~ Report of ZHPDiag v2015.6.16.57 - Nicolas Coolman (16/06/2015) ~ Launched by Piero (18/06/2015 23:24:42) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://www.forum.nicolascoolman.fr ~ Translated by ~ Version State : Updated version. ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v10.0.9200.16384 MFIE: Mozilla Firefox 38.0.5 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows Server License Manager Script : OK ~ Windows(R) Operating System, VOLUME_KMSCLIENT channel ~ Windows Partial Key : J8CK4 Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 8 Pro, 64-bit (Build 9200) ---\\ System protection software Windows Defender W8 (Activate) ---\\ System optimization software CCleaner version 3.24.1850 v3.24.1850 ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 17 NPAPI ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (66% free) System Restore: Activé (Enable) System drive C: has 6 GB (7%) free of 74 GB ---\\ Connection to the system mode ~ Computer Name: DAKIAU ~ User Name: Piero ~ All Users Names: Piero, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Piero\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Piero\AppData\Roaming\ ~ %Desktop% : C:\Users\Piero\Desktop\ ~ %Favorites% : C:\Users\Piero\Favorites\ ~ %LocalAppData% : C:\Users\Piero\AppData\Local\ ~ %StartMenu% : C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 6 Go of 74 Go) D: Hard drive, Flash drive, Thumb drive (Free 127 Go of 1863 Go) E: CD-ROM drive (Not Inserted) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Not Inserted) H: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center ~ Security Center: 48 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.928791755FDDEA721B053535EF84FA17] - (.Microsoft Corporation - Explorateur Windows.) (.26/07/2012 - 05:49:13.) -- C:\Windows\Explorer.exe [2380440] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.3DA7E6053DB9BE3EADC70CE20B1FB92B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2012 - 04:07:56.) -- C:\Windows\System32\wininet.dll [2246656] [MD5.93AB226C07A9789B2EC7B41F73602F76] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Winlogon.exe [516608] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.9E975BDC89C83900B2C534C4E1B018F8] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\AFD.sys [561152] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.8D6810577E9C4F56DCB8E9BACAC7287B] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.26/07/2012 - 03:27:36.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.1EEAA5A62E8C49DDF58798F06F78BFFA] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.26/07/2012 - 03:23:25.) -- C:\Windows\system32\Drivers\MRxSmb.sys [368128] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.4A7EEA9C4AD5CBFDA3C0E5B821C99CAD] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.26/07/2012 - 06:26:46.) -- C:\Windows\system32\Drivers\ntfs.sys [1934064] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes musiques (My Musics) : 1/7 ~ Mes Documents (My Documents) : 1/391 ~ Mon Bureau (My Desktop) : 2/7 ~ Menu demarrer (Programs) : 1/74 ~ Hidden Files: Scanned in 00mn 00s ---\\ Process running [MD5.D9133D4157664B1E2ACFC2CD56CCB599] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704] [PID.4536] [MD5.8DACA62F3E15E45EBAF7AE51A609CBC1] - (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Jeux\Steam\Steam.exe [2892992] [PID.3352] [MD5.D471F27FE3414238839979D4203143B3] - (.Valve Corporation - Steam Client WebHelper.) -- D:\Jeux\Steam\bin\steamwebhelper.exe [1853632] [PID.1164] [MD5.99208051F3BDDC922D1E7C19EEBCF2EE] - (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- D:\Outils\TS3\ts3client_win32.exe [9238472] [PID.1884] [MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.4552] [MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- D:\Outils\ZHPDiag\ZHPDiag.exe [8218112] [PID.1396] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Piero\AppData\Roaming\Mozilla\Firefox\Profiles\ovumqavr.default\prefs.js M2 - MFEP: Extension [Piero - ovumqavr.default] firefox@ghostery.com.xpi M2 - MFEP: Extension [Piero - ovumqavr.default] firefox@mega.co.nz.xpi M2 - MFEP: Extension [Piero - ovumqavr.default] vk@sergeykolosov.mp.xpi P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml ~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>; =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (0) ~ Hosts File: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com =>PUP.StartSearch O4 - GS\QuickLaunch [Piero]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Piero\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\QuickLaunch [Piero]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch O4 - GS\TaskBar [Piero]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com =>PUP.StartSearch O4 - GS\Program [Piero]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch ~ Global Startup: 5 Legitimates Filtered in 00mn 04s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Piero\AppData\Local\Akamai\netsession_win.