cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.10.12.145 - Nicolas Coolman (12/10/2014)
~ Launched by fadee (10/03/2015 07:36:50 م)
~ Web site address : http://nicolascoolman.fr
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Deactivate by user
~ Elevation of privilege : OK
~ User Account Control :


---\\ Internet browsers
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
MFIE: Mozilla Firefox 32.0

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W7 (Activate)

---\\ System optimization software
CCleaner v4.17

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 10.0

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3955.7 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 22 GB (31%) free of 69 GB

---\\ Connection to the system mode
~ Computer Name: FADEE-PC
~ User Name: fadee
~ All Users Names: HomeGroupUser$, Guest, fadee, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\fadee\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\fadee\AppData\Roaming\
~ %Desktop% : C:\Users\fadee\Desktop\
~ %Favorites% : C:\Users\fadee\Favorites\
~ %LocalAppData% : C:\Users\fadee\AppData\Local\
~ %StartMenu% : C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 22 Go of 69 Go)
E: Hard drive, Flash drive, Thumb drive (Free 51 Go of 89 Go)
F: Hard drive, Flash drive, Thumb drive (Free 20 Go of 39 Go)
G: Hard drive, Flash drive, Thumb drive (Free 15 Go of 26 Go)
H: Hard drive, Flash drive, Thumb drive (Free 13 Go of 75 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
~ Security Center: 48 Scanned in :0mn صs



---\\ Search Generic System Files
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - مستكشف Windows.) (.14/07/2009 - 03:39:10 ص.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) (.14/07/2009 - 03:39:52 ص.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - ملحقات إنترنت لـ Win32.) (.14/07/2009 - 03:41:56 ص.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) (.14/07/2009 - 03:39:52 ص.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - مكتبة تراخيص البرامج.) (.14/07/2009 - 03:41:54 ص.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 01:21:42 ص.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 03:52:21 ص.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 01:19:47 ص.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 01:19:54 ص.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 01:23:44 ص.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 02:06:13 ص.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - برنامج تشغيل منفذ i8042.) (.14/07/2009 - 01:19:57 ص.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 02:10:03 ص.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 01:24:00 ص.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 01:21:29 ص.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - NT File System Driver.) (.14/07/2009 - 03:48:27 ص.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - برنامج تشغيل المنفذ المتوازي.) (.14/07/2009 - 02:00:41 ص.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 02:10:12 ص.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 02:18:02 ص.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 02:09:09 ص.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 01:21:15 ص.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - برنامج تشغيل خدمة ملفات الظل الاحتياطية لوحدة التخزين.) (.14/07/2009 - 03:45:55 ص.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/126
~ Mes musiques (My Musics) : 1/57
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 3/1141
~ Mon Bureau (My Desktop) : 1/429
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in :0mn صs



---\\ Process running
[MD5.306B854733D335FB60EC99DD32CBDDD4] - (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe [149040] [PID.3088]
[MD5.81377AAED0104C163B393E6FCEA008CC] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [330800] [PID.3296]
[MD5.C33C818E4893BCB27C67B04D8ED8222A] - (.广州铁人网络科技有限公司 - PP助手连接模块.) -- C:\Program Files (x86)\PP助手2.0\adevicehelpermon.exe [247008] [PID.3304]
[MD5.22D74494BC093CA6B2396CB3A166D2C0] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe [257072] [PID.3336]
[MD5.B032590A88B90F9E34C9949996B14F7A] - (...) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe [821600] [PID.3592]
[MD5.084F1404AE15651DF5F5246C2E3D5569] - (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [60920] [PID.3664]
[MD5.AB64335287D93ED28AF614E3A5BDB44D] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768] [PID.3772]
[MD5.59069C831AB78064EBAA5270AB5EA7A8] - (.No owner - AutoDect.) -- C:\Program Files (x86)\Qtel Mobile Broadband\AutoDect.exe [129872] [PID.3388]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.3748]
[MD5.6EBB0EB2CCC4D2E1562C6588B0646350] - (...) -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe [653640] [PID.1716]
[MD5.5F3587E344F2990B59C941FB405CAA0F] - (.Google Inc. - Google Chrome.) -- c:\users\fadee\appdata\local\google\chrome\application\chrome.exe [856904] [PID.4872]
[MD5.122FC4E3E430AA4CE4E73602B1B10395] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8112640] [PID.3456]
[MD5.BF0A06FEF29578125C6F2481E7BBB156] - (.Lenovo - ThinkVantage Access Connections Profile Man.) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [133464] [PID.1740]
[MD5.650D03E40F93FAE323CB841F80368E5C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744] [PID.1792]
[MD5.27A6C0D6DF4734852A9065624F3580D4] - (...) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe [65536] [PID.1868]
[MD5.E18418F0D4AC09111C8E684913B752FC] - (.Connectify - Connectifyd.) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe [287592] [PID.1912]
[MD5.6C5B729C5934E2D8EC0BD6762AAE9251] - (...) -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608] [PID.1920]
[MD5.2CFEA9C337B699ACA38487E8A7438F35] - (.AnchorFree Inc. - No Comment.) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [363336] [PID.1988]
[MD5.564BAB77CD96CE0E3FD5BBCDDED142DF] - (...) -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544] [PID.2016]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1044]
[MD5.26EABEEA7F30DCF21DA0577C4EE26FAA] - (.Foxit Corporation - Foxit Cloud Safe Update Service.) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216] [PID.1564]
[MD5.5C8BC8A28798FD010E7ABC4E0D588CAA] - (.Nero AG - NService Application.) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368] [PID.348]
[MD5.403F6798A847D9F98B650D27D0FA3FD3] - (.Lenovo Group Limited - Camera Mute Control Service for ThinkPad.) -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [44024] [PID.1892]
[MD5.00F2E095C36199D8BF14A8E40CDBC2D0] - (.Lenovo Group Limited - Microphone volume control service.) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [62456] [PID.2028]
[MD5.446462BBA744DA60379574926FD51EAB] - (.No owner - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912] [PID.2060]
[MD5.F7B2314456B1676777AA9FFEF6776B45] - (.Lenovo Group Limited - On screen display Fn+Fx handler.) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [125488] [PID.2228]
[MD5.7EDD3C57A3BDD3BACF59608B9D3F7ED4] - (.Lenovo - ThinkVantage Access Connections Main Servic.) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [272728] [PID.2352]
[MD5.A062A18F4F792534F898AEB3BD723D01] - (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128] [PID.2448]
[MD5.75BF8207F2EC3755DD7F49957ED276D1] - (.Lenovo - ThinkVantage Access Connections Service GUI.) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe [610304] [PID.3404]
~ Processes Running: Scanned in :0mn صs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] ط¹ط±ظˆط¶ Google ط§ظ„طھظ‚ط¯ظٹظ…ظٹط© v.0.9 (Activé)
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] ط§ظ„ط³ظˆظ‚ ط§ظ„ط¥ظ„ظƒطھط±ظˆظ†ظٹ v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] ظ…ط­ط±ظ‘ط± ظ…ط³طھظ†ط¯ط§طھ Google v.0.9 (Activé)
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.4 (Activé)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Youtube v.4.2.7 (Activé)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] ط¨ط­ط« Google v.0.0.0.20 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] ط¬ط¯ط§ظˆظ„ ط¨ظٹط§ظ†ط§طھ Google v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.8.64 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Google+ Hangouts v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.8 (Activé)

