Format du document : text/plain
Prévisualisation
~ ZHPDiag v2015.10.25.155 By Nicolas Coolman (2015/10/25)
~ Run by cp (Administrator) (2015/10/28 17:19:38)
~ Web: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\cp\Desktop\ZHPDiag.txt
~ Report: C:\Users\cp\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 8.1 Pro, 32-bit (Build 9600)
---\\ Internet Browsers (2) - 0s
GCIE: Google Chrome v46.0.2490.80
MSIE: Internet Explorer v11.0.9600.17031
---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
---\\ System protection software (2) - 5s
ESET Smart Security v5.0.95.0
Windows Defender (Deactivate)
---\\ System optimization software (1) - 6s
CCleaner v5.06
---\\ Surveillance software (2) - 6s
Adobe Flash Player 19 PPAPI
Adobe Reader 6.0 CE
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3315.592 MB (50% free)
~ System Restore: Activé (Enable)
~ System drive C: has 88 GB free of 145 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: DELL
~ User Name: cp
~ Logged in as Administrator
---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 88 GB free of 145 GB (System)
~ Drive D: has 105 GB free of 159 GB
---\\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
---\\ Search Generic System Files (24) - 1s
[MD5.91E24273FCA076EA9E65DAFA98901225] - (.Microsoft Corporation - مستكشف Windows.) () -- C:\Windows\Explorer.exe [2207488] ©
[MD5.BE1DAE43DFBCA94FB6B4157C1B16923E] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [49664] ©
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - تطبيق بدء تشغيل Windows.) () -- C:\Windows\System32\Wininit.exe [112640] ©
[MD5.F89C2BDB6E385ED6CA2AC0085BB6643A] - (.Microsoft Corporation - ملحقات الإنترنت لـ Win32.) () -- C:\Windows\System32\wininet.dll [1789440] ©
[MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) () -- C:\Windows\System32\Winlogon.exe [459264] ©
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - مكتبة تراخيص البرامج.) () -- C:\Windows\System32\sppcomapi.dll [438272] ©
[MD5.2B9EED6835D269F35B310DC03D0F5768] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\Windows\System32\dnsapi.dll [492544] ©
[MD5.E37F897ED7B5AFF79B1398258DB96BD9] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) () -- C:\Windows\System32\fr-FR\user32.dll.mui [19456] ©
[MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [461312] ©
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [23392] ©
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [73728] ©
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [124928] ©
[MD5.CD6A836DE4F4CC39D7BD8B19AEA93065] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [101376] ©
[MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [69632] ©
[MD5.7A708934CC652100A94944EC808C3916] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [83456] ©
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [126976] ©
[MD5.49EDA7967848465645E2D809384D0EBA] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [328704] ©
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [218624] ©
[MD5.9595B28CE24351C201A51A5019966862] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1679704] ©
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [81408] ©
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [81920] ©
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [143872] ©
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [87040] ©
[MD5.085918BF459BCB835CFC535BE7138539] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [265048] ©
---\\ Process running (33) - 3s
[MD5.64710E6C92C0D3893EDBDA84FBCD3188] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [212992] [PID.868] ©
[MD5.A996B2A3EE06DCAE4798D0A4542B8F45] - (...) -- C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe [20480] [PID.1692]
[MD5.01E0FC08C2ACEFC2E3B0E75B8016BE5C] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [518696] [PID.1732] ©
[MD5.C7BB95CF9631AA401E4ADED1648F6AF7] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944] [PID.1820] ©
[MD5.EC06329C063CEC96EEF1A57593D0141F] - (.Realtek Semiconductor Corporation - Realtek Bluetooth 4.0 Service Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\RtkBleServ.exe [30720] [PID.1968] ©
[MD5.150C1970816E7B0668F7459109A2AE23] - (.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe [966336] [PID.356] =>HackTool.KMSpico
[MD5.B214711806863B629B001948E5FB5420] - (.Baidu Inc. - spark.) -- C:\Program Files\baidu\Baidu Browser\sparkservice.exe [97080] [PID.620]
[MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.724] ©
[MD5.A72BB48D9014A7D7C05F02F595F52D60] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe [245576] [PID.2604] ©
[MD5.6D3DF793AFF79B47FF6DB51F5C43195A] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [626688] [PID.1780] ©
[MD5.3B822FF5FBDEFFFDFC92ECC526C77165] - (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\BTServer.exe [153088] [PID.2640] ©
[MD5.03EC8CDA9C65C5F6288C8685B2E2CA90] - (.Realtek Semiconductor Corporation - Realtek Bluetooth Plugin Helper Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\PluginHelper.exe [46592] [PID.4448] ©
[MD5.00A9DFC5EF873004F0851D3C234E4801] - (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe [3405168] [PID.5304] ©
[MD5.C3ED032AF1C30F92546A698CC7173605] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264] [PID.5800] ©
[MD5.2756739DBE5D471705581D87B0616676] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [658632] [PID.2424]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.5832] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4924] ©
[MD5.9B956EFD216FCF03B20C1646005E750E] - (.JustRemotePhone - CallCenter.) -- C:\Program Files\JustPhone\CallCenter\CallCenter.exe [830976] [PID.3072]
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5640] ©
[MD5.EE526B0428581B57FFC571FF57309E28] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [6369048] [PID.2272] ©
[MD5.B75F4DD04893B592A5301B24FB9B9025] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3532224] [PID.592] ©
[MD5.F5D58C7E65AA7462C643AB6B2433DE9A] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [752168] [PID.428] ©
[MD5.9759D9027E8CC1260967A1D7B22C82AE] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [1804840] [PID.5372] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5136] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.1436] ©
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [263600] [PID.2592] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.1568] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5884] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5300] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5436] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.3332] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5144] ©
[MD5.E39F4186EC180D23F1CE16C683253B99] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\cp\Downloads\Programs\ZHPDiag3.exe [1959936] [PID.3468] ©
---\\ Google Chrome, Start,Search,Extensions (14) - 0s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.search.ask.com/ =>Toolbar.Ask
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [boadgeojelhgndaghljhdicfkmllpafd] Google Cast
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [lkemddiljapcmhicklfpcbpfffahfbja] Web Navigation
G2 - GCE: Preference [User Data\Default] [mppnoffgpafgpgbaigljliadgbnhljfl] Ask Search
G2 - GCE: Preference [User Data\Default] [nafaimnnclfjfedmmabolbppcngeolgf] iLivid =>PUP.Optional.Bandoo
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ooiklbnjmhbcgemelgfhaeaocllobloj] Mosh
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 1s
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_19_0_0_226.dll ©
---\\ Internet Explorer Extensions, Start, Search (10) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
---\\ Internet Explorer, Proxy Management (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ©
---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Browser Helper Object (BHO) (7) - 0s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll ©
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 6.0 for Act.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll ©
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\OCHelper.dll ©
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll ©
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL ©
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL ©
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll ©
---\\ Auto loading programs from Registry and folders (17) - 1s
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe ©
O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe ©
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [BtServer] . (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\BTServer.exe ©
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe ©
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ©
O4 - HKCU\..\Run: [WebcamMaxAutoRun] . (.CoolwareMax - WebcamMax.) -- C:\Program Files\WebcamMax\WebcamMax.exe
O4 - HKCU\..\Run: [CallCenter JustPhone] . (.JustRemotePhone - CallCenter.) -- C:\Program Files\JustPhone\CallCenter\CallCenter.exe
O4 - HKCU\..\Run: [download.ninja] C:\Program Files\Ninja Download Manager\download.ninja.exe (.not file.)