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- D:\Outils\Itunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKUS\S-1-5-21-4224272549-603812098-105001489-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-4224272549-603812098-105001489-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Piero\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-4224272549-603812098-105001489-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 04s ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2C77CB-906C-440D-A988-67EFBE1A48F1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1D2C77CB-906C-440D-A988-67EFBE1A48F1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: IncrementFoobar (6e95159f) . (...) - c:\Program Files (x86)\IncrementFoobar\IncrementFoobar.dll (.not file.) O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) . (...) - D:\Jeux\SMITE\HiPatchService.exe (.not file.) ~ Services: 11 Legitimates Filtered in 00mn 05s ---\\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [{1D30705E-62B0-46F9-ADF2-B47E4E93A3CD}] (...) -- D:\Jeux\Final Fantasy XIII-2\FFXiii2Launcher.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{317C636B-3372-47EC-A61D-3594DAE249CC}] (...) -- D:\Telechargements\homeworld 2\autoplay.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{5FCF1437-7243-4EF8-8DFD-CEFBA67C860C}] (...) -- D:\Telechargements\Nouveau dossier\000000000000hum\Z000971\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{820219C2-D84F-4610-B577-DB67D15426B1}] (...) -- D:\Jeux\ZION\生イキJKが語る痴漢電車\SiglusEngine.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B3D8B203-0D3F-4967-9E79-5E81DCF50FB6}] (...) -- D:\Telechargements\homeworld 2\HW2_Setup.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] ~ Scheduled Task: 8 Legitimates Filtered in 00mn 02s ---\\ Software installed (O42) O42 - Logiciel: DS_05 - (...) [HKCU][64Bits] -- DS_05 O42 - Logiciel: Dungeon Keeper 2 - (...) [HKLM][64Bits] -- Dungeon Keeper II O42 - Logiciel: Gamma Control 2 - (.DesktopNerds.) [HKLM][64Bits] -- {292F51DF-B284-448D-8157-742D34EFB6FF}_is1 O42 - Logiciel: H1Z1 - (.Daybreak Games.) [HKLM][64Bits] -- Steam App 295110 O42 - Logiciel: MechWarrior Online - (.Piranha Games Inc..) [HKLM][64Bits] -- {1B2EC53E-FB7C-40E7-A4E8-504171771FC0} O42 - Logiciel: MechWarrior Online - (.Piranha Games Inc..) [HKLM][64Bits] -- {73bcb521-8936-42d7-ad00-ec2bb399e26c} O42 - Logiciel: Rust - (.Facepunch Studios.) [HKLM][64Bits] -- Steam App 252490 O42 - Logiciel: School Mate 2 - (.randompirate.) [HKLM][64Bits] -- {BC980840-FC67-4027-9055-251136406614}_is1 O42 - Logiciel: TheSameGrade - (.UNKNOWN.) [HKLM][64Bits] -- {4B512765-F4BF-FE9A-6856-47D8E71B1DCD} O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57-4638-A8D1-1D88671913B7} O42 - Logiciel: おゆうぎ - (.UNKNOWN.) [HKLM][64Bits] -- Oyuugi O42 - Logiciel: おゆうぎ - (.UNKNOWN.) [HKLM][64Bits] -- {13C2FAA8-6EFE-9C86-9F87-A0F51F01369B} O42 - Logiciel: わがままついんえんじぇるず - (...) [HKLM][64Bits] -- {9CC43A11-E831-4B47-AFDE-0EC211436457} O42 - Logiciel: リアルタイム3D”ニャンニャン” - (.惰眠ズ.) [HKCU][64Bits] -- 6073d95ee00f1f58 ~ Logic: 34 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Akella] [HKCU\Software\Clubic] [HKCU\Software\DefaultCompany] [HKCU\Software\InsGames] [HKCU\Software\MS] [HKCU\Software\MadelineColony] [HKCU\Software\Miconisomi] [HKCU\Software\Net Games Lab] [HKCU\Software\Piranha Games] [HKCU\Software\Rain] [HKCU\Software\Smartly Dressed Games] [HKCU\Software\Spiderling Games] [HKCU\Software\TOFU SOFT] [HKCU\Software\TenSun] [HKCU\Software\U+MePLUS] [HKCU\Software\UMMB/LIMITCYCLE] [HKCU\Software\Vostok Games] [HKCU\Software\Xaviant] [HKCU\Software\Zero Sum Games] [HKCU\Software\illusion] [HKCU\Software\inXile] [HKCU\Software\sol-fa-soft] [HKCU\Software\tensun3d] [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Matrix Games] [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab [HKLM\Software\Wow6432Node\Vostok Games] [HKLM\Software\Wow6432Node\WendyBell] [HKLM\Software\Wow6432Node\ZION] ~ Key Software: 359 Legitimates Filtered in 00mn 01s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 13/05/2015 - 09:53:10 - [] ----D C:\Program Files (x86)\Illusion Registry Fixer O43 - CFD: 24/04/2015 - 22:21:47 - [] ----D C:\Program Files (x86)\SaileoPlUUs =>PUP.SalePlus O43 - CFD: 18/06/2015 - 19:08:29 - [] ----D C:\ProgramData\boost_interprocess O43 - CFD: 06/06/2014 - 22:11:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) O43 - CFD: 28/05/2014 - 15:32:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akella O43 - CFD: 08/06/2014 - 07:07:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Domain O43 - CFD: 15/06/2014 - 19:38:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chucklefish LTD O43 - CFD: 06/06/2014 - 22:05:47 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudbuilt O43 - CFD: 06/06/2014 - 21:34:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Exam O43 - CFD: 08/02/2015 - 22:18:47 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier O43 - CFD: 04/09/2014 - 14:59:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph O43 - CFD: 03/02/2015 - 12:12:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Goo