---\\ Google Chrome Extension Folder
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [ط¹ط±ظˆط¶ Google ط§ظ„طھظ‚ط¯ظٹظ…ظٹط©]
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [ظ…ط­ط±ظ‘ط± ظ…ط³طھظ†ط¯ط§طھ Google]
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [Google Drive]
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [Youtube]
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [ط¨ط­ط« Google]
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [ط¬ط¯ط§ظˆظ„ ط¨ظٹط§ظ†ط§طھ Google ]
G2 - EXT: C:\Users\fadee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [Gmail]
~ Google Lines Browser: 25 Scanned in :0mn صs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\fadee\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\fadee\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
~ Firefox Browser: 2 Scanned in :0mn صs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - مستعرض إنترنت.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 20 Scanned in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
O1 - Hosts: 127.0.0.2 d3.connectify.me
O1 - Hosts: 127.0.0.2 b.connectify.me
O1 - Hosts: 127.0.0.2 bc.connectify.me
~ Nombre lignes détournées 3/12 (Hosts file redirected)
~ Hosts File: Scanned in :0mn صs



---\\ Browser Helper Objects (O2)
O2 - BHO: DiegiSaVaeeR [64Bits] - {07d48b07-bc38-4de5-8f20-b191601b6998} . (...) -- C:\Program Files (x86)\DiegiSaVaeeR\dMJYvYBZFATjXW.dll =>PUP.DiGiSaver
O2 - BHO: SaveLoots [64Bits] - {0b01fcea-b929-47f6-ab78-6be1670436c1} . (...) -- C:\Program Files (x86)\SaveLoots\wezQjxegNmHP3v.dll
O2 - BHO: ALlSaver [64Bits] - {8e3d4d2f-eced-4fb6-9f4c-6764d8130b13} . (...) -- C:\Program Files (x86)\ALlSaver\C4Zozx7Pl2rwqI.dll =>PUP.AllSaver
O2 - BHO: NNEwSaaver [64Bits] - {a4ecdaf3-05ef-4da6-b4c9-88b456d436f3} . (...) -- C:\Program Files (x86)\NNEwSaaver\qYWVAYhgkzUc3j.dll =>PUP.NewSaver
~ BHO: 8 Scanned in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] . (.Lenovo Group Limited - Microphone volume control module.) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] . (.Lenovo - Access Connections Toolbar Enabler Module.) -- C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [UnlockerAssistant] . (...) -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Wow6432Node\Run: [autodetect] . (.No owner - AutoDect.) -- C:\Program Files (x86)\Qtel Mobile Broadband\AutoDect.exe
O4 - HKUS\S-1-5-21-34178861-3422025905-3898277517-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in :0mn صs



---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in :0mn صs



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - موفر Shim لتسمية البريد الإلكتروني.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
~ Winsock: 8 Scanned in :0mn صs



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in :0mn صs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE6FC95-C2B5-4C82-9A4E-4055A20524D4}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7BB26F1-6F52-404C-9F41-3D146EB7BD0E}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB8E0A4A-DAAA-4818-B567-1BDC5E214BA5}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{81254F09-67B0-4C99-AD87-70D41FEB2F56}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5B2C610-DA56-43C6-BB26-A3707083DD35}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AE6FC95-C2B5-4C82-9A4E-4055A20524D4}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7BB26F1-6F52-404C-9F41-3D146EB7BD0E}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB8E0A4A-DAAA-4818-B567-1BDC5E214BA5}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{81254F09-67B0-4C99-AD87-70D41FEB2F56}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B5B2C610-DA56-43C6-BB26-A3707083DD35}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AE6FC95-C2B5-4C82-9A4E-4055A20524D4}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{D7BB26F1-6F52-404C-9F41-3D146EB7BD0E}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB8E0A4A-DAAA-4818-B567-1BDC5E214BA5}: NameServer = 94.252.181.132 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{81254F09-67B0-4C99-AD87-70D41FEB2F56}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B5B2C610-DA56-43C6-BB26-A3707083DD35}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in :0mn صs



