCE566B512F9D37486BE5C9] - 31/01/2014 - 12:04:32 ---A- - C:\Windows\Prefetch\JRT.EXE-5E066B41.pf
O45 - LFCP:[MD5.02B5A5AB64B77A6FA7C0D6FEC149E30D] - 31/01/2014 - 12:12:51 ---A- - C:\Windows\Prefetch\FC.EXE-A601B343.pf
O45 - LFCP:[MD5.E8D46BAEAA8D768F8FA3959693C12E02] - 31/01/2014 - 12:13:29 ---A- - C:\Windows\Prefetch\CUT.DAT-0D44B436.pf
O45 - LFCP:[MD5.1DE8FDFF6358374D76CF5992299EB915] - 31/01/2014 - 12:13:44 ---A- - C:\Windows\Prefetch\FIND.EXE-3298DC3B.pf
O45 - LFCP:[MD5.23FE87B871BBFB214298581D344BFFE4] - 31/01/2014 - 12:14:28 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-8C6CD1AE.pf
O45 - LFCP:[MD5.B746067403ABDF9FBF8DBD52935BDC97] - 31/01/2014 - 12:14:29 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-9D776983.pf
O45 - LFCP:[MD5.8311E32373C9F8770B5372805EEBFB87] - 31/01/2014 - 12:17:35 ---A- - C:\Windows\Prefetch\JPNIME.EXE-59D7407E.pf
~ Prefetcher: 304 Legitimates Filtered in 00mn 03s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{1877fd0c-691a-11e3-be71-6c71d98539e2}\AutoRun\command. (...) -- G:\WD Drive Unlock.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 11/01/2014 - 16:38:34 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 11/01/2014 - 16:38:34 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] - 02/08/2012 - 04:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 20 Legitimates Filtered in 00mn 03s
---\\ Last modified or created user files (O61)
O61 - LFC: 04/07/2015 - 12:22:41 ---A- . (...) -- C:\Users\lola\Documents\DS & GBA\Ds\Lola\Pokemon Mystery Dungeon - Explorers of Time (EU) (M5)\2433-Pokemon Mystery Dungeon - Explorers of Time (EU) (M5).nds [134217728]
O61 - LFC: 28/01/2014 - 12:21:53 ---A- . (...) -- C:\Users\lola\AppData\Local\Intel_Corporation\GfxUIEx.exe_Url_pid13cxzvy1ivbtinqdinsz1omfrwsew\8.15.10.3308\user.config [1913]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\bklg.npf [136968]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\cmt.npf [67]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\cpt.npf [18]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\date.npf [32]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\frames.npf [490348]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\script.npf [5794079]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\thum.npf [46682]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\tm.npf [21]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\val.npf [1008672]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER09.BIN [27099]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER09.HIS [568096]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER10.BIN [27239]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER10.HIS [573404]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER11.BIN [26823]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER11.HIS [527854]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-6a.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7a.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7b.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-9.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\pam03.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Desktop.lnk [434]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Downloads.lnk [879]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Images.lnk [715]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\RecentPlaces.lnk [383]
O61 - LFC: 28/01/2014 - 12:25:13 ---A- . (...) -- C:\Users\lola\Searches\winrt--{S-1-5-21-201074216-106343273-3953965673-1002}-.searchconnector-ms [852]
O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\MPC-HC\default.mpcpl [122]
O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\Microsoft\IME\15.0\IMEJP\UserDict\imjp15cu.dic [266240]
O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\Microsoft\IME\15.0\IMEJP\UserDict\imjp15cu.dic_bak [2]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER01.BIN [27050]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER01.HIS [364720]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER02.BIN [26766]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER02.HIS [175422]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER03.BIN [27042]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER03.HIS [177800]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-2.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector002.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector005.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector006.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector007.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector008.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector009.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector010.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector011.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector012.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector013.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector014a.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector014b.BIT [512]