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe ©
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe ©
O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ©
O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [WebcamMaxAutoRun] . (.CoolwareMax - WebcamMax.) -- C:\Program Files\WebcamMax\WebcamMax.exe
O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [CallCenter JustPhone] . (.JustRemotePhone - CallCenter.) -- C:\Program Files\JustPhone\CallCenter\CallCenter.exe
O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [download.ninja] C:\Program Files\Ninja Download Manager\download.ninja.exe (.not file.)
O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe ©
O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe ©
---\\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 =>.Google Public DNS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.240.32.5 62.68.42.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 =>.Google Public DNS
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 62.240.32.5 62.68.42.2
---\\ Extra protocols (20) - 0s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll ©
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll ©
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll ©
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll ©
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll ©
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll ©
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll ©
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files\Microsoft Office\Office15\MSOSB.DLL ©
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll ©
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll ©
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll ©
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL ©
---\\ Non Microsoft non disabled Windows Services (10) - 1s
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe ©
O23 - Service: @oem38.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation. - Bluetooth Radio Management Support.) - C:\Windows\System32\BtwRSupportService.exe ©
O23 - Service: BTDevManager (BTDevManager) . (...) - C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe ©
O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe ©
O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - مثبِّت Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe ©
O23 - Service: RtkBleServ (RtkBleServ) . (.Realtek Semiconductor Corporation - Realtek Bluetooth 4.0 Service Application.) - C:\Program Files\Realtek\Realtek Bluetooth\RtkBleServ.exe ©
O23 - Service: Service KMSELDI (Service KMSELDI) . (.@ByELDI - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe ©
---\\ Task Planned Automatically (26) - 6s
[MD5.E190FDABCC7E823BA40931FD955D0C2B] [APT] [Adobe Flash Player PPAPI Notifier] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [1157320] ©
[MD5.8C194A201698B4B4F77D974549819D1F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [269000] ©
[MD5.CCB2387238BC39C056DF01F3C9124BB6] [APT] [AutoPico Daily Restart] (.@ByELDI.) -- C:\Program Files\KMSpico\AutoPico.exe [966848] =>HackTool.KMSpico
[MD5.EE526B0428581B57FFC571FF57309E28] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [6369048] ©
[MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files\DriverToolkit\DriverToolkit.exe (.not file.) [0] =>PUP.Optional.DriverToolkit
[MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.8CC97EA9C34E2543A2B979626EFC782E] [APT] [KMS Server Daily Activate] (.MDL.) -- C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670289] =>HackTool.AutoKMS
[MD5.8CC97EA9C34E2543A2B979626EFC782E] [APT] [KMS Server OnLogon Activate] (.MDL.) -- C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670289] =>HackTool.AutoKMS
[MD5.7DBA1F4E48C3FEAA34F6648A469F210D] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files\baidu\Baidu Browser\SparkUpdate.exe [1372472]
[MD5.56E52535F4CF96E42DB1140E2B18731F] [APT] [{465BEE42-D0E1-41D8-8A9B-4AFA03B149C9}] (.Copyright (C) 2011.) -- c:\program files\baidu\baidu browser\spark.exe [983352]
O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job [892] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] ©
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\Tasks\DriverToolkit Autorun.job [350] =>PUP.Optional.DriverToolkit
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [828] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [832] ©
O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier [3842] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3718] ©
O39 - APT: AutoPico Daily Restart - (.@ByELDI.) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3358] =>HackTool.KMSpico
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2776] ©
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [2672] =>PUP.Optional.DriverToolkit
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3568] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3804] ©
O39 - APT: KMS Server Daily Activate - (.MDL.) -- C:\Windows\System32\Tasks\KMS Server Daily Activate [3300] =>HackTool.AutoKMS
O39 - APT: KMS Server OnLogon Activate - (.MDL.) -- C:\Windows\System32\Tasks\KMS Server OnLogon Activate [3114] =>HackTool.AutoKMS
O39 - APT: SparkUpdater - (.Baidu.com, Inc..) -- C:\Windows\System32\Tasks\SparkUpdater [4048]
---\\ Software installed (59) - 19s
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth - (.Realtek Semiconductor Corp..) [HKLM] -- 0EEF89A62BB41DDA034BDB47ED6F44F78B008CBD ©
O42 - Logiciel: Adobe Flash Player 19 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI ©
O42 - Logiciel: Adobe Flash Player 19 PPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player PPAPI ©
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner ©
O42 - Logiciel: Daniusoft Video Studio Express(Build 1.0.0.6) - (.Daniusoft Software.) [HKLM] -- Daniusoft Video Studio Express_is1
O42 - Logiciel: FormatFactory 3.7.0.0 - (.Format Factory.) [HKLM] -- FormatFactory ©
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome ©
O42 - Logiciel: Hard Disk Low Level Format Tool 4.40 - (.HDDGURU.) [HKLM] -- Hard Disk Low Level Format Tool_is1 ©
O42 - Logiciel: Smart Switch - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7} ©
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager ©
O42 - Logiciel: PicosmosTools 1.0.1.0 - (.Free Time.) [HKLM] -- PicosmosTools ©
O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM] -- Spark
O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM] -- USB Disk Security_is1
O42 - Logiciel: USB/PS2 Vibration Pad - (...) [HKLM] -- USB/PS2 Vibration Pad
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player ©
O42 - Logiciel: WebcamMax - (...) [HKLM] -- WebcamMax
O42 - Logiciel: WinRAR archiver - (...) [HKLM] -- WinRAR archiver
O42 - Logiciel: Yahoo! Messenger - (.Yahoo! Inc..) [HKLM] -- Yahoo! Messenger ©
O42 - Logiciel: Your Software Deals 1.0.0 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Your Software Deals_is1
O42 - Logiciel: YouWave for Android - (.YouWave Inc..) [HKLM] -- YouWave
O42 - Logiciel: Your Uninstaller! 7 - (.URSoft, Inc..) [HKLM] -- YU2010_is1
O42 - Logiciel: Moborobo 2.0.2.290 - (.Moborobo Inc..) [HKLM] -- {02B934E4-C574-4605-842B-01CD16295185}_is1
O42 - Logiciel: WIDCOMM Bluetooth Software 6.1.0.4502 - (.Dell.) [HKLM] -- {03D1988F-469F-4843-8E6E-E5FE9D17889D} ©
O42 - Logiciel: Wondershare Dr.Fone for Android(Build 5.4.0.48) - (.Wondershare Software Co.,Ltd..) [HKLM] -- {1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1 ©
O42 - Logiciel: Java 7 Update 13 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217013FF} ©