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\system32\CbFsMntNtf3.dll
~ SSODL: 2 Scanned in :0mn صs



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\SysWOW64\CbFsMntNtf3.dll
~ STS/SSO: Scanned in :0mn صs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (AcPrfMgrSvc) . (.Lenovo - ThinkVantage Access Connections Profile Man.) - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: (AcSvc) . (.Lenovo - ThinkVantage Access Connections Main Servic.) - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify (Connectify) . (...) - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: Expat Shield Service (ExpatShieldService) . (...) - C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
O23 - Service: Expat Shield Routing Service (ExpatSrv) . (.AnchorFree Inc. - No Comment.) - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
O23 - Service: Expat Shield Monitoring Service (ExpatWd) . (...) - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
O23 - Service: DeltaFix (fc67e7a0) . (...) - c:\Program Files (x86)\DeltaFix\DeltaFix.dll
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Corporation - Foxit Cloud Safe Update Service.) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: HTCMonitorService (HTCMonitorService) . (.Nero AG - NService Application.) - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo. - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) . (.Lenovo Group Limited - Camera Mute Control Service for ThinkPad.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) . (.Lenovo Group Limited - Microphone volume control service.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 305.9.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) . (.No owner - PassThruSvr Application.) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PP Assistant Service (PP Assistant Service) . (.No owner - PP助手辅助模块.) - C:\Program Files (x86)\PP助手2.0\adevicehelpersvr.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited - ThinkPad Message Client Loader.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
~ Services: 21 Scanned in :0mn صs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in :0mn صs



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in :0mn صs



---\\ Task Planned Automatically (039)
[MD5.816B4925CC73512A2DEBF625DABCCAB6] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4796696]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000Core] (.Google Inc..) -- C:\Users\fadee\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000UA] (.Google Inc..) -- C:\Users\fadee\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000Core - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000Core.job [800]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000Core - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000Core [800]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000UA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000UA.job [852]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000UA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-34178861-3422025905-3898277517-1000UA [852]
~ Scheduled Task: 5 Scanned in :0mn صs



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - ‎‎موارد Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - إدراج علامة تجارية لـ IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API لنُسق Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - ‎‎بريد Windows.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - امتداد Shell الخاص بمجلد Microsoft Internet Explorer FTP.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - ‎‎موارد Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لـ Windows Shell.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 11 Scanned in :0mn صs



---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (cnnctfy2) . (.Connectify - NDIS filter driver.) - C:\Windows\System32\DRIVERS\cnnctfy2.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiifx64.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - QoS Packet Scheduler.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - برنامج تشغيل النظام الفرعي لتخزين القرص الم.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Drivers: 69 Scanned in :0mn صs