O61 - LFC: 29/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\ONE PIECE 15th Anniversary BEST ALBUM\Tracklist.txt [1253]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\bklg.npf [148058]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\cmt.npf [47]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\cpt.npf [18]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\date.npf [32]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\frames.npf [385752]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\script.npf [5817312]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\tm.npf [21]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\val.npf [1012768]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\bklg.npf [151460]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\cmt.npf [66]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\cpt.npf [18]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\date.npf [32]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\frames.npf [484192]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\script.npf [5794113]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\tm.npf [21]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\val.npf [1137696]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\bklg.npf [150316]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\cmt.npf [66]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\cpt.npf [18]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\date.npf [32]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\frames.npf [486244]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\script.npf [5794113]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\tm.npf [21]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\val.npf [1112096]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\bklg.npf [150316]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\frames.npf [488296]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\script.npf [5794113]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\val.npf [1095712]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\common\cqst.npf [6472972]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\common\val.npf [1548320]
O61 - LFC: 30/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-1.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-10.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER04.BIN [27050]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER04.HIS [374816]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER05.BIN [27322]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER05.HIS [142146]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER07.BIN [27239]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER07.HIS [538250]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER12.BIN [27107]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER12.HIS [601576]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER13.BIN [27099]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER13.HIS [540038]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER16.BIN [26823]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER16.HIS [585672]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER31.BIN [26823]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER31.HIS [585672]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER99.BIN [27099]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER99.HIS [634890]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-11.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-12.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-4b.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-5b.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-6b.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7c.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-8.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector001.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector003.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector004.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\init.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\kurt02.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\kurt03.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\lorence02.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh001.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh002.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh003.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh004.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh005.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji001.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji002.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji003.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji004.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji005.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji006.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\pam02.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\rag.BIT [512]
O61 - LFC: 30/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\[HorribleSubs] Pupa - 04 [720p].mkv [57447617]
O61 - LFC: 30/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\[HorribleSubs] Pupa - 04 [720p].mkv.torrent [4637]
O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\.android\adbkey [1704]
O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\.android\adbkey.pub [716]
O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 31/01/2014 - 12:21:52 ---A- . (...) -- C:\Users\lola\AppData\Local\Google\Chrome\User Data\Local State [57875]
O61 - LFC: 31/01/2014 - 12:22:13 ---A- . (...) -- C:\Users\lola\AppData\Local\RegistryDR\RegistryDr.exe_Url_tjtb5njljispwd0rqytn4c5hyzoj12gk\2.4.7.0\user.config [319]
O61 - LFC: 31/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.cookie [3072] =>PUP.NextLive
O61 - LFC: 31/01/2014 - 12:22:32 ---A- . (...) -- C:\Users\lola\AppData\Roaming\sp_data.sys [73]
O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\AppData\Roaming\ZHP\Log.txt [16346] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\AppData\Roaming\ZHP\TestsZHPDiag.txt [2801] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\daemonprocess.txt [0]