O42 - Logiciel: Twin USB Network Gamepad (BM) - (...) [HKLM] -- {2D8DCCA2-2339-4155-A29B-F6041362DFDD}
O42 - Logiciel: Java SE Development Kit 7 Update 13 - (.Oracle.) [HKLM] -- {32A3A4F4-B792-11D6-A78A-00B0D0170130} ©
O42 - Logiciel: Canon MF4400 Series - (.Canon Inc..) [HKLM] -- {4129CA8E-7E75-4eee-BAE5-AA7707AA7708} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ©
O42 - Logiciel: Canon MF Toolbox 4.9.1.1.mf11 - (.Canon Inc..) [HKLM] -- {6767DFEE-8909-453A-B553-C7693912B2EB} ©
O42 - Logiciel: Smart Switch - (.Samsung Electronics Co., Ltd..) [HKLM] -- {74FA5314-85C8-4E2A-907D-D9ECCCB770A7} ©
O42 - Logiciel: champion - (.syriangames.) [HKLM] -- {7F74CA5D-04F1-4DA4-B8CA-8E5C3E7274F2}
O42 - Logiciel: CallCenter - (.justRemotePhone.) [HKLM] -- {8734B9D7-3C0D-4C79-9B2D-CCFBEAAB0100}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} ©
O42 - Logiciel: KMSpico - (...) [HKLM] -- {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico
O42 - Logiciel: Microsoft Access MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0015-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft Excel MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0016-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft PowerPoint MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0018-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft Publisher MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0019-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft Outlook MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001A-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft Word MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001B-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft InfoPath MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0044-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft DCF MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0090-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft OneNote MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00A1-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft Groove MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00BA-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Microsoft Lync MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-012B-0401-0000-0000000FF1CE} ©
O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-0401-0000-0000000FF1CE}_Office15.PROPLUS_{033E4C59-F05D-4F71-98AA-2605BB4776AB} ©
O42 - Logiciel: Ashampoo Slideshow Studio HD 3 v.3.0.5 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- {91B33C97-0CE8-6ABD-1CF4-0DAF2CCF492A}_is1
O42 - Logiciel: REALTEK Bluetooth Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {9D3D8C60-A5EF-4123-B2B9-172095903AB} ©
O42 - Logiciel: Adobe Reader 6.0 CE - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1029-7646-CE0000000001} ©
O42 - Logiciel: Kingo ROOT version 1.4.0.2390 - (.Kingosoft Technology Ltd..) [HKLM] -- {AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1 ©
O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc.) [HKLM] -- {BCFB58FF-181E-472F-A9DB-827B75C1EDF7} ©
O42 - Logiciel: Pro Evolution Soccer 2013 - (.KONAMI.) [HKLM] -- {C2523AE6-F335-4D0B-BC15-1C07E4ACE629} ©
O42 - Logiciel: QuickSet32 - (.Dell Inc..) [HKLM] -- {C4972073-2BFE-475D-8441-564EA97DA161} ©
O42 - Logiciel: Samsung USB Driver for Mobile Phones - (.Samsung Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} ©
O42 - Logiciel: USB Game Controller - (...) [HKLM] -- {D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D} ©
O42 - Logiciel: Auslogics DiskDefrag - (.Auslogics Labs Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 ©
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} ©
---\\ HKCU & HKLM Software Keys (113) - 19s
HKLM\SOFTWARE\12BD_E001
HKLM\SOFTWARE\12BD_E002
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AMD
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\Ashampoo
HKLM\SOFTWARE\ATI
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\Auslogics
HKLM\SOFTWARE\AviSynth
HKLM\SOFTWARE\Baidu
HKLM\SOFTWARE\Broadcom
HKLM\SOFTWARE\Canon
HKLM\SOFTWARE\CloudOPTInfo
HKLM\SOFTWARE\Daniusoft
HKLM\SOFTWARE\Debug
HKLM\SOFTWARE\Dell
HKLM\SOFTWARE\Dell Computer Corporation
HKLM\SOFTWARE\ESET
HKLM\SOFTWARE\GN2
HKLM\SOFTWARE\GNU
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\IM Providers
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\JavaSoft
HKLM\SOFTWARE\JreMetrics
HKLM\SOFTWARE\JustRemotePhone
HKLM\SOFTWARE\Khronos
HKLM\SOFTWARE\KONAMI
HKLM\SOFTWARE\KONAMIPES6
HKLM\SOFTWARE\Licenses
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\ND
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\PC-Doctor
HKLM\SOFTWARE\PicosmosShows
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\Realtek
HKLM\SOFTWARE\Realtek Semiconductor Corp.
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\RTLSetup
HKLM\SOFTWARE\SAMSUNG
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\Twin USB Network Gamepad (BM)
HKLM\SOFTWARE\VideoLAN
HKLM\SOFTWARE\Voice
HKLM\SOFTWARE\Volatile
HKLM\SOFTWARE\WafCX
HKLM\SOFTWARE\WebcamMax
HKLM\SOFTWARE\Widcomm
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\Wondershare
HKLM\SOFTWARE\yahoo
HKLM\SOFTWARE\zbshareware
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Ashampoo
HKCU\SOFTWARE\ATI
HKCU\SOFTWARE\Baidu
HKCU\SOFTWARE\Camfrog
HKCU\SOFTWARE\Canon
HKCU\SOFTWARE\DELL
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\DriverToolkit =>PUP.Optional.DriverToolkit
HKCU\SOFTWARE\drpsu
HKCU\SOFTWARE\ESET
HKCU\SOFTWARE\FreeTime
HKCU\SOFTWARE\Gabest
HKCU\SOFTWARE\GN2
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Haali
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\iolo
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\JustRemotePhone
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MediaChance
HKCU\SOFTWARE\Mine
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\Octoshape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Picosmos
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Redemption
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\Samsung
HKCU\SOFTWARE\Sysinternals
HKCU\SOFTWARE\TempCleaner
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\URSoft
HKCU\SOFTWARE\VB and VBA Program Settings
HKCU\SOFTWARE\Widcomm
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\Wondershare
HKCU\SOFTWARE\WPI
HKCU\SOFTWARE\yahoo
HKCU\SOFTWARE\YouWave Android
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\Adobe
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\Macromedia
---\\ Contents of the Common Files folders (201) - 17s
O43 - CFD: 2015/10/20 08:11:37 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2015/08/09 23:40:09 - [] D -- C:\Program Files\AMD
O43 - CFD: 2015/08/10 13:09:04 - [] D -- C:\Program Files\Ashampoo
O43 - CFD: 2015/08/10 12:56:32 - [] D -- C:\Program Files\Auslogics
O43 - CFD: 2015/08/10 03:08:12 - [] D -- C:\Program Files\baidu
O43 - CFD: 2015/09/11 21:00:38 - [] D -- C:\Program Files\Canon
O43 - CFD: 2015/09/03 00:27:28 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2015/10/20 08:11:39 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/08/10 10:53:04 - [] D -- C:\Program Files\Daniusoft
O43 - CFD: 2015/08/09 23:57:55 - [] D -- C:\Program Files\Dell
O43 - CFD: 2015/08/10 21:06:46 - [0] D -- C:\Program Files\Dell Remote Access
O43 - CFD: 2015/08/10 16:19:01 - [] D -- C:\Program Files\DIFX
O43 - CFD: 2015/08/22 16:19:10 - [] HD -- C:\Program Files\DrFoneAndroid_Temp
O43 - CFD: 2015/10/02 13:56:53 - [0] D -- C:\Program Files\DriverToolkit =>PUP.Optional.DriverToolkit