---\\ Software installed (O42)
O42 - Logiciel: ALlSaver - (."".) [HKLM][64Bits] -- {F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62} =>PUP.AllSaver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {A0087DDE-69D0-11E2-AD57-43CA6188709B}
O42 - Logiciel: Adobe Flash Player 10.0 - (...) [HKLM][64Bits] -- Adobe Flash Player 10.0
O42 - Logiciel: AidePlus - (.BrickProlonger.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {BDD99690-3541-4619-9D2A-3CDDB3E15F9E}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
O42 - Logiciel: Ayat - (.UNKNOWN.) [HKLM][64Bits] -- sa.edu.ksa.ayat
O42 - Logiciel: Ayat - (.UNKNOWN.) [HKLM][64Bits] -- {64FBD444-E40B-60AE-43F3-02854FD1DB24}
O42 - Logiciel: BitSaVer - (."".) [HKLM][64Bits] -- {A3FC46A0-9B62-0EF3-B475-743B3A2762B1} =>PUP.BitSaver
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner
O42 - Logiciel: Conexant 20585 SmartAudio HD - (.Conexant.) [HKLM][64Bits] -- CNXT_AUDIO_HDA
O42 - Logiciel: Connectify Hotspot - (.Connectify.) [HKLM][64Bits] -- Connectify
O42 - Logiciel: DiegiSaVaeeR - (."".) [HKLM][64Bits] -- {7223EDAC-E091-B3C1-BD91-B66CE557800F} =>PUP.DiGiSaver
O42 - Logiciel: Expat Shield 2.25 - (.AnchorFree.) [HKLM][64Bits] -- ExpatShield
O42 - Logiciel: Foxit Cloud - (.Foxit Corporation.) [HKLM][64Bits] -- {41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1
O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM][64Bits] -- Foxit Reader_is1
O42 - Logiciel: Google Chrome - (.Google Inc‎.‎.) [HKCU][64Bits] -- Google Chrome
O42 - Logiciel: HTC Bootloader Unlock version 0.2.0.1819 - (.Kingosoft Technology Ltd..) [HKLM][64Bits] -- {B8253ECD-90C5-4905-97E4-6B635585F31D}_is1
O42 - Logiciel: HTC Driver Installer - (.اسم شركتك.) [HKLM][64Bits] -- {4CEEE5D0-F905-4688-B9F9-ECC710507796}
O42 - Logiciel: HTC Sync Manager - (.HTC.) [HKLM][64Bits] -- {231D0C79-98A6-4693-A366-36DE7D7346EC}
O42 - Logiciel: IPTInstaller - (.HTC.) [HKLM][64Bits] -- {08208143-777D-4A06-BB54-71BF0AD1BB70}
O42 - Logiciel: Internet Download Manager - (.Tonek Inc..) [HKLM][64Bits] -- Internet Download Manager
O42 - Logiciel: JoneiCOupoN - (."".) [HKLM][64Bits] -- {51417852-174C-88D4-34A0-D0FE7858BE47} =>PUP.JoniCoupon
O42 - Logiciel: Kingo ROOT version 1.3.4.2252 - (.Kingosoft Technology Ltd..) [HKLM][64Bits] -- {AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1
O42 - Logiciel: Lenovo Patch Utility 64 bit - (.Lenovo Group Limited.) [HKLM][64Bits] -- {0369F866-2CE0-4EB9-B426-88FA122C6E82}
O42 - Logiciel: Lenovo System Interface Driver - (...) [HKLM][64Bits] -- LENOVO.SMIIF
O42 - Logiciel: Listen on Repeat Youtube Video Repeater - (."".) [HKLM][64Bits] -- {478472F9-9E09-492A-BDAB-42EE595EF1AD}
O42 - Logiciel: MPC-HC 1.7.1 - (.MPC-HC Team.) [HKLM][64Bits] -- {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1
O42 - Logiciel: MSVC90_x64 - (.Nokia.) [HKLM][64Bits] -- {AB071C8B-873C-459F-ACA9-9EBE03C3E89B}
O42 - Logiciel: MSVC90_x86 - (.Nokia.) [HKLM][64Bits] -- {AF111648-99A1-453E-81DD-80DBBF6DAD0D}
O42 - Logiciel: MiniTool Partition Wizard Professional Edition 5.2 - (.MiniTool Solution Ltd..) [HKLM][64Bits] -- {05366B44-A2DD-436C-AD1B-532156CCC619}_is1
O42 - Logiciel: Mobile Partner - (.Huawei Technologies Co.,Ltd.) [HKLM][64Bits] -- Mobile Partner
O42 - Logiciel: Mozilla Firefox 32.0 (x86 ar) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 32.0 (x86 ar)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: NNEwSaaver - (."".) [HKLM][64Bits] -- {6A08B379-76FB-B4CF-0C70-CAFCD3635A77} =>PUP.NewSaver
O42 - Logiciel: NVIDIA NView 136.49 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView
O42 - Logiciel: NVIDIA برنامج تشغيل الرسومات 305.93 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NetaoCCoUpon - (."".) [HKLM][64Bits] -- {317D8BB4-16C3-CFBD-3777-AED69667DA46} =>PUP.NetCoupon
O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM][64Bits] -- {A57025CC-5F2E-4D01-B387-06DB10500D43}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM][64Bits] -- Nokia PC Suite
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM][64Bits] -- {866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}
O42 - Logiciel: On Screen Display - (...) [HKLM][64Bits] -- OnScreenDisplay
O42 - Logiciel: One Click Root - (.One Click Root.) [HKLM][64Bits] -- {7B63328E-EA08-4B31-9D5D-E78A6B95AFAD}
O42 - Logiciel: OpenDyslexic - (."".) [HKLM][64Bits] -- {B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM][64Bits] -- {644F4910-E812-49AD-93EC-86828CB81A0D}
O42 - Logiciel: PP助手2.0 - (.广州铁人网络科技有限公司.) [HKLM][64Bits] -- PP助手2.0 Win版
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM][64Bits] -- Picasa 3
O42 - Logiciel: Qtel Mobile Broadband - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: RRoboSaveer - (."".) [HKLM][64Bits] -- {BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} =>PUP.RoboSaver
O42 - Logiciel: Recuva - (.Piriform.) [HKLM][64Bits] -- Recuva