O61 - LFC: 31/01/2014 - 12:23:39 ---A- . (...) -- C:\Users\lola\Documents\RegistryDr\log.txt [23302]
O61 - LFC: 31/01/2014 - 12:23:39 ---A- . (...) -- C:\Users\lola\Documents\RegistryDr\logerror.txt [807]
O61 - LFC: 31/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\current.his [0]
O61 - LFC: 31/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SYSTEM.BIN [8848]
O61 - LFC: 31/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\lorence03.BIT [512]
O61 - LFC: 31/01/2014 - 12:25:14 ---A- . (.Amônétízé Ltd.) -- C:\Users\lola\Videos\FlashPlayersetup__3873_i312099945_il155.exe [337960]
~ 27 Fichiers temporaires (Temporary files)
~ Files: 1633 Legitimates Filtered in 04mn 50s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\Keygen By SkyHunters.exe
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\SonyVegasPro Patch By SkyHunters.exe
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\Keygen By SkyHunters.exe
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\SonyVegasPro Patch By SkyHunters.exe
~ Files: Scanned in 00mn 48s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.CEF11352FC03684CEAD72CAA1B34057B] [SPRF][31/01/2014] (...) -- C:\Users\lola\AppData\Local\Temp\fEBundle.exe [16138021]
[MD5.AAA030DF2C7F689E7860DE127442EAC8] [SPRF][31/01/2014] (.Amônétízé Ltd - Installer.) -- C:\Users\lola\AppData\Local\Temp\FlashPlayersetup__3873_i312099945_il155.exe [337960]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\lola\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.A3EFBD847A81424CB9CFE36161E6DB47] [SPRF][31/01/2014] (...) -- C:\Users\lola\AppData\Roaming\sp_data.sys [73]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][31/01/2014] (...) -- C:\Users\lola\Desktop\adwcleaner.exe [1166132]
~ Files: 8 Legitimates Filtered in 00mn 01s
---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 09/10/2012 243728 | (CLKMSVC10_38F51D56) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 19/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 10/12/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 07/01/2014 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Auto 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Auto 25/01/2013 227456 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 11/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 31/10/2012 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 31/01/2014 493568 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 24/01/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 11s
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by lola at 31/01/2014 12:27:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by lola at 31/01/2014 12:27:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 11
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 3
[HKLM\Software\Google\Chrome\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd] =>Adware.FlashEnhancer^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NextLive =>PUP.NextLive^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd =>Adware.FlashEnhancer^
C:\Program Files (x86)\AmiExt =>Adware.FlashEnhancer^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\lola\AppData\Roaming\newnext.me =>PUP.NextLive^
[HKCU\Software\AmiExt] =>Adware.FlashEnhancer^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 236306 Items scanned in 00mn 47s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/40653881-adware-flashenhancer =>Adware.FlashEnhancer
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ MSI: 7 link(s) detected in 00mn 47s
~ 2968 Legitimates filtered by white list
End of the scan (732 lines in 09mn 38s)(4)
~ Launched by lola (31/01/2014 12:19:05)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.102 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
~ Windows Partial Key : J2KVT
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Free Antivirus v9.0.2011
Windows Defender W8
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Reader XI
Java 7 Update 51
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (85% free)
System Restore: Désactivé (Disabled)
System drive C: has 236 GB (63%) free of 372 GB
---\\ Connection to the system mode
~ Computer Name: P-CHAN
~ User Name: lola
~ All Users Names: UpdatusUser, lola, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\lola\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lola\AppData\Roaming\
~ %Desktop% : C:\Users\lola\Desktop\
~ %Favorites% : C:\Users\lola\Favorites\
~ %LocalAppData% : C:\Users\lola\AppData\Local\
~ %StartMenu% : C:\Users\lola\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 236 Go of 372 Go)
D: Hard drive, Flash drive, Thumb drive (Free 505 Go of 538 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 1 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/01/2014 - 15:45:35.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/17239
~ Mes musiques (My Musics) : 1/5404
~ Mes Videos (My Videos) : 1/14716
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/6383
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 46s
---\\ Process running
[MD5.C6D3BB61E24F66EB976C6CC55346B5F2] - (.ASUS - ASUS InstantOn.) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [1196416] [PID.3788]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.2248]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4496]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.4508]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.992]
[MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.1484]
[MD5.8C372DD07B681ADB379383342F4D1784] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.2628]
