Script ZHPFix EmptyPrefetch FirewallRaz PROXYFix EmptyTemp EmptyFlash EmptyClsid SysRestore [MD5.3CB03C134F7307866B3C52735CDFAE76] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [734208] =>Trojan.AutoKMS [MD5.00000000000000000000000000000000] [APT] [{893E0636-B227-4AC4-AA41-CB06ADC2011C}] (...) -- C:\Users\anthony\AppData\Local\BeamriseUninstall\Bootstrapper{1.Y2VqPwRP.100}.exe (.not file.) [0] =>Hijacker.Beamrise O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [314] =>Hijacker.iHaveNet O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [314] =>Trojan.AutoKMS [HKCU\Software\Beamrise] =>Hijacker.Beamrise O43 - CFD: 09/06/2013 - 19:12:46 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 12/03/2014 - 21:20:15 - [] ----D C:\Users\anthony\AppData\Roaming\nationzoom =>Hijacker.NationZoom C:\ProgramData\InstallMate =>PUP.Tarma^ C:\Users\anthony\AppData\Roaming\nationzoom =>Hijacker.NationZoom^ C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^ C:\Windows\Tasks\AutoKMS.job =>Hijacker.iHaveNet^ C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^ [HKCU\Software\Beamrise] =>Hijacker.Beamrise^ C:\Windows\KMSEmulator.exe =>Hijacker.Windows [HKCU\Software\ELIGCHK] [HKCU\Software\TPUKey] O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe O4 - HKLM\..\Wow6432Node\Run: [vspdfprsrv.exe] . (.Visagesoft - PDF Pro 10 Creator.) -- C:\Program Files (x86)\PDF Pro 10\vspdfprsrv.exe O4 - HKUS\S-1-5-21-605459465-3663228525-1435895634-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001Core] (.Facebook Inc..) -- C:\Users\anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001UA] (.Facebook Inc..) -- C:\Users\anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [MD5.00000000000000000000000000000000] [APT] [{12807086-DAE9-4C5A-A9CC-E6968245EEF2}] (...) -- F:\Counter Strike 1.6 [Portable]\Counter Strike 1.6 [Portable].exe (.not file.) [0] O39 - APT: FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001Core.job [928] O39 - APT: FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001Core [928] O39 - APT: FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001UA.job [950] O39 - APT: FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-605459465-3663228525-1435895634-1001UA [950] O61 - LFC: 06/10/2014 - 14:57:20 ---A- . (.Microsoft Corporation.) -- C:\Users\anthony\AppData\Local\Temp\is-7CCM0.tmp\_isetup\_shfoldr.dll [23312] R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank [HKLM\Software\Wow6432Node\Software] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O61 - LFC: 06/10/2014 - 14:57:39 ---A- . (.Nullsoft.) -- C:\Users\anthony\Downloads\Adobe Acrobat Pro\Adobe Acrobat Pro.exe [12582912] O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O43 - CFD: 08/07/2013 - 11:43:56 - [] ----D C:\ProgramData\APN O43 - CFD: 24/08/2014 - 20:40:27 - [0] ----D C:\Users\anthony\AppData\Local\CRE