O42 - Logiciel: Right Click Image Converter - (...) [HKLM][64Bits] -- Kristanix Right Click Image Converter
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM][64Bits] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44}
O42 - Logiciel: SaveLoots - (."".) [HKLM][64Bits] -- {35E13884-BAC3-5F4A-799B-05F882E0BD9F}
O42 - Logiciel: SaveNewwaAPPz - (."".) [HKLM][64Bits] -- {7304C9D1-98AD-55F0-636E-22D8DD57F176} =>PUP.SaveNewAppz
O42 - Logiciel: SaverExtoensionn - (."".) [HKLM][64Bits] -- {274E3C5C-178E-EAE2-A52F-2863C0EECD46} =>PUP.SaverExtension
O42 - Logiciel: Similar Sites - (."".) [HKLM][64Bits] -- {C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
O42 - Logiciel: Skype™ 6.20 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
O42 - Logiciel: Supreme AdBlocker - (.Supreme AdBlocker.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1 =>PUP.Adblocker
O42 - Logiciel: TakeTHeCoUpon - (."".) [HKLM][64Bits] -- {53B21E29-3967-C332-57EB-C02631658584} =>PUP.TakeTheCoupon
O42 - Logiciel: Tarneeb xp - (.Issam Ali.) [HKLM][64Bits] -- {48841038-3931-4EFA-A2B6-B74B1D29C68C}
O42 - Logiciel: ThinkPad FullScreen Magnifier - (...) [HKLM][64Bits] -- ThinkPad FullScreen Magnifier
O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM][64Bits] -- Power Management Driver
O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM][64Bits] -- SynTPDeinstKey
O42 - Logiciel: ThinkVantage Access Connections - (.Lenovo.) [HKLM][64Bits] -- {8E537894-A559-4D60-B3CB-F4485E3D24E3}
O42 - Logiciel: ThinkVantage Communications Utility - (.Lenovo.) [HKLM][64Bits] -- {88C6A6D9-324C-46E8-BA87-563D14021442}_is1
O42 - Logiciel: Tongbu Assistant 2.2.0 - (.Xiamen Tongbu Network Ltd..) [HKLM][64Bits] -- Tongbu2
O42 - Logiciel: Unlocker 1.8.8 - (.Cedrick Collomb.) [HKLM][64Bits] -- Unlocker
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: Visual Basic 5.0 Professional Edition - (...) [HKLM][64Bits] -- VB5
O42 - Logiciel: Wassapp - (.Lowlevel Studios.) [HKLM][64Bits] -- {9F997E0A-276C-4BC7-B8C5-82C3CC1769A9}
O42 - Logiciel: WebcamMax - (...) [HKLM][64Bits] -- WebcamMax
O42 - Logiciel: WinRAR 5.10 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: Xbox LIVE Dashboard - (...) [HKLM][64Bits] -- {AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
O42 - Logiciel: YouTurn - (."".) [HKLM][64Bits] -- {98449C67-C7AF-BB53-112D-26C916814611}
O42 - Logiciel: YouWave for Android - (...) [HKLM][64Bits] -- YouWave
O42 - Logiciel: by . Ahmed REDA 6.23.1.3 - (.01100315055.) [HKLM][64Bits] -- by . Ahmed REDA 6.23.1.3
O42 - Logiciel: iExplorer 3.4.0.1 - (.Macroplant LLC.) [HKLM][64Bits] -- {7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1
O42 - Logiciel: iPhone Folders - (.Redart.) [HKLM][64Bits] -- {53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}
O42 - Logiciel: iPhoneBrowser - (.Cranium Consulting and Custom Software.) [HKLM][64Bits] -- {C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}
O42 - Logiciel: uniSiales - (...) [HKLM][64Bits] -- {4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
O42 - Logiciel: youtubeadblocker - (...) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.YouTuAdBlocker
O42 - Logiciel: أوزو ميديا لتحويل الصوتيات والفيديو 8 - (.Ozone Media Technology.) [HKLM][64Bits] -- {51EF1322-DC50-4308-8AC8-FD551E3BBEC8}_is1
O42 - Logiciel: حزمة برامج تشغيل Windows - AMD (amdkmpfd) System (07/09/2012 8.982.0.0000) - (.AMD.) [HKLM][64Bits] -- D6B07C0CE38E07F79808F31DF7C65BAF6D9E08E9
O42 - Logiciel: حزمة برامج تشغيل Windows - Conexant (CnxtHdAudService) MEDIA (10/20/2010 4 - (.Conexant.) [HKLM][64Bits] -- 79EC4CEF80910F8244C0C7717E8E2D6FC1116188
O42 - Logiciel: حزمة برامج تشغيل Windows - Conexant (CnxtHdAudService) MEDIA (10/20/2010 4 - (.Conexant.) [HKLM][64Bits] -- 9458132512E61857E88952BEEFF3F08735DA6E10
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (HECIx64) System (09/17/2009 6.0.0.1179) - (.Intel.) [HKLM][64Bits] -- 30A4777E896192B8D398199AE1AB235B69BAB26D
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (Impcd) System (02/26/2010 01.02.00.1002) - (.Intel.) [HKLM][64Bits] -- 72A1288AD1FD92CA44C28F8A5B2B982B4569234E
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (NETwNs64) net (10/27/2011 14.3.0.6) - (.Intel.) [HKLM][64Bits] -- 75AC60724563D6CE4EC173A96E919948760F0DFE
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (NETwNs64) net (11/29/2011 15.0.0.75) - (.Intel.) [HKLM][64Bits] -- 845E564BAE975482FB7B778B84AD2938C9534679
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (NETwNv64) net (10/27/2011 14.3.0.6) - (.Intel.) [HKLM][64Bits] -- 0DEB03BDC0628B79F1C871FD134FC6027966A0FC
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (e1kexpress) Net (06/21/2012 11.16.87.0) - (.Intel.) [HKLM][64Bits] -- FD22DAC0BA01886DE857C4ECE8AD98E7AEBB5CE9