[MD5.4860117DA2E6E9B300144902629B09AC] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896] [PID.2468]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5420]
[MD5.7921D167440AF72DC11A3C4528132B12] - (.cyberlink - brs.) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78352] [PID.3992]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4616]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2432]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.5944]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.5828]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3164]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [cgbealecnakbhfoeeipcnoboempfkbjd] flash-Enhancer v.2.1 (Désactivé) =>Adware.FlashEnhancer
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Désactivé)
~ Google Browser: 21 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Les Sims™ 3 Animaux & Cie.lnk . (.Electronic Arts, Inc. - Sims 3Launcher Starter Application.) -- D:\Sims 3 animaux\Game\Bin\Sims3Launcher.exe
O4 - GS\Desktop [Public]: MuseScore.lnk . (...) -- C:\Program Files (x86)\MuseScore\bin\mscore.exe
O4 - GS\Desktop [Public]: Vegas Pro 11.0.lnk . (.Sony Creative Software Inc. - Vegas Pro.) -- C:\Program Files (x86)\Sony\Vegas Pro 11.0\vegas110.exe
O4 - GS\Desktop [Public]: Waves MAXXAudio.lnk . (...) -- C:\Program Files (x86)\Realtek\Audio\HDA\MaxxAudioControl64.exe (.not file.)
O4 - GS\Desktop [Public]: 咎狗の血.lnk . (.Nitro+ - 咎狗の血.) -- D:\Togainu no chi\咎狗の血\togainunochi.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Desktop [UpdatusUser]: SILVER CHAOS.lnk . (...) -- D:\silver chaos\VividColor\SilverChaos\MainSystem.exe
O4 - GS\QuickLaunch [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [lola]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [lola]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [lola]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lola\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [lola]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [lola]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [lola]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\lola\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [lola]: DMMd.lnk . (.☆翼の夢★舞の城☆聯盟 - www.otomedream.com.) -- D:\dmmd\DRAMAtical Murder\DMMd_crack_for_ver110.exe
O4 - GS\Desktop [lola]: DMMdREC.lnk . (.翼之梦舞之城联盟 - www.otomedream.com.) -- D:\dmmd reconnect\DRAMAtical Murder reconnect\DMMdrc_crack.exe
O4 - GS\Desktop [lola]: MPC-HC x64.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files\MPC-HC\mpc-hc64.exe
O4 - GS\Desktop [lola]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [lola]: SILVER CHAOS.lnk . (...) -- D:\silver chaos\VividColor\SilverChaos\MainSystem.exe
~ Global Startup: 69 Legitimates Filtered in 00mn 02s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS InstantKey] . (.ASUS - Ikey_start.) -- C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [BDRegion] . (.cyberlink - brs.) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\lola\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-201074216-106343273-3953965673-1002\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C1BB2F-4B82-455B-9F22-453F05736930}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D4C1BB2F-4B82-455B-9F22-453F05736930}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Asus WebStorage Windows Service (Asus WebStorage Windows Service) . (.No owner - Asus WebStorage Windows Service.) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: 19 Legitimates Filtered in 00mn 07s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [RegistryDr_Start] (...) -- C:\Program Files (x86)\Registry Dr\RegistryDr.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 07s
---\\ Software installed (O42)
O42 - Logiciel: The Wolf Among Us - (...) [HKLM][64Bits] -- Steam App 250320
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
O42 - Logiciel: 咎狗の血 - (...) [HKLM][64Bits] -- {F004C3DF-05BA-48AA-98E4-22A7F686AD1F}
~ Logic: 30 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AmiExt] =>Adware.FlashEnhancer
[HKCU\Software\RegistryDrLanguage]
[HKCU\Software\VividColor]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 272 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 31/01/2014 - 03:10:13 - [0] ----D C:\Program Files (x86)\AmiExt =>Adware.FlashEnhancer
O43 - CFD: 31/01/2014 - 03:10:59 - [0] ----D C:\Program Files (x86)\Registry Dr
O43 - CFD: 31/01/2014 - 03:09:45 - [0,489] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 31/01/2014 - 03:08:49 - [0] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 31/01/2014 - 02:16:08 - [0,471] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 31/01/2014 - 11:55:18 - [1,228] ----D C:\Users\lola\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 31/01/2014 - 02:16:58 - [1,224] ----D C:\Users\lola\AppData\Local\genienext
O43 - CFD: 28/01/2014 - 16:13:07 - [0] ----D C:\Users\lola\AppData\Local\PackageStaging
O43 - CFD: 31/01/2014 - 02:20:41 - [0] ----D C:\Users\lola\AppData\Local\RegistryDR
~ Program Folder: 167 Legitimates Filtered in 00mn 28s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D0C2AAA169EB4CC776367EE1FB353680] - 28/01/2014 - 15:23:45 ---A- . (...) -- C:\Windows\comsetup.log [1568]
O44 - LFC:[MD5.A68BF8C7348172E2563EAF6CFD270336] - 28/01/2014 - 15:34:00 ---A- . (...) -- C:\Windows\WindowsUpdate (1).log [2025011]
O44 - LFC:[MD5.312724D7BF502428A01F7AA7E3346A8B] - 28/01/2014 - 15:49:57 ---A- . (...) -- C:\Windows\System32\Drivers\RTWAVES30.dat [82944]
O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 28/01/2014 - 15:51:43 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3426956]
O44 - LFC:[MD5.788CB0D22F5924A29485140338999728] - 28/01/2014 - 15:59:51 ---A- . (...) -- C:\Windows\DtcInstall.log [4893]