O43 - CFD: 2015/08/10 00:17:56 - [] D -- C:\Program Files\ESET
O43 - CFD: 2015/08/10 10:12:56 - [] D -- C:\Program Files\FormatFactory
O43 - CFD: 2015/09/15 06:05:54 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/10/20 08:41:31 - [] D -- C:\Program Files\HDDGURU LLF Tool
O43 - CFD: 2015/08/22 17:17:20 - [] D -- C:\Program Files\Hyper-V
O43 - CFD: 2015/10/16 18:05:52 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2015/08/09 23:42:50 - [] D -- C:\Program Files\Intel
O43 - CFD: 2015/10/16 23:30:52 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/10/16 10:40:32 - [] D -- C:\Program Files\Java
O43 - CFD: 2015/08/15 16:14:55 - [] D -- C:\Program Files\JustPhone
O43 - CFD: 2015/09/26 14:55:53 - [] D -- C:\Program Files\Kingo ROOT
O43 - CFD: 2015/08/10 01:58:37 - [] D -- C:\Program Files\KMSpico =>HackTool.KMSpico
O43 - CFD: 2015/10/16 14:23:13 - [] D -- C:\Program Files\KONAMI
O43 - CFD: 2015/08/10 01:25:07 - [] D -- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2015/08/10 01:26:55 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2015/08/10 01:27:31 - [] D -- C:\Program Files\Microsoft SQL Server
O43 - CFD: 2015/08/10 01:27:31 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/09/26 11:30:31 - [] D -- C:\Program Files\Moborobo
O43 - CFD: 2015/08/27 16:31:11 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/08/10 13:03:31 - [] D -- C:\Program Files\Netscape
O43 - CFD: 2015/09/04 23:06:23 - [0] D -- C:\Program Files\Ninja Download Manager
O43 - CFD: 2015/08/10 14:07:44 - [] D -- C:\Program Files\PicosmosTools
O43 - CFD: 2015/08/10 19:14:27 - [] D -- C:\Program Files\Realtek
O43 - CFD: 2015/09/26 19:25:37 - [] D -- C:\Program Files\SAMSUNG
O43 - CFD: 2015/10/16 18:05:52 - [] D -- C:\Program Files\ShanWan
O43 - CFD: 2013/08/22 09:24:44 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/08/10 02:14:30 - [] D -- C:\Program Files\USB Disk Security
O43 - CFD: 2015/10/16 17:20:41 - [] D -- C:\Program Files\USB Vibration
O43 - CFD: 2015/10/16 17:57:00 - [] D -- C:\Program Files\USB_PS2 Vibration Pad
O43 - CFD: 2015/08/10 12:59:08 - [] D -- C:\Program Files\VideoLAN
O43 - CFD: 2015/08/10 12:42:50 - [] D -- C:\Program Files\WebcamMax
O43 - CFD: 2015/08/10 17:01:36 - [] D -- C:\Program Files\WIDCOMM
O43 - CFD: 2015/08/27 16:45:53 - [] D -- C:\Program Files\Windows Defender
O43 - CFD: 2015/09/26 10:04:26 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2014/03/18 10:13:41 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 2013/08/22 10:17:26 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2014/03/18 10:13:41 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2013/08/22 10:17:26 - [] SHD -- C:\Program Files\Windows Sidebar
O43 - CFD: 2015/10/25 01:03:42 - [] HD -- C:\Program Files\WindowsApps
O43 - CFD: 2013/08/22 10:17:26 - [] D -- C:\Program Files\WindowsPowerShell
O43 - CFD: 2015/08/10 01:50:13 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/08/22 16:18:41 - [] D -- C:\Program Files\Wondershare
O43 - CFD: 2015/08/10 04:55:37 - [] D -- C:\Program Files\Yahoo!
O43 - CFD: 2015/08/10 17:31:29 - [] D -- C:\Program Files\Your Uninstaller! 7
O43 - CFD: 2015/09/20 15:23:47 - [] D -- C:\Program Files\YouWave Android
O43 - CFD: 2013/08/22 10:17:27 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2015/08/18 23:44:53 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/08/22 17:17:20 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/08/10 13:09:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
O43 - CFD: 2015/08/10 12:56:35 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
O43 - CFD: 2015/08/10 03:08:00 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser
O43 - CFD: 2015/09/11 21:00:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
O43 - CFD: 2015/08/31 03:05:25 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 2015/08/10 10:53:12 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daniusoft
O43 - CFD: 2015/08/10 00:17:57 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
O43 - CFD: 2015/09/15 06:06:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2015/10/20 08:41:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
O43 - CFD: 2015/08/22 17:17:19 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
O43 - CFD: 2015/10/16 23:21:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2015/08/15 16:14:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\justRemotePhone
O43 - CFD: 2015/09/26 14:56:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT
O43 - CFD: 2015/08/10 01:58:32 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
O43 - CFD: 2013/08/22 10:17:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/10/28 16:58:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
O43 - CFD: 2015/09/26 11:29:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo
O43 - CFD: 2015/10/20 08:12:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintMe Internet Printing
O43 - CFD: 2015/09/26 19:34:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
O43 - CFD: 2015/08/10 21:09:53 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 2015/08/10 22:35:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\syriangames
O43 - CFD: 2014/03/18 10:13:45 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2014/03/18 09:39:00 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015/08/10 02:14:30 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
O43 - CFD: 2015/08/10 12:59:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 2015/08/10 12:42:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebcamMax
O43 - CFD: 2015/08/10 01:50:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/08/22 16:19:18 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
O43 - CFD: 2015/08/10 04:55:38 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
O43 - CFD: 2015/08/10 02:19:35 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
O43 - CFD: 2015/09/20 15:22:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouWave Android
O43 - CFD: 2015/10/20 08:11:39 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/08/10 13:09:47 - [] D -- C:\ProgramData\Ashampoo
O43 - CFD: 2015/08/10 12:56:45 - [] D -- C:\ProgramData\Auslogics
O43 - CFD: 2015/08/10 02:19:15 - [0] D -- C:\ProgramData\Babylon =>PUP.Optional.Babylon
O43 - CFD: 2015/08/10 03:08:06 - [] D -- C:\ProgramData\Baidu
O43 - CFD: 2015/08/10 21:06:57 - [] D -- C:\ProgramData\Dell
O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2015/08/10 00:17:56 - [] D -- C:\ProgramData\ESET
O43 - CFD: 2015/08/10 19:09:23 - [] D -- C:\ProgramData\iolo
O43 - CFD: 2015/08/10 04:04:29 - [] D -- C:\ProgramData\KONAMI
O43 - CFD: 2015/08/10 05:20:16 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 2015/08/22 17:24:23 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2015/10/28 16:59:53 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 2015/08/10 19:07:50 - [] D -- C:\ProgramData\PC-Doctor
O43 - CFD: 2015/08/10 19:07:50 - [0] D -- C:\ProgramData\PCDr
O43 - CFD: 2015/08/10 01:27:21 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 2015/09/26 19:37:06 - [] D -- C:\ProgramData\Samsung
O43 - CFD: 2015/08/10 17:36:31 - [] D -- C:\ProgramData\Skype
O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2015/10/16 10:41:47 - [] D -- C:\ProgramData\Sun
O43 - CFD: 2015/10/22 21:17:33 - [0] AD -- C:\ProgramData\TEMP
O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2015/08/10 12:44:29 - [] D -- C:\ProgramData\WebcamMax
O43 - CFD: 2015/08/22 16:27:09 - [] D -- C:\ProgramData\Wondershare
O43 - CFD: 2015/08/10 04:55:39 - [] D -- C:\ProgramData\Yahoo!