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (iaStor) hdc (10/17/2011 10.8.0.1003) - (.Intel.) [HKLM][64Bits] -- 4D0C3CE71E3E56C85A44C7C0A8F3984B6762569C
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) - (.Intel.) [HKLM][64Bits] -- 73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel (iusb3hcs) System (05/21/2012 1.0.5.235) - (.Intel.) [HKLM][64Bits] -- 4804A0773F53B77BF4F194AF8D45D4AB935523EF
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel Corporation (iaStorA) HDC (07/31/2012 11. - (.Intel Corporation.) [HKLM][64Bits] -- EAA734DAFEE136CD21CC365B29F72F2D6C53BE1D
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel Corporation (iaStorA) HDC (09/01/2012 11. - (.Intel Corporation.) [HKLM][64Bits] -- C5447D3383070620C3892FF393F522D6225CBA13
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel System (06/08/2010 1.0.0.0002) - (.Intel.) [HKLM][64Bits] -- 9211BB4F3B42621F5ACA608E4FD9736D7D66A7E3
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel System (10/28/2009 9.1.1.1022) - (.Intel.) [HKLM][64Bits] -- 573C3C32A1DB5625CA00E633E584E8A0E6383672
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel System (10/28/2009 9.1.1.1022) - (.Intel.) [HKLM][64Bits] -- D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel System (11/07/2008 7.0.1.1011) - (.Intel.) [HKLM][64Bits] -- 019BA247F4BF373BFF125045DCD742221AF9A191
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel USB (08/20/2009 9.1.1.1020) - (.Intel.) [HKLM][64Bits] -- A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9
O42 - Logiciel: حزمة برامج تشغيل Windows - Intel hdc (06/08/2010 7.0.0.1013) - (.Intel.) [HKLM][64Bits] -- FF1953CFE4B2D49E4631CEBB994B797CD6869771
O42 - Logiciel: حزمة برامج تشغيل Windows - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) - (.Lenovo.) [HKLM][64Bits] -- 01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B
O42 - Logiciel: حزمة برامج تشغيل Windows - NVIDIA (nvlddmkm) Display (08/18/2012 9.18.13.0 - (.NVIDIA.) [HKLM][64Bits] -- ACD04B2625AD5490AF8779D25D2616FDCE6F6949
O42 - Logiciel: حزمة برامج تشغيل Windows - NVIDIA (nvlddmkm) Display (08/18/2012 9.18.13.0 - (.NVIDIA.) [HKLM][64Bits] -- D87E84622A6D243D1BA79A68ED512AE0FF262E7D
O42 - Logiciel: حزمة برامج تشغيل Windows - NVIDIA (nvlddmkm) Display (08/30/2012 9.18.13.0 - (.NVIDIA.) [HKLM][64Bits] -- 33A00C3CA8D6D2FE086BC6C6D410073D21A4C282
O42 - Logiciel: حزمة برامج تشغيل Windows - NVIDIA Corporation (NVHDA) MEDIA (07/03/2012 1. - (.NVIDIA Corporation.) [HKLM][64Bits] -- 591845E0E6DDB406A109597AD8EAB8A588AD6D85
O42 - Logiciel: حزمة برامج تشغيل Windows - Nokia Modem (02/25/2011 4.7) - (.Nokia.) [HKLM][64Bits] -- E0AC723A3DE3A04256288CADBBB011B112AED454
O42 - Logiciel: حزمة برامج تشغيل Windows - Nokia Modem (02/25/2011 7.01.0.9) - (.Nokia.) [HKLM][64Bits] -- 72A50F48CC5601190B9C4E74D81161693133E7F7
O42 - Logiciel: حزمة برامج تشغيل Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0 - (.Nokia.) [HKLM][64Bits] -- 62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F
O42 - Logiciel: حزمة برامج تشغيل Windows - Ricoh Company (risdpcie) hdc (10/28/2009 6.10.0 - (.Ricoh Company.) [HKLM][64Bits] -- 6313DE2DF49FD38697AD6D795460619E0906AF9C
O42 - Logiciel: حزمة برامج تشغيل Windows - Ricoh Company MS Host Controller (06/01/2011 6.1 - (.Ricoh Company.) [HKLM][64Bits] -- CED6B88B28F73E02C8AD2C00DAFAB81EA16AD33C
O42 - Logiciel: حزمة برامج تشغيل Windows - Ricoh Company MS Host Controller (10/26/2009 6.1 - (.Ricoh Company.) [HKLM][64Bits] -- FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF
O42 - Logiciel: دعم تطبيق Apple - (.Apple Inc..) [HKLM][64Bits] -- {83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}
~ Logic: 90 Scanned in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARAR]
[HKCU\Software\AnchorFree]
[HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
[HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Connectify]
[HKCU\Software\DownloadManager]
[HKCU\Software\Dropbox]
[HKCU\Software\ExpatShield]
[HKCU\Software\Foxit Software]
[HKCU\Software\GN2]
[HKCU\Software\Google]
[HKCU\Software\HTC]
[HKCU\Software\IBM]
[HKCU\Software\IM Providers]
[HKCU\Software\LENOVO]
[HKCU\Software\Lowlevel Studios]
[HKCU\Software\MPC-HC]
[HKCU\Software\Macromedia]
[HKCU\Software\Maxidix]
[HKCU\Software\MiniTool Solution Ltd.]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Screenshoter]
[HKCU\Software\Skype]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Teiron]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Viber]
[HKCU\Software\WebApp]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YouWave Android]
[HKCU\Software\drpsu]
[HKCU\Software\ihelper]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conexant]
[HKLM\Software\EldoS]
[HKLM\Software\GEAR Software]
[HKLM\Software\Google]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IBM]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\KONAMIPES6]
[HKLM\Software\Khronos]