O44 - LFC:[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - 28/01/2014 - 16:01:43 ---A- . (...) -- C:\Windows\diagerr.xml [15243]
O44 - LFC:[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - 28/01/2014 - 16:01:44 ---A- . (...) -- C:\Windows\diagwrn.xml [15243]
O44 - LFC:[MD5.5ADC743C4B4473A628194048A90C464F] - 31/01/2014 - 02:17:48 ---A- . (...) -- C:\extensions.ini [76]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 31/01/2014 - 02:17:48 ---A- . (...) -- C:\extensions.sqlite [0]
~ Files: 90 Legitimates Filtered in 00mn 42s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.68F4EF5806069E04C3307E48BD1F3D12] - 28/01/2014 - 15:54:34 ---A- - C:\Windows\Prefetch\WIMSERV.EXE-E72A31F3.pf
O45 - LFCP:[MD5.24A2091E06C2EB8FDE78F96475C8C5B9] - 28/01/2014 - 16:08:00 ---A- - C:\Windows\Prefetch\OOBELDR.EXE-FF0601A2.pf
O45 - LFCP:[MD5.F35A348B6D30CF536F595638F8C57F15] - 28/01/2014 - 16:10:02 ---A- - C:\Windows\Prefetch\SETUPHOST.EXE-DAD1C30D.pf
O45 - LFCP:[MD5.743634703B28EE19A072558751B8D470] - 28/01/2014 - 16:10:07 ---A- - C:\Windows\Prefetch\SETUPPLATFORM.EXE-3A7405C0.pf
O45 - LFCP:[MD5.EB3F811A758D62C821BC2AED22B35D0F] - 28/01/2014 - 16:11:37 ---A- - C:\Windows\Prefetch\GENVALOBJ.EXE-034E3E42.pf
O45 - LFCP:[MD5.A831DC7804F7909401F5A3802AA27842] - 28/01/2014 - 16:21:53 ---A- - C:\Windows\Prefetch\GFXUIEX.EXE-9CA5FF42.pf
O45 - LFCP:[MD5.6BD9D0147EDE6278C0FD1763E6C7FCAD] - 29/01/2014 - 00:15:13 ---A- - C:\Windows\Prefetch\IMJPDCT.EXE-1C328E85.pf
O45 - LFCP:[MD5.E55D5CC064F58E678C7072D847F5D07C] - 29/01/2014 - 00:15:16 ---A- - C:\Windows\Prefetch\IMEBROKER.EXE-09F9CB44.pf
O45 - LFCP:[MD5.113F8FE5FEF62EA0FAF72658002C9581] - 29/01/2014 - 00:17:31 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf
O45 - LFCP:[MD5.6DED5F484DEE0CC255847EA80D6D886E] - 29/01/2014 - 00:18:06 ---A- - C:\Windows\Prefetch\BULKOPERATIONHOST.EXE-1D031CC3.pf
O45 - LFCP:[MD5.8C04627FA94846C008BF5D4C71CB987B] - 29/01/2014 - 17:17:23 ---A- - C:\Windows\Prefetch\MPC-HC64.EXE-C13A3A72.pf
O45 - LFCP:[MD5.D5A2B4944D7336CCF1764AD5FCE50545] - 29/01/2014 - 17:57:28 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-1D400121.pf
O45 - LFCP:[MD5.2CA7448FD22782FC074EB1225371B894] - 29/01/2014 - 22:47:41 ---A- - C:\Windows\Prefetch\DYNAMICLINKMEDIASERVER.EXE-53CA87A1.pf
O45 - LFCP:[MD5.F6C919AAB8831F2D76A6964D4185A3D4] - 30/01/2014 - 02:21:50 ---A- - C:\Windows\Prefetch\DMMDRC_CRACK.EXE-53A33BC6.pf
O45 - LFCP:[MD5.03664D7C4778A0C71F060D97E9FAC337] - 30/01/2014 - 17:58:05 ---A- - C:\Windows\Prefetch\MAINSYSTEM.EXE-2A18E96C.pf
O45 - LFCP:[MD5.549568A0B6F330ED1A60BAF62A5F7BBC] - 31/01/2014 - 01:54:56 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-41AF7861.pf =>P2P.BitTorrent
O45 - LFCP:[MD5.07F8C753A451A0CF4679B3AB40A9C323] - 31/01/2014 - 02:14:43 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER_UNI.EXE-08D9B947.pf =>Adware.Lollipop
O45 - LFCP:[MD5.CF26EDA25C7925E7EACC851BD53D32A7] - 31/01/2014 - 02:14:59 ---A- - C:\Windows\Prefetch\REGISTRYDRSETUP_S.EXE-6BE10E85.pf
O45 - LFCP:[MD5.6807162AB4E2AC71052AA913A3A9FFFD] - 31/01/2014 - 02:15:37 ---A- - C:\Windows\Prefetch\REGISTRYDR.EXE-B5AA38A1.pf
O45 - LFCP:[MD5.443C6E30ED3E820AEE32C03C565BA8F8] - 31/01/2014 - 02:15:38 ---A- - C:\Windows\Prefetch\AMT_AWESOMEHP.EXE-5CEAE2A5.pf =>PUP.Awesomehp
O45 - LFCP:[MD5.841F3D835B9DD7B2F5E6DD1BBFFB8763] - 31/01/2014 - 02:16:03 ---A- - C:\Windows\Prefetch\WPM.EXE-8C096E31.pf =>PUP.WpManager
O45 - LFCP:[MD5.D85D57E7A8D1775B1BD42E9EFE7BFF66] - 31/01/2014 - 02:16:10 ---A- - C:\Windows\Prefetch\BHOENABLER.EXE-8A9E3100.pf
O45 - LFCP:[MD5.4EC8770F711D78F1281D423F6DF5323E] - 31/01/2014 - 02:16:11 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-E58B8870.pf
O45 - LFCP:[MD5.EF3EB3908F99BDCC8F93446056C9AB51] - 31/01/2014 - 02:16:13 ---A- - C:\Windows\Prefetch\MOBOGENIE_SETUP_2.1.37_506.EX-209A849E.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.EBD36A217D9230403ADE860D586EFCCC] - 31/01/2014 - 02:16:19 ---A- - C:\Windows\Prefetch\WPROTECTMANAGER.EXE-D98082CE.pf
O45 - LFCP:[MD5.EC45E0497527D62339511512A4AB14DA] - 31/01/2014 - 02:17:05 ---A- - C:\Windows\Prefetch\MGADB.EXE-281F1F6B.pf
O45 - LFCP:[MD5.469AF849DCB703A4AFFD43C141C9D081] - 31/01/2014 - 02:17:06 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-7EA50C05.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.8E4C1DB5207DAC911E96B20CD4482A14] - 31/01/2014 - 02:17:09 ---A- - C:\Windows\Prefetch\FEBUNDLE.EXE-A7E0778C.pf
O45 - LFCP:[MD5.BB68097D47631FB1DCFDF65311A74839] - 31/01/2014 - 02:17:10 ---A- - C:\Windows\Prefetch\FLASHENHANCERINSTALLER.EXE-9F9264FD.pf
O45 - LFCP:[MD5.1B6727A4543C254A8EDDD14CBF03261C] - 31/01/2014 - 02:17:57 ---A- - C:\Windows\Prefetch\LIGHTSPARK-0.5.3-WIN32.EXE-57EAC837.pf
O45 - LFCP:[MD5.ECAD13365B100DEFD7C3F5F0257D2089] - 31/01/2014 - 02:36:23 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf
O45 - LFCP:[MD5.CB460796605E9514310056803E5E3DC9] - 31/01/2014 - 02:40:51 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-8549B983.pf =>Adware.Lollipop
O45 - LFCP:[MD5.80CA28F42A72BE09B2136325CCEF0D2A] - 31/01/2014 - 02:41:36 ---A- - C:\Windows\Prefetch\OLD_MGASSIST.EXE-4249EAA1.pf
O45 - LFCP:[MD5.A1900661F585DCD686153BF04BC28E5B] - 31/01/2014 - 03:06:06 ---A- - C:\Windows\Prefetch\UPDATEMOBOGENIE.EXE-B1DE5CE4.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.B9DEEBB0C8356855BCE3EB3E3BCFEBD3] - 31/01/2014 - 03:06:23 ---A- - C:\Windows\Prefetch\DAEMONPROCESS.EXE-E4BDA2BB.pf
O45 - LFCP:[MD5.88A302BC9F59BFF36A8B71D07C2CAD8E] - 31/01/2014 - 03:08:49 ---A- - C:\Windows\Prefetch\PLUGINSERVICE.EXE-2E241DB1.pf