O43 - CFD: 2015/08/10 02:15:15 - [] D -- C:\ProgramData\Zbshareware Lab
O43 - CFD: 2015/10/20 08:11:39 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2015/08/09 23:40:09 - [] D -- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 2015/08/10 02:34:34 - [] D -- C:\Program Files\Common Files\AV
O43 - CFD: 2015/08/10 01:27:45 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2015/08/10 18:59:42 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2015/10/16 10:41:46 - [] D -- C:\Program Files\Common Files\Java
O43 - CFD: 2015/08/27 16:45:51 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2013/08/22 10:17:35 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2015/08/10 01:25:57 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/08/22 16:19:25 - [] D -- C:\Program Files\Common Files\Wondershare
O43 - CFD: 2015/10/20 08:12:41 - [] D -- C:\Users\cp\AppData\Roaming\Adobe
O43 - CFD: 2015/10/20 08:12:45 - [0] D -- C:\Users\cp\AppData\Roaming\AdobeUM
O43 - CFD: 2015/08/10 13:12:25 - [] D -- C:\Users\cp\AppData\Roaming\Ashampoo Slideshow Studio HD 3
O43 - CFD: 2015/08/10 02:19:15 - [] D -- C:\Users\cp\AppData\Roaming\Babylon =>PUP.Optional.Babylon
O43 - CFD: 2015/08/10 03:09:24 - [] D -- C:\Users\cp\AppData\Roaming\Baidu
O43 - CFD: 2015/10/22 01:00:27 - [0] D -- C:\Users\cp\AppData\Roaming\BitTorrent
O43 - CFD: 2015/10/05 18:40:12 - [] D -- C:\Users\cp\AppData\Roaming\Canon
O43 - CFD: 2015/10/28 09:23:46 - [] D -- C:\Users\cp\AppData\Roaming\DMCache
O43 - CFD: 2015/09/04 23:04:25 - [] D -- C:\Users\cp\AppData\Roaming\DownloadNinja
O43 - CFD: 2015/08/10 00:19:46 - [] D -- C:\Users\cp\AppData\Roaming\ESET
O43 - CFD: 2015/08/10 17:39:32 - [] D -- C:\Users\cp\AppData\Roaming\EurekaLog
O43 - CFD: 2015/10/10 13:55:58 - [] D -- C:\Users\cp\AppData\Roaming\gtk-2.0
O43 - CFD: 2015/08/22 16:27:00 - [0] D -- C:\Users\cp\AppData\Roaming\HMYGSetting
O43 - CFD: 2015/10/24 09:13:30 - [] D -- C:\Users\cp\AppData\Roaming\IDM
O43 - CFD: 2015/08/10 19:07:16 - [] D -- C:\Users\cp\AppData\Roaming\InstallShield
O43 - CFD: 2015/08/10 19:09:17 - [0] D -- C:\Users\cp\AppData\Roaming\iolo
O43 - CFD: 2015/08/10 04:27:18 - [] D -- C:\Users\cp\AppData\Roaming\Macromedia
O43 - CFD: 2015/08/10 22:30:01 - [] SD -- C:\Users\cp\AppData\Roaming\Microsoft
O43 - CFD: 2015/08/15 00:36:13 - [] D -- C:\Users\cp\AppData\Roaming\Mozilla
O43 - CFD: 2015/08/10 13:03:51 - [] D -- C:\Users\cp\AppData\Roaming\Netscape
O43 - CFD: 2015/08/22 17:01:37 - [0] D -- C:\Users\cp\AppData\Roaming\Octoshape
O43 - CFD: 2015/08/10 10:32:14 - [] D -- C:\Users\cp\AppData\Roaming\Roxio Log Files
O43 - CFD: 2015/09/26 19:34:41 - [] D -- C:\Users\cp\AppData\Roaming\Samsung
O43 - CFD: 2015/08/10 02:19:36 - [] D -- C:\Users\cp\AppData\Roaming\URSoft
O43 - CFD: 2015/10/23 18:08:52 - [] D -- C:\Users\cp\AppData\Roaming\vlc
O43 - CFD: 2015/08/10 12:44:20 - [] D -- C:\Users\cp\AppData\Roaming\WebcamMax
O43 - CFD: 2015/08/10 01:50:45 - [] D -- C:\Users\cp\AppData\Roaming\WinRAR
O43 - CFD: 2015/08/22 16:18:41 - [] D -- C:\Users\cp\AppData\Roaming\Wondershare
O43 - CFD: 2015/08/10 09:10:15 - [] D -- C:\Users\cp\AppData\Roaming\Yahoo!
O43 - CFD: 2015/10/16 10:27:19 - [] D -- C:\Users\cp\AppData\Roaming\Youtube Downloader HD
O43 - CFD: 2015/08/10 02:15:15 - [] D -- C:\Users\cp\AppData\Roaming\Zbshareware Lab
O43 - CFD: 2015/10/28 17:20:00 - [] D -- C:\Users\cp\AppData\Roaming\ZHP
O43 - CFD: 2015/08/10 05:20:22 - [0] D -- C:\Users\cp\AppData\Local\Adobe
O43 - CFD: 2015/08/10 13:09:47 - [] D -- C:\Users\cp\AppData\Local\ashampoo
O43 - CFD: 2015/08/10 02:19:21 - [] D -- C:\Users\cp\AppData\Local\Babylon =>PUP.Optional.Babylon
O43 - CFD: 2015/10/16 13:52:27 - [] D -- C:\Users\cp\AppData\Local\Diagnostics
O43 - CFD: 2015/09/24 22:05:04 - [0] D -- C:\Users\cp\AppData\Local\DriverToolkit =>PUP.Optional.DriverToolkit
O43 - CFD: 2015/10/15 02:05:09 - [0] D -- C:\Users\cp\AppData\Local\ElevatedDiagnostics
O43 - CFD: 2015/08/09 23:48:50 - [] SHD -- C:\Users\cp\AppData\Local\EmieSiteList
O43 - CFD: 2015/08/09 23:48:50 - [] SHD -- C:\Users\cp\AppData\Local\EmieUserList
O43 - CFD: 2015/08/10 00:19:46 - [] D -- C:\Users\cp\AppData\Local\ESET
O43 - CFD: 2015/09/16 15:31:49 - [] D -- C:\Users\cp\AppData\Local\Google
O43 - CFD: 2015/10/02 13:53:30 - [] D -- C:\Users\cp\AppData\Local\GWX
O43 - CFD: 2015/08/15 16:15:15 - [] D -- C:\Users\cp\AppData\Local\JustRemotePhone
O43 - CFD: 2015/09/26 14:56:06 - [] D -- C:\Users\cp\AppData\Local\Kingosoft
O43 - CFD: 2015/08/16 00:16:47 - [0] D -- C:\Users\cp\AppData\Local\MEGAsync
O43 - CFD: 2015/08/10 18:52:01 - [] D -- C:\Users\cp\AppData\Local\Microsoft
O43 - CFD: 2015/08/10 01:25:02 - [0] D -- C:\Users\cp\AppData\Local\Microsoft Help
O43 - CFD: 2015/08/10 02:22:53 - [] D -- C:\Users\cp\AppData\Local\MiniService
O43 - CFD: 2015/08/10 13:03:51 - [] D -- C:\Users\cp\AppData\Local\Netscape
O43 - CFD: 2015/10/25 01:04:53 - [] D -- C:\Users\cp\AppData\Local\Packages
O43 - CFD: 2015/08/10 01:58:20 - [] D -- C:\Users\cp\AppData\Local\Programs
O43 - CFD: 2015/10/28 17:20:28 - [] D -- C:\Users\cp\AppData\Local\Temp
O43 - CFD: 2015/08/10 04:55:48 - [] D -- C:\Users\cp\AppData\Local\VirtualStore
O43 - CFD: 2015/08/22 16:19:27 - [] D -- C:\Users\cp\AppData\Local\Wondershare
O43 - CFD: 2014/03/18 10:13:45 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2013/08/22 10:17:27 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/08/19 00:49:53 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/08/10 10:12:55 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
O43 - CFD: 2015/10/16 23:21:16 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2013/08/22 10:17:27 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/08/10 14:07:44 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicosmosTools
O43 - CFD: 2015/08/19 00:49:53 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2014/03/18 10:13:45 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2015/08/10 01:50:13 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/09/16 14:44:35 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\تطبيقات Chrome
---\\ Latest files created in Prefetcher (1) - 23s
O45 - LFCP:[MD5.A97F0BEC373E8CFA61C9BEC7A9CAFAEE] 2015/10/16 23:17:42 A -- C:\Windows\Prefetch\VDOWNLOADER4OC.EXE-976BEE55.pf =>PUP.Optional.OpenCandy
---\\ ShellIconOverlayIdentifiers (SIOI) (6) - 0s
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL ©
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL ©
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL ©
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - مكتبة DLL الخاصة بملحق Shell للتخزين المحسّ.) -- C:\Windows\System32\EhStorShell.dll ©
O106 - SIOI: IDM Shell Extension [IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMShellExt.dll ©
O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - واجهة مستخدم ذاكرة التخزين المؤقت من جانب ا.) -- C:\Windows\System32\cscui.dll ©
---\\ System Drivers List (74) - 10s
O58 - SDL:2013/08/22 07:33:26 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [86368] ©
O58 - SDL:2013/08/22 07:33:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\Windows\System32\drivers\adp80xx.sys [773472] ©
O58 - SDL:2014/11/21 04:41:34 A . (.Advanced Micro Devices - AMD ACP Binaries.) -- C:\Windows\System32\drivers\amdacpksd.sys [265416] ©
O58 - SDL:2014/10/28 01:46:14 A . (.Advanced Micro Devices, Inc. - AMD PCI Root Bus Lower Filter.) -- C:\Windows\System32\drivers\amdkmpfd.sys [40136] ©
O58 - SDL:2013/08/22 07:33:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [72544] ©
O58 - SDL:2013/08/22 07:33:26 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [215392] ©
O58 - SDL:2013/08/22 07:33:24 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22880] ©