O43 - CFD: 17/02/2014 - 18:30:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon O43 - CFD: 09/06/2014 - 01:03:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\How To Survive O43 - CFD: 23/05/2015 - 18:29:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION O43 - CFD: 28/05/2014 - 17:36:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer is Dead O43 - CFD: 20/03/2015 - 17:27:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lichdom Battlemage O43 - CFD: 22/05/2015 - 22:16:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGI O43 - CFD: 15/05/2015 - 00:44:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peaky O43 - CFD: 27/06/2014 - 09:54:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Piranha Games O43 - CFD: 24/06/2014 - 19:47:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Space Run O43 - CFD: 19/06/2014 - 18:43:47 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarDrive O43 - CFD: 02/05/2015 - 18:27:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarDrive 2 O43 - CFD: 19/06/2014 - 18:35:43 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strike Suit Zero Directors Cut O43 - CFD: 08/06/2014 - 07:04:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strike Vector O43 - CFD: 27/01/2015 - 03:20:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survarium O43 - CFD: 26/07/2012 - 12:11:33 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 25/05/2015 - 03:32:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VALKYRIA O43 - CFD: 02/02/2015 - 18:21:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wasteland 2 O43 - CFD: 06/06/2014 - 21:48:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAIBA Ninja Gaiden Z O43 - CFD: 23/05/2015 - 03:48:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\れんたる彼女 ユイ編 O43 - CFD: 15/05/2015 - 11:28:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\極フェロ O43 - CFD: 15/05/2015 - 00:51:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\萌雛 O43 - CFD: 29/05/2014 - 13:57:02 - [] ----D C:\Users\Piero\AppData\Roaming\Code Force Limited O43 - CFD: 26/05/2015 - 12:47:01 - [] ----D C:\Users\Piero\AppData\Roaming\KOBASOFT O43 - CFD: 22/05/2015 - 22:22:40 - [] ----D C:\Users\Piero\AppData\Roaming\MAGI O43 - CFD: 25/05/2015 - 01:58:54 - [] ----D C:\Users\Piero\AppData\Roaming\Oyuugi O43 - CFD: 18/06/2014 - 04:03:41 - [] ----D C:\Users\Piero\AppData\Roaming\Proxy Studios O43 - CFD: 04/06/2014 - 23:59:50 - [] ----D C:\Users\Piero\AppData\Roaming\Reg O43 - CFD: 24/05/2015 - 02:37:28 - [] ----D C:\Users\Piero\AppData\Roaming\sol-fa-soft O43 - CFD: 25/05/2015 - 23:36:47 - [] ----D C:\Users\Piero\AppData\Roaming\TheSameGrade O43 - CFD: 10/06/2014 - 22:49:35 - [] ----D C:\Users\Piero\AppData\Roaming\WizardWars O43 - CFD: 13/02/2014 - 19:58:59 - [] ----D C:\Users\Piero\AppData\Local\Uber Entertainment O43 - CFD: 08/06/2014 - 07:25:43 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antisquad 1.0 O43 - CFD: 29/08/2014 - 12:19:02 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcheAge Tools Dev Team O43 - CFD: 23/05/2015 - 23:11:09 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DS_05 O43 - CFD: 22/05/2015 - 22:16:34 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAGI O43 - CFD: 14/05/2015 - 10:02:32 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nakadashi Banzai O43 - CFD: 28/05/2015 - 04:49:26 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VALKYRIA O43 - CFD: 14/05/2015 - 01:00:22 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WendyBell O43 - CFD: 23/05/2015 - 01:50:03 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\小影の伝説 O43 - CFD: 26/05/2015 - 15:22:13 - [] ----D C:\Users\Piero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\惰眠ズ ~ Program Folder: 295 Legitimates Filtered in 00mn 01s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.8AC1617AB2D28FEB6AA7A99CD519E507] - 18/06/2015 - 18:08:07 ---A- . (...) -- C:\Windows\System32\nvcompiler.dll [42719888] O44 - LFC:[MD5.B887A34F4D7F6BC0446A397DF2088B77] - 18/06/2015 - 18:08:07 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [30966] O44 - LFC:[MD5.1DAA514FDC61ABF63AC7EBA3C2D1095C] - 18/06/2015 - 18:09:51 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [4408727] ~ Files: 157 Legitimates Filtered in 00mn 08s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:17/05/2013 - 10:13:26 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [17280] O58 - SDL:19/05/2013 - 08:02:50 ---A- . (.Scarlet.Crush Productions - Scp Virtual Bus Driver.) -- C:\Windows\System32\Drivers\ScpVBus.sys [39168] O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:17/05/2015 - 20:40:43 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [37624] O58 - SDL:10/06/2014 - 20:50:24 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:09/03/2005 - 20:50:16 ---A- . (...) -- C:\Windows\SysWOW64\drivers\libusb0.sys [33792] O58 - SDL:11/08/2014 - 14:26:23 ---A- . (...) -- C:\Windows\SysWOW64\drivers\TrueSight.sys [29160] ~ Drivers: 51 Legitimates Filtered