O45 - LFCP:[MD5.862DF7CD6EDE8A8ED4360020E1B9E0EB] - 31/01/2014 - 03:09:10 ---A- - C:\Windows\Prefetch\UNINST.EXE-AFC06609.pf
O45 - LFCP:[MD5.85958A8C2F6922FF45002C73868CD38B] - 31/01/2014 - 03:09:13 ---A- - C:\Windows\Prefetch\MGASSIST.EXE-D2ABF8B3.pf
O45 - LFCP:[MD5.BDE9955E09E1BFEB87F0734DD1902715] - 31/01/2014 - 03:10:12 ---A- - C:\Windows\Prefetch\AMISTORAGE.EXE-0E27F55F.pf
O45 - LFCP:[MD5.D4915D8AF5F3E9B3662449483B072A57] - 31/01/2014 - 03:10:46 ---A- - C:\Windows\Prefetch\INSTACT.EXE-A82BFCAC.pf
O45 - LFCP:[MD5.34BF285196A0FD08A3DA720C59AF3B5F] - 31/01/2014 - 03:10:58 ---A- - C:\Windows\Prefetch\XCOPY.EXE-85839ADD.pf
O45 - LFCP:[MD5.707845F84871B6AA67FCB8778DD705EF] - 31/01/2014 - 03:31:23 ---A- - C:\Windows\Prefetch\BRS.EXE-CF01349B.pf
O45 - LFCP:[MD5.45508BC6946DC772F0FF49392C227833] - 31/01/2014 - 03:31:23 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.804F6E74C3DF73F9DAB0C437247DAB85] - 31/01/2014 - 03:32:43 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.EA6939DFBBCC1A29ED8BA95B69B68545] - 31/01/2014 - 03:34:18 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.04947A77F6EBB351DDBEF3638A4DE8A4] - 31/01/2014 - 03:34:49 ---A- - C:\Windows\Prefetch\PfPre_76806de3.db
O45 - LFCP:[MD5.EFEB94CF0938CA73C47C9FD761151314] - 31/01/2014 - 12:03:31 ---A- - C:\Windows\Prefetch\WD DRIVE UNLOCK.EXE-6D36B2B3.pf
O45 - LFCP:[MD5.58F64571C1E42545802E84293405B6EE] - 31/01/2014 - 12:04:28 ---A- - C:\Windows\Prefetch\WGET.DAT-604A4BAD.pf
O45 - LFCP:[MD5.B2BB80AEABCE566B512F9D37486BE5C9] - 31/01/2014 - 12:04:32 ---A- - C:\Windows\Prefetch\JRT.EXE-5E066B41.pf
O45 - LFCP:[MD5.02B5A5AB64B77A6FA7C0D6FEC149E30D] - 31/01/2014 - 12:12:51 ---A- - C:\Windows\Prefetch\FC.EXE-A601B343.pf
O45 - LFCP:[MD5.E8D46BAEAA8D768F8FA3959693C12E02] - 31/01/2014 - 12:13:29 ---A- - C:\Windows\Prefetch\CUT.DAT-0D44B436.pf
O45 - LFCP:[MD5.1DE8FDFF6358374D76CF5992299EB915] - 31/01/2014 - 12:13:44 ---A- - C:\Windows\Prefetch\FIND.EXE-3298DC3B.pf
O45 - LFCP:[MD5.23FE87B871BBFB214298581D344BFFE4] - 31/01/2014 - 12:14:28 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-8C6CD1AE.pf
O45 - LFCP:[MD5.B746067403ABDF9FBF8DBD52935BDC97] - 31/01/2014 - 12:14:29 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-9D776983.pf
O45 - LFCP:[MD5.8311E32373C9F8770B5372805EEBFB87] - 31/01/2014 - 12:17:35 ---A- - C:\Windows\Prefetch\JPNIME.EXE-59D7407E.pf
~ Prefetcher: 304 Legitimates Filtered in 00mn 03s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{1877fd0c-691a-11e3-be71-6c71d98539e2}\AutoRun\command. (...) -- G:\WD Drive Unlock.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 11/01/2014 - 16:38:34 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 11/01/2014 - 16:38:34 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] - 02/08/2012 - 04:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 20 Legitimates Filtered in 00mn 03s
---\\ Last modified or created user files (O61)
O61 - LFC: 04/07/2015 - 12:22:41 ---A- . (...) -- C:\Users\lola\Documents\DS & GBA\Ds\Lola\Pokemon Mystery Dungeon - Explorers of Time (EU) (M5)\2433-Pokemon Mystery Dungeon - Explorers of Time (EU) (M5).nds [134217728]
O61 - LFC: 28/01/2014 - 12:21:53 ---A- . (...) -- C:\Users\lola\AppData\Local\Intel_Corporation\GfxUIEx.exe_Url_pid13cxzvy1ivbtinqdinsz1omfrwsew\8.15.10.3308\user.config [1913]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\bklg.npf [136968]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\cmt.npf [67]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\cpt.npf [18]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\date.npf [32]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\frames.npf [490348]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\script.npf [5794079]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\thum.npf [46682]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\tm.npf [21]
O61 - LFC: 28/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0073\val.npf [1008672]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER09.BIN [27099]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER09.HIS [568096]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER10.BIN [27239]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER10.HIS [573404]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER11.BIN [26823]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER11.HIS [527854]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-6a.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7a.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7b.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-9.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\pam03.BIT [512]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Desktop.lnk [434]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Downloads.lnk [879]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\Images.lnk [715]
O61 - LFC: 28/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Links\RecentPlaces.lnk [383]
O61 - LFC: 28/01/2014 - 12:25:13 ---A- . (...) -- C:\Users\lola\Searches\winrt--{S-1-5-21-201074216-106343273-3953965673-1002}-.searchconnector-ms [852]
O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\MPC-HC\default.mpcpl [122]
O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\Microsoft\IME\15.0\IMEJP\UserDict\imjp15cu.dic [266240]