O58 - SDL:2013/08/22 07:33:26 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [101728] ©
O58 - SDL:2014/11/21 04:38:32 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [16955392] ©
O58 - SDL:2014/11/21 04:08:48 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [472576] ©
O58 - SDL:2013/09/04 18:12:22 A . (.Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) -- C:\Windows\System32\drivers\bcbtums.sys [174936] ©
O58 - SDL:2013/08/13 01:25:32 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\drivers\bcmfn2.sys [16088] ©
O58 - SDL:2014/10/02 13:41:41 A . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless dr.) -- C:\Windows\System32\drivers\BCMWL63.SYS [6795992] ©
O58 - SDL:2012/09/01 15:09:10 A . (.ShenZhen ShanWan Technology Co., Ltd. - Filter Driver.) -- C:\Windows\System32\drivers\BM0555.sys [24048]
O58 - SDL:2013/09/04 18:12:36 A . (.Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windo.) -- C:\Windows\System32\drivers\btwampfl.sys [144600] ©
O58 - SDL:2011/01/14 17:07:46 A . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\Windows\System32\drivers\btwaudio.sys [93224] ©
O58 - SDL:2011/01/14 17:07:46 A . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\Windows\System32\drivers\btwavdt.sys [114728] ©
O58 - SDL:2011/01/14 17:07:48 A . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\Windows\System32\drivers\btwl2cap.sys [33832] ©
O58 - SDL:2011/01/14 17:07:48 A . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\Windows\System32\drivers\btwrchid.sys [18728] ©
O58 - SDL:2011/08/09 14:24:52 A . (.ESET - Amon monitor.) -- C:\Windows\System32\drivers\eamonm.sys [163424] ©
O58 - SDL:2011/08/04 09:20:36 A . (.ESET - ESET Helper driver.) -- C:\Windows\System32\drivers\ehdrv.sys [118104] ©
O58 - SDL:2011/08/04 09:20:38 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfw.sys [147480] ©
O58 - SDL:2011/08/04 09:20:38 A . (.ESET - Epfw NDIS LightWeight Filter.) -- C:\Windows\System32\drivers\EpfwLWF.sys [33656] ©
O58 - SDL:2011/08/04 09:20:38 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfwwfp.sys [50624] ©
O58 - SDL:2013/08/22 07:33:29 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56672] ©
O58 - SDL:2013/07/23 23:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller.) -- C:\Windows\System32\drivers\iaiogpio.sys [22016] ©
O58 - SDL:2013/07/23 23:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller.) -- C:\Windows\System32\drivers\iaioi2c.sys [61936] ©
O58 - SDL:2014/04/24 16:34:12 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\Windows\System32\drivers\iaStorA.sys [490856] ©
O58 - SDL:2013/08/10 02:39:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\Windows\System32\drivers\iaStorAV.sys [524784] ©
O58 - SDL:2013/08/22 07:33:29 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333664] ©
O58 - SDL:2012/08/02 02:23:14 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [97632] ©
O58 - SDL:2015/06/01 21:00:00 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [3788752] ©
O58 - SDL:2014/09/26 16:23:30 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\drivers\IntcDAud.sys [368912] ©
O58 - SDL:2013/08/22 07:33:29 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [94048] ©
O58 - SDL:2013/08/22 07:33:30 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [79712] ©
O58 - SDL:2013/08/22 07:33:30 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas3.sys [68960] ©
O58 - SDL:2013/08/22 07:33:29 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [69472] ©
O58 - SDL:2013/08/22 07:33:30 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [51552] ©
O58 - SDL:2013/08/22 07:33:29 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\megasr.sys [464736] ©
O58 - SDL:2013/08/22 07:33:32 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [58208] ©
O58 - SDL:2013/08/22 07:33:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120160] ©
O58 - SDL:2013/08/22 07:33:33 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141664] ©
O58 - SDL:2008/06/17 12:01:06 A . (.SingleClick Systems - SCS NDIS 5.0 Auto IP Protocol Driver.) -- C:\Windows\System32\drivers\packet.sys [22016]
O58 - SDL:2014/08/26 13:31:52 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 32-bit Dr.) -- C:\Windows\System32\drivers\Rt630x86.sys [732888] ©
O58 - SDL:2011/05/16 22:55:28 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [391272] ©
O58 - SDL:2012/06/25 17:41:02 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) -- C:\Windows\System32\drivers\RtkBtfilter.sys [572048] ©
O58 - SDL:2009/02/23 16:20:12 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for Vista.) -- C:\Windows\System32\drivers\RTSTOR.sys [62976] ©
O58 - SDL:2014/08/29 15:44:14 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) -- C:\Windows\System32\drivers\RtsUStor.sys [217304] ©
O58 - SDL:2013/08/22 10:16:47 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] ©
O58 - SDL:2013/08/22 07:32:56 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41312] ©
O58 - SDL:2013/08/22 07:32:57 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79200] ©
O58 - SDL:2015/05/21 08:02:42 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudbus.sys [89984] ©
O58 - SDL:2015/05/21 08:02:42 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudmdm.sys [184192] ©
O58 - SDL:2013/08/22 07:32:57 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26976] ©
O58 - SDL:2013/08/22 14:40:22 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901.sys [35288] ©
O58 - SDL:2014/10/10 10:37:16 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\TeeDriver.sys [111904] ©
O58 - SDL:2013/08/22 07:33:00 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18272] ©
O58 - SDL:2013/08/22 07:33:01 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\drivers\vsmraid.sys [148832] ©
O58 - SDL:2013/08/22 07:33:01 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [276832] ©
O58 - SDL:2015/09/07 16:12:35 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2015/09/07 16:12:35 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2015/09/07 16:12:37 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2015/09/07 16:12:37 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2015/09/07 16:12:37 A . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
---\\ Last modified or created user files (25) - 20s
O61 - LFC: 2015/10/24 09:29:25 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Priority.bin [5914]
O61 - LFC: 2015/10/24 09:29:21 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Sessions.bin [111]
O61 - LFC: 2015/10/24 09:28:37 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Stream.bin [2598]
O61 - LFC: 2015/10/24 09:29:38 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Timer.bin [155]
O61 - LFC: 2015/10/24 09:29:22 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Token.bin [111]
O61 - LFC: 2015/10/26 14:03:46 A . (.Copyright © 2012-2014.) -- C:\Users\cp\AppData\Local\Packages\E03E4889.RealPlayerCloud_ntp9rbjg1j5m8\AC\Microsoft\CLR_v4.0_32\NativeImages\Mercury\954390c0710b9088c5e9cf003e83ca04\Mercury.ni.exe [2501120]
O61 - LFC: 2015/10/26 14:03:22 A . (.Copyright © 2011-2012.) -- C:\Users\cp\AppData\Local\Packages\ATrillionGamesLtd.3DChessMaster_2cw2yhd8jafk0\AC\Microsoft\CLR_v4.0_32\NativeImages\MonoGame.Frb8b89373#\f61f88b4aa5c6377cfe48c90e4309006\MonoGame.Framework.Windows8.ni.dll [2010624]
O61 - LFC: 2015/10/26 14:03:14 A . (..) -- C:\Users\cp\AppData\Local\Packages\ATrillionGamesLtd.3DChessMaster_2cw2yhd8jafk0\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.A51f62115#\fb7a30b7dc84a940b4e1f432dd83d192\Microsoft.Advertising.ni.dll [213504]