[HKLM\Software\Lenovo]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\NeoSmart Technologies]
[HKLM\Software\Nokia]
[HKLM\Software\ODBC]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RT 7 Lite]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Sonic]
[HKLM\Software\Synaptics]
[HKLM\Software\VsMntNtf]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\Apple Computer, Inc.]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Caphyon]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Connectify]
[HKLM\Software\Wow6432Node\Debug]
[HKLM\Software\Wow6432Node\DivXNetworks]
[HKLM\Software\Wow6432Node\Foxit Software]
[HKLM\Software\Wow6432Node\GN2]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\HSS]
[HKLM\Software\Wow6432Node\HTC]
[HKLM\Software\Wow6432Node\Huawei technologies]
[HKLM\Software\Wow6432Node\IBM]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\IObit]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\KONAMIPES6]
[HKLM\Software\Wow6432Node\KONAMI]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Kristanix]
[HKLM\Software\Wow6432Node\Lenovo]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\MT Solution]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\Macserlen]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\Nokia]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\One Click Root]
[HKLM\Software\Wow6432Node\Osen Kusnadi]
[HKLM\Software\Wow6432Node\PC Connectivity Solution]
[HKLM\Software\Wow6432Node\PCSuite]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Qtel Mobile Broadband]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Swearware]
[HKLM\Software\Wow6432Node\VMware, Inc.]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\VsMntNtf]
[HKLM\Software\Wow6432Node\ZTEUSBDriverFlag]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZTEUSBDriverFlag]
~ Key Software: 348 Scanned in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/10/2014 - 12:41:57 ص - [] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 14/10/2014 - 12:52:11 ص - [] ----D C:\Program Files (x86)\Adobe Flash Player
O43 - CFD: 06/03/2015 - 01:30:58 ص - [] ----D C:\Program Files (x86)\ALlSaver =>PUP.AllSaver
O43 - CFD: 11/10/2014 - 01:10:43 ص - [] ----D C:\Program Files (x86)\Apple Software Update =>.Apple Inc
O43 - CFD: 14/10/2014 - 12:42:01 ص - [] ----D C:\Program Files (x86)\Ayat
O43 - CFD: 18/02/2015 - 01:17:47 ص - [] ----D C:\Program Files (x86)\BitSaVer =>PUP.BitSaver
O43 - CFD: 11/10/2014 - 01:10:31 ص - [] ----D C:\Program Files (x86)\Bonjour
O43 - CFD: 08/03/2015 - 03:12:12 م - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 16/11/2014 - 07:27:27 ص - [] ----D C:\Program Files (x86)\Connectify
O43 - CFD: 10/01/2015 - 07:46:15 ص - [] ----D C:\Program Files (x86)\DeltaFix
O43 - CFD: 16/11/2014 - 07:07:17 م - [] ----D C:\Program Files (x86)\DevStudio
O43 - CFD: 06/03/2015 - 02:30:11 م - [] ----D C:\Program Files (x86)\DiegiSaVaeeR =>PUP.DiGiSaver
O43 - CFD: 18/10/2014 - 11:50:35 ص - [] ----D C:\Program Files (x86)\Expat Shield
O43 - CFD: 06/03/2015 - 01:30:58 ص - [] ----D C:\Program Files (x86)\ExsTraiSSaavings =>PUP.ExtraSavings
O43 - CFD: 14/10/2014 - 12:55:52 ص - [] ----D C:\Program Files (x86)\Foxit Software
O43 - CFD: 14/10/2014 - 12:23:01 ص - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 08/03/2015 - 03:12:06 م - [] ----D C:\Program Files (x86)\HTC
O43 - CFD: 08/03/2015 - 03:14:47 م - [] ----D C:\Program Files (x86)\HTC Bootloader Unlock
O43 - CFD: 01/11/2014 - 02:52:27 م - [] ----D C:\Program Files (x86)\iExplorer
O43 - CFD: 25/10/2014 - 10:38:11 م - [] ----D C:\Program Files (x86)\InstallAffixationInfo
O43 - CFD: 14/10/2014 - 12:42:03 ص - [] --H-D C:\Program Files (x86)\InstallJammer Registry
O43 - CFD: 25/10/2014 - 10:38:01 م - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 08/03/2015 - 10:30:49 ص - [] ----D C:\Program Files (x86)\Internet Download Manager
O43 - CFD: 26/06/2012 - 05:23:28 م - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 13/01/2015 - 01:02:25 ص - [] ----D C:\Program Files (x86)\iPhone Folders
O43 - CFD: 04/11/2014 - 07:56:36 م - [] ----D C:\Program Files (x86)\iPhoneBrowser
O43 - CFD: 06/10/2014 - 06:30:40 م - [] ----D C:\Program Files (x86)\iTunes
O43 - CFD: 28/02/2015 - 09:00:56 م - [] ----D C:\Program Files (x86)\JoneiCOupoN =>PUP.JoniCoupon
O43 - CFD: 08/03/2015 - 03:16:34 م - [] ----D C:\Program Files (x86)\Kingo ROOT
O43 - CFD: 11/10/2014 - 12:47:39 ص - [] ----D C:\Program Files (x86)\KONAMI
O43 - CFD: 14/10/2014 - 12:52:27 ص - [] ----D C:\Program Files (x86)\Kristanix
O43 - CFD: 11/10/2014 - 12:43:07 ص - [] ----D C:\Program Files (x86)\Lenovo
O43 - CFD: 28/02/2015 - 09:00:54 م - [] ----D C:\Program Files (x86)\Listen on Repeat Youtube Video Repeater
O43 - CFD: 30/10/2014 - 11:43:06 م - [] ----D C:\Program Files (x86)\Lowlevel Studios
O43 - CFD: 17/10/2014 - 01:04:18 م - [] ----D C:\Program Files (x86)\Maxidix Wifi Suite