O61 - LFC: 29/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\Microsoft\IME\15.0\IMEJP\UserDict\imjp15cu.dic_bak [2]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER01.BIN [27050]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER01.HIS [364720]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER02.BIN [26766]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER02.HIS [175422]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER03.BIN [27042]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER03.HIS [177800]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-2.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector002.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector005.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector006.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector007.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector008.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector009.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector010.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector011.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector012.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector013.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector014a.BIT [512]
O61 - LFC: 29/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector014b.BIT [512]
O61 - LFC: 29/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\ONE PIECE 15th Anniversary BEST ALBUM\Tracklist.txt [1253]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\bklg.npf [148058]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\cmt.npf [47]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\cpt.npf [18]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\date.npf [32]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\frames.npf [385752]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\script.npf [5817312]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\tm.npf [21]
O61 - LFC: 30/01/2014 - 12:22:29 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0023\val.npf [1012768]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\bklg.npf [151460]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\cmt.npf [66]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\cpt.npf [18]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\date.npf [32]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\frames.npf [484192]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\script.npf [5794113]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\tm.npf [21]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0074\val.npf [1137696]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\bklg.npf [150316]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\cmt.npf [66]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\cpt.npf [18]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\date.npf [32]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\frames.npf [486244]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\script.npf [5794113]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\tm.npf [21]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\0075\val.npf [1112096]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\bklg.npf [150316]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\frames.npf [488296]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\script.npf [5794113]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\thum.npf [46682]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\9999\val.npf [1095712]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\common\cqst.npf [6472972]
O61 - LFC: 30/01/2014 - 12:22:30 ---A- . (...) -- C:\Users\lola\AppData\Roaming\NitroplusCHiRAL\DRAMAtical Murder reconnect\1.00\common\val.npf [1548320]
O61 - LFC: 30/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-1.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-10.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER04.BIN [27050]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER04.HIS [374816]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER05.BIN [27322]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER05.HIS [142146]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER07.BIN [27239]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER07.HIS [538250]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER12.BIN [27107]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER12.HIS [601576]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER13.BIN [27099]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER13.HIS [540038]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER16.BIN [26823]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER16.HIS [585672]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER31.BIN [26823]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER31.HIS [585672]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER99.BIN [27099]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SILVER99.HIS [634890]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-11.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-12.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-4b.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-5b.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-6b.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-7c.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\base-8.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector001.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector003.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\hector004.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\init.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\kurt02.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\kurt03.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\lorence02.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh001.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh002.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh003.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh004.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\maoh005.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji001.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji002.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji003.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji004.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji005.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\ouji006.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\pam02.BIT [512]