O61 - LFC: 2015/10/26 14:03:12 A . (.Copyright ©, A Trillion Games Ltd.) -- C:\Users\cp\AppData\Local\Packages\ATrillionGamesLtd.3DChessMaster_2cw2yhd8jafk0\AC\Microsoft\CLR_v4.0_32\NativeImages\3DChessGame\093ce2c1a0e57b03feb190c165175869\3DChessGame.ni.exe [848384]
O61 - LFC: 2015/10/26 14:03:03 A . (..) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\PSXEditor\7a54bfabd1c279159c368234a13a9fb3\PSXEditor.ni.dll [59904]
O61 - LFC: 2015/10/26 14:02:53 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\PSExpressUtf6b179d3#\7cd86f6300aa03c463c82efb82b2d9f7\PSExpressUtilityComponent.ni.dll [152064]
O61 - LFC: 2015/10/26 14:02:51 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\PSExpress\20acaec90140860fa178e2ccc88581a5\PSExpress.ni.exe [1430016]
O61 - LFC: 2015/10/26 14:02:58 A . (.Copyright © 2013.) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\OzComponent\239f3acf6c1d48eaaea4ec0d967c83ec\OzComponent.ni.dll [1015296]
O61 - LFC: 2015/10/26 14:02:44 A . (.Copyright © 2013.) -- C:\Users\cp\AppData\Local\Packages\63253Carocha.BackgroundsWallpapersHD_n0fz1mdwq0eq0\AC\Microsoft\CLR_v4.0_32\NativeImages\GoogleAnalytics\82deee8041dce7d6e7301258a6de9300\GoogleAnalytics.ni.dll [334336]
O61 - LFC: 2015/10/26 14:02:29 A . (.iZi Labs.) -- C:\Users\cp\AppData\Local\Packages\63253Carocha.BackgroundsWallpapersHD_n0fz1mdwq0eq0\AC\Microsoft\CLR_v4.0_32\NativeImages\Backgroundsdd9243e7#\2a3e83118cece8baffe80df6be9221ac\BackgroundsWallpapersHD.ni.exe [4876800]
O61 - LFC: 2015/10/26 14:01:51 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.MyFirstBookofArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.W64cef312#\42367fc977827cd345731b99748da399\Microsoft.WindowsAzure.Messaging.Managed.ni.dll [644608]
O61 - LFC: 2015/10/26 14:01:45 A . (.Ilmasoft FZE.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.MyFirstBookofArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\MFB-AR\086761503b82d192f165cc97b5611125\MFB-AR.ni.exe [535040]
O61 - LFC: 2015/10/26 14:00:26 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.KidsIQArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.W64cef312#\42367fc977827cd345731b99748da399\Microsoft.WindowsAzure.Messaging.Managed.ni.dll [644608]
O61 - LFC: 2015/10/26 14:00:22 A . (.Ilmasoft FZE.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.KidsIQArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\KIQ_AR\b7741a543d1ab1c3e934163b2396f53c\KIQ_AR.ni.exe [309248]
O61 - LFC: 2015/10/26 14:00:20 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\40380AlgeriaEducation.CorpsHumain_4fh4j95cjnty4\AC\Microsoft\CLR_v4.0_32\NativeImages\HumanBody\400cc4e584417e3e672f2dad3a7b194f\HumanBody.ni.exe [324096]
O61 - LFC: 2015/10/26 14:00:18 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\40380AlgeriaEducation.5210792FA969E_4fh4j95cjnty4\AC\Microsoft\CLR_v4.0_32\NativeImages\LearnAlpha\3f0433031f980faacca9ea6e6196d4ea\LearnAlpha.ni.exe [520704]
O61 - LFC: 2015/10/26 14:00:15 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\12106AlaaElhady.63250B1CC0E6D_16a5jx4zbjxp0\AC\Microsoft\CLR_v4.0_32\NativeImages\AdDuplex.Unb1b08295#\c4d9873609e1b12081e0b3191060122e\AdDuplex.Universal.Win.WinRT.ni.dll [673792]
O61 - LFC: 2015/10/26 13:59:57 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\12106AlaaElhady.63250B1CC0E6D_16a5jx4zbjxp0\AC\Microsoft\CLR_v4.0_32\NativeImages\AdDuplex.Un1b2e3881#\5409dd6feac5bd41ae8142775bd69b64\AdDuplex.Universal.Controls.Win.XAML.ni.dll [258560]
O61 - LFC: 2015/10/26 13:59:55 A . (.Copyright © 2015.) -- C:\Users\cp\AppData\Local\Packages\12106AlaaElhady.63250B1CC0E6D_16a5jx4zbjxp0\AC\Microsoft\CLR_v4.0_32\NativeImages\A.Windows\0311f04834f013f01f61b2593fab38c5\A.Windows.ni.exe [247296]
O61 - LFC: 2015/10/28 16:42:56 A . (..) -- C:\Users\cp\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082]
---\\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe ©
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe ©
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe ©
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe ©
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
---\\ Start Menu Internet (12) - 1s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe ©
---\\ Search Browser Infection (1) - 1s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/
---\\ Search Svchost Services (36) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [160768] ©
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [128512] ©
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [128512] ©
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [244224] ©
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) -- C:\Windows\System32\gpsvc.dll [1165312] ©
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [730112] ©
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [795648] ©
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي الخاصة بخدمة تسجي.) -- C:\Windows\System32\seclogon.dll [23040] ©
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [89600] ©
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [116224] ©
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [91136] ©
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) -- C:\Windows\System32\schedsvc.dll [1015808] ©
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [174592] ©
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [73728] ©
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [105472] ©
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [191488] ©
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [280576] ©
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - تقارير المشاكل وحلولها.) -- C:\Windows\System32\wercplsupport.dll [59392] ©
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [75776] ©
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376] ©
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [1203200] ©
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll [367104] ©
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [299008] ©
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [165376] ©
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [141312] ©
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [93696] ©
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [457216] ©
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [177664] ©
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [54784] ©
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [380928] ©
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [248320] ©
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) -- C:\Windows\System32\wuaueng.dll [3066368] ©
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [801792] ©
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Sh.) -- C:\Windows\System32\shsvcs.dll [564736] ©
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - خدمة تثبت البرامج.) -- C:\Windows\System32\appmgmts.dll [151040] ©
O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll [75104] ©
---\\ Firewall Active Exception List (14) - 4s
O87 - FAEL: "TCP Query User{EBC4FA83-2704-4B8F-BF2D-7422E7396D29}C:\program files\formatfactory\ffmodules\package\pfinstonline.exe" [In-None-P6-TRUE] .(.Picosmos - App P2P Installer.) -- C:\program files\formatfactory\ffmodules\package\pfinstonline.exe
O87 - FAEL: "UDP Query User{DB346245-A287-40A9-A4FF-A19032C16914}C:\program files\formatfactory\ffmodules\package\pfinstonline.exe" [In-None-P17-TRUE] .(.Picosmos - App P2P Installer.) -- C:\program files\formatfactory\ffmodules\package\pfinstonline.exe
O87 - FAEL: "{893AB9D9-02DE-4756-B0D9-5EB8B50C90F3}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Dell Remote Access\ezi_ra.exe (.not file.)