in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{4103D562-61FE-41B0-8174-D5E75A82D2C0}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Piero\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{EDF8F75E-B96A-4ABF-BEF5-0019F08398C9}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Piero\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Legitimates Filtered in 00mn 15s ---\\ Random Export Key (REK) (O91) [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:0c230bcb="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:0dc3ee96="/P////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:0e93c3f3="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:1520c6f1="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:27ddcf6f="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:2d71d5ab="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:2e22d94e="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:340d3099="/P////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:3c09c42b="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:414bc593="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:48bd1aff="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:51d2f2ea="JlA3/YV/c/Au/Xh/KPAl/Xb/bxAy/XP/GPAf////" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:587b5709="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:6185d035="Vx/2/Cx/V//l////" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:65114b36="Vl/l////" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:72758a5d="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:7367429f="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:7f69fa1f="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:8b9e4cbc="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:a0743acc="N/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:a1dcff5b="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:a2e3b941="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:bbf88800="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:c5705860="Vx////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:c6c5dd44="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:c99a5f5c="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:d1abcdb6="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:e46c271e="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:f0bf0bde="///%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:f1f24e29="Vl/l/C/////%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:f2c53c49="UlAr/XJ/c//k////" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:f6ad6fa6="V/////%%" [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a\32978350097833245\eae10f9d]:fe94ce1e="V/////%%" ~ Export Key Software: Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 22/07/1658 0 | (6e95159f) . (...) - c:\Program Files (x86)\IncrementFoobar\IncrementFoobar.dll SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 22/07/1658 0 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe SS - | Auto 22/07/1658 0 | (HiPatchService) . (...) - D:\Jeux\SMITE\HiPatchService.exe SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 03/06/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 17/01/2015 762320 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe SS - | Auto 26/07/2012 30208 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 03/06/2015 1152656 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe SR - | Auto 30/03/2015 2490216 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe SR - | Auto 30/03/2015 417552 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 03/06/2015 1893008 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 03/06/2015 23007376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 28/05/2015 937288 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Demand 04/06/2015 837312 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 12s ---\\ Scan Additionnel (O88) Database Version : 13008 - (16/06/2015) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 2 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit C:\Program Files (x86)\SaileoPlUUs =>PUP.SalePlus^ [HKLM\Software\Wow6432Node\3c934385-86d6-5167-4f15-878e0a35b99a] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^ ~ Additionnel Scan: 207054 Items scanned in 00mn 19s ---\\ Additional information about modules ~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ AMI: 2 Legitimates Filtered in 00mn 00s ---\\ Summary of the detections found on your workstation http://www.nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy http://www.nicolascoolman.fr/pup-startsearch =>PUP.StartSearch http://www.nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://www.nicolascoolman.fr/pup-suptab =>PUP.SupTab http://www.nicolascoolman.fr/blog/ =>PUP.SalePlus http://www.nicolascoolman.fr/pup-v9software =>PUP.V9Software http://www.nicolascoolman.fr/blog/ =>PUP.Conduit ~ MSI: 7 link(s) detected in 00mn 00s ---\\ Alert Messages WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool ~ 1002 Legitimates filtered by white list End of the scan (503 lines in 01mn 31s)(0.9)