O61 - LFC: 30/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\rag.BIT [512]
O61 - LFC: 30/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\[HorribleSubs] Pupa - 04 [720p].mkv [57447617]
O61 - LFC: 30/01/2014 - 12:26:40 ---A- . (...) -- C:\Users\lola\Videos\[HorribleSubs] Pupa - 04 [720p].mkv.torrent [4637]
O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\.android\adbkey [1704]
O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\.android\adbkey.pub [716]
O61 - LFC: 31/01/2014 - 12:21:50 ---A- . (...) -- C:\Users\lola\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 31/01/2014 - 12:21:52 ---A- . (...) -- C:\Users\lola\AppData\Local\Google\Chrome\User Data\Local State [57875]
O61 - LFC: 31/01/2014 - 12:22:13 ---A- . (...) -- C:\Users\lola\AppData\Local\RegistryDR\RegistryDr.exe_Url_tjtb5njljispwd0rqytn4c5hyzoj12gk\2.4.7.0\user.config [319]
O61 - LFC: 31/01/2014 - 12:22:25 ---A- . (...) -- C:\Users\lola\AppData\Roaming\newnext.me\nengine.cookie [3072] =>PUP.NextLive
O61 - LFC: 31/01/2014 - 12:22:32 ---A- . (...) -- C:\Users\lola\AppData\Roaming\sp_data.sys [73]
O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\AppData\Roaming\ZHP\Log.txt [16346] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\AppData\Roaming\ZHP\TestsZHPDiag.txt [2801] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 12:22:33 ---A- . (...) -- C:\Users\lola\daemonprocess.txt [0]
O61 - LFC: 31/01/2014 - 12:23:39 ---A- . (...) -- C:\Users\lola\Documents\RegistryDr\log.txt [23302]
O61 - LFC: 31/01/2014 - 12:23:39 ---A- . (...) -- C:\Users\lola\Documents\RegistryDr\logerror.txt [807]
O61 - LFC: 31/01/2014 - 12:23:41 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\current.his [0]
O61 - LFC: 31/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\SYSTEM.BIN [8848]
O61 - LFC: 31/01/2014 - 12:23:42 ---A- . (...) -- C:\Users\lola\Documents\VividColor\SilverChaos\SAVE\lorence03.BIT [512]
O61 - LFC: 31/01/2014 - 12:25:14 ---A- . (.Amônétízé Ltd.) -- C:\Users\lola\Videos\FlashPlayersetup__3873_i312099945_il155.exe [337960]
~ 27 Fichiers temporaires (Temporary files)
~ Files: 1633 Legitimates Filtered in 04mn 50s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\Keygen By SkyHunters.exe
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\SonyVegasPro Patch By SkyHunters.exe
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\Keygen By SkyHunters.exe
C:\Users\lola\Videos\Logiciels à installer\Sony vegas pro 11 crack + keygen By Sky Hunters\Sony vegas pro 11 crack + keygen\SonyVegasPro Patch By SkyHunters.exe
~ Files: Scanned in 00mn 48s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.CEF11352FC03684CEAD72CAA1B34057B] [SPRF][31/01/2014] (...) -- C:\Users\lola\AppData\Local\Temp\fEBundle.exe [16138021]
[MD5.AAA030DF2C7F689E7860DE127442EAC8] [SPRF][31/01/2014] (.Amônétízé Ltd - Installer.) -- C:\Users\lola\AppData\Local\Temp\FlashPlayersetup__3873_i312099945_il155.exe [337960]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\lola\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.A3EFBD847A81424CB9CFE36161E6DB47] [SPRF][31/01/2014] (...) -- C:\Users\lola\AppData\Roaming\sp_data.sys [73]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][31/01/2014] (...) -- C:\Users\lola\Desktop\adwcleaner.exe [1166132]
~ Files: 8 Legitimates Filtered in 00mn 01s
---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 09/10/2012 243728 | (CLKMSVC10_38F51D56) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 19/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 10/12/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 07/01/2014 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Auto 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Auto 25/01/2013 227456 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 11/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 31/10/2012 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 31/01/2014 493568 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 24/01/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 11s
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by lola at 31/01/2014 12:27:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by lola at 31/01/2014 12:27:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 11
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 3
[HKLM\Software\Google\Chrome\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd] =>Adware.FlashEnhancer^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NextLive =>PUP.NextLive^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd =>Adware.FlashEnhancer^
C:\Program Files (x86)\AmiExt =>Adware.FlashEnhancer^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\lola\AppData\Roaming\newnext.me =>PUP.NextLive^
[HKCU\Software\AmiExt] =>Adware.FlashEnhancer^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 236306 Items scanned in 00mn 47s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/40653881-adware-flashenhancer =>Adware.FlashEnhancer
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ MSI: 7 link(s) detected in 00mn 47s
~ 2968 Legitimates filtered by white list
End of the scan (732 lines in 09mn 38s)(4)