O87 - FAEL: "{156929FF-986D-45E7-A8CD-FD64D0DA5F27}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Dell Remote Access\ezi_ra.exe (.not file.)
O87 - FAEL: "{D143C0EF-20A5-4E1C-824F-C068A49519C6}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (.not file.)
O87 - FAEL: "{4C032907-4051-4FFE-BD3E-4DD3F281ABA0}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (.not file.)
O87 - FAEL: "{0926AEC6-41D8-48BC-B1F9-3DBA963E1AA8}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe
O87 - FAEL: "{A8C5F39E-B015-49F7-A9AE-73B06736DAB7}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe
O87 - FAEL: "{A72057C3-11C0-44FF-BA21-0C3C20A8DB83}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe
O87 - FAEL: "{858A2360-2A28-4C71-AE15-3A81B0BE0BF9}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe
O87 - FAEL: "{1EC1C717-4ED5-4A73-AE92-BB6EB5ECE640}" [In-None-P6-TRUE] .(...) -- F:\Appso\BitTorrent 7.9 Build 30659.exe (.not file.)
O87 - FAEL: "{1BC37FDC-177D-4CA7-88F9-42ACD4DA8388}" [In-None-P17-TRUE] .(...) -- F:\Appso\BitTorrent 7.9 Build 30659.exe (.not file.)
O87 - FAEL: "{35E9F2FA-EF3D-4B1E-BB9E-0829AE26695B}" [In-None-P6-TRUE] .(.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
O87 - FAEL: "{0B7EF42F-D784-4308-AFFE-2F4C7423F911}" [In-None-P17-TRUE] .(.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
---\\ Services not Microsoft (SR=Run, SS=Stop) (16) - 39s
SS - Demand [2015/10/21 03:56:59] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe ©
SR - Auto [2014/11/21 04:12:38] [ 212992] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe ©
SS - Auto [2013/09/04 18:12:38] [ 1678040] @oem38.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe ©
SR - Auto [2012/02/16 10:37:08] [ 20480] BTDevManager (BTDevManager) . (...) - C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe
SR - Auto [2008/06/05 19:07:00] [ 518696] Bluetooth Service (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe ©
SS - Demand [2015/06/01 21:00:10] [ 290224] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe ©
SR - Auto [2011/09/22 12:03:30] [ 974944] ESET Service (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe ©
SS - Auto [2015/09/15 05:57:28] [ 144200] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe ©
SS - Demand [2015/09/15 05:57:28] [ 144200] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe ©
SR - Auto [2012/05/11 14:37:30] [ 30720] RtkBleServ (RtkBleServ) . (.Realtek Semiconductor Corporation.) - C:\Program Files\Realtek\Realtek Bluetooth\RtkBleServ.exe ©
SR - Auto [2014/12/04 21:07:20] [ 966336] Service KMSELDI (Service KMSELDI) . (.@ByELDI.) - C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
SR - Auto [2015/10/28 08:27:52] [ 97080] Baidu Spark Service (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe
SS - Demand [2015/07/02 16:01:47] [ 1371960] Baidu Spark Updater (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files\baidu\SparkUpdate\Sparkupdate.exe
SR - Auto [2015/05/21 08:02:42] [ 743688] SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe ©
SS - Demand [2015/08/17 17:02:14] [ 103824] Wondershare Driver Install Service (WsDrvInst) . (.Wondershare.) - C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe ©
---\\ Additional Scan (O88) (20) - 0s
C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
C:\Users\cp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI =>HackTool.KMSpico
C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe =>HackTool.AutoKMS
C:\Windows\Tasks\DriverToolkit Autorun.job =>PUP.Optional.DriverToolkit
C:\Windows\System32\Tasks\AutoPico Daily Restart =>HackTool.KMSpico
C:\Windows\System32\Tasks\DriverToolkit Autorun =>PUP.Optional.DriverToolkit
C:\Windows\System32\Tasks\KMS Server Daily Activate =>HackTool.AutoKMS
C:\Windows\System32\Tasks\KMS Server OnLogon Activate =>HackTool.AutoKMS
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico
HKCU\SOFTWARE\DriverToolkit =>PUP.Optional.DriverToolkit
C:\Program Files\DriverToolkit =>PUP.Optional.DriverToolkit
C:\Program Files\KMSpico =>HackTool.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
C:\ProgramData\Babylon =>PUP.Optional.Babylon
C:\Users\cp\AppData\Roaming\Babylon =>PUP.Optional.Babylon
C:\Users\cp\AppData\Local\Babylon =>PUP.Optional.Babylon
C:\Users\cp\AppData\Local\DriverToolkit =>PUP.Optional.DriverToolkit
C:\Windows\Prefetch\VDOWNLOADER4OC.EXE-976BEE55.pf =>PUP.Optional.OpenCandy
---\\ Summary of the elements found (7) - 0s
http://www.nicolascoolman.fr/pup-kmspico/ =>HackTool.KMSpico
http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask
http://www.nicolascoolman.fr/adware-bandoo/ =>PUP.Optional.Bandoo
http://www.nicolascoolman.fr/blog =>PUP.Optional.DriverToolkit
http://www.nicolascoolman.fr/trojan-autokms/ =>HackTool.AutoKMS
http://www.nicolascoolman.fr/pup-babylon/ =>PUP.Optional.Babylon
http://www.nicolascoolman.fr/adware-opencandy/ =>PUP.Optional.OpenCandy
~ End of the scan, 24939 items in 179 seconds (840)(0)()