O43 - CFD: 11/10/2014 - 01:48:08 ص - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 11/10/2014 - 01:48:04 ص - [] ----D C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 11/10/2014 - 01:46:22 ص - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 11/10/2014 - 01:48:16 ص - [] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 11/10/2014 - 01:47:51 ص - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 11/10/2014 - 01:15:22 ص - [] ----D C:\Program Files (x86)\MiniTool Partition Wizard Professional Edition 5.2
O43 - CFD: 13/10/2014 - 04:06:10 م - [] ----D C:\Program Files (x86)\Mobile Partner
O43 - CFD: 08/03/2015 - 10:34:47 ص - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 08/03/2015 - 10:34:51 ص - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 24/11/2014 - 01:06:01 ص - [] ----D C:\Program Files (x86)\MPC-HC
O43 - CFD: 11/10/2014 - 01:48:12 ص - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 11/10/2014 - 01:49:38 ص - [] ----D C:\Program Files (x86)\MSECache
O43 - CFD: 06/03/2015 - 01:30:58 ص - [] ----D C:\Program Files (x86)\NetaoCCoUpon =>PUP.NetCoupon
O43 - CFD: 06/03/2015 - 01:31:44 ص - [] ----D C:\Program Files (x86)\NNEwSaaver =>PUP.NewSaver
O43 - CFD: 14/10/2014 - 12:57:54 ص - [] ----D C:\Program Files (x86)\Nokia
O43 - CFD: 08/03/2015 - 11:55:58 ص - [] ----D C:\Program Files (x86)\One Click Root
O43 - CFD: 06/03/2015 - 02:29:52 م - [] ----D C:\Program Files (x86)\OpenDyslexic
O43 - CFD: 14/10/2014 - 12:52:55 ص - [] ----D C:\Program Files (x86)\Ozone
O43 - CFD: 14/10/2014 - 12:57:46 ص - [] ----D C:\Program Files (x86)\PC Connectivity Solution
O43 - CFD: 01/11/2014 - 02:45:31 م - [] ----D C:\Program Files (x86)\PP助手2.0
O43 - CFD: 11/11/2014 - 05:33:33 م - [] ----D C:\Program Files (x86)\Qtel Mobile Broadband
O43 - CFD: 14/07/2009 - 07:32:38 ص - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 28/02/2015 - 10:38:00 ص - [] ----D C:\Program Files (x86)\RoboSaaver =>PUP.RoboSaver
O43 - CFD: 06/03/2015 - 02:29:56 م - [] ----D C:\Program Files (x86)\RRoboSaveer =>PUP.RoboSaver
O43 - CFD: 06/03/2015 - 02:30:04 م - [] ----D C:\Program Files (x86)\SaveLoots
O43 - CFD: 06/03/2015 - 01:30:58 ص - [] ----D C:\Program Files (x86)\SaveNewwaAPPz =>PUP.SaveNewAppz
O43 - CFD: 06/03/2015 - 01:31:46 ص - [] ----D C:\Program Files (x86)\SaverExtoensionn =>PUP.SaverExtension
O43 - CFD: 06/03/2015 - 01:31:34 ص - [] ----D C:\Program Files (x86)\Similar Sites
O43 - CFD: 14/10/2014 - 12:24:27 ص - [] R---D C:\Program Files (x86)\Skype
O43 - CFD: 08/03/2015 - 03:11:25 م - [] ----D C:\Program Files (x86)\Spirent Communications
O43 - CFD: 06/03/2015 - 01:30:58 ص - [] ----D C:\Program Files (x86)\TakeTHeCoUpon =>PUP.TakeTheCoupon
O43 - CFD: 14/10/2014 - 12:09:44 ص - [] ----D C:\Program Files (x86)\Tarneeb
O43 - CFD: 18/10/2014 - 11:45:22 ص - [] ----D C:\Program Files (x86)\Tongbu
O43 - CFD: 10/01/2015 - 07:44:11 ص - [] ----D C:\Program Files (x86)\uniisales
O43 - CFD: 14/07/2009 - 06:57:06 ص - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 10/01/2015 - 07:44:36 ص - [] ----D C:\Program Files (x86)\uniSiales
O43 - CFD: 14/10/2014 - 12:51:28 ص - [] ----D C:\Program Files (x86)\Unlocker
O43 - CFD: 14/10/2014 - 12:33:18 ص - [] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 14/10/2014 - 12:26:42 ص - [] ----D C:\Program Files (x86)\WebcamMax
O43 - CFD: 26/06/2012 - 05:23:28 م - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 26/06/2012 - 05:23:28 م - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 26/06/2012 - 05:23:28 م - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 07:32:38 ص - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 26/06/2012 - 05:23:28 م - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:40 ص - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26/06/2012 - 05:23:28 م - [] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 10/01/2015 - 07:45:38 ص - [] ----D C:\Program Files (x86)\Xbox LIVE Dashboard
O43 - CFD: 10/01/2015 - 07:45:03 ص - [] ----D C:\Program Files (x86)\youtubeadblocker =>PUP.YouTuAdBlocker
O43 - CFD: 28/02/2015 - 10:38:38 ص - [] ----D C:\Program Files (x86)\YouTurn
O43 - CFD: 14/10/2014 - 12:30:28 ص - [] ----D C:\Program Files (x86)\YouWave Android
O43 - CFD: 14/10/2014 - 08:09:30 م - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 14/10/2014 - 12:41:57 ص - [] ----D C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 06/10/2014 - 06:30:11 م - [] ----D C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 11/10/2014 - 01:48:04 ص - [] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 04/11/2014 - 07:21:35 م - [] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 08/03/2015 - 03:12:12 م - [] ----D C:\Program Files (x86)\Common Files\Nero
O43 - CFD: 14/10/2014 - 12:57:54 ص - [] ----D C:\Program Files (x86)\Common Files\Nokia
O43 - CFD: 14/10/2014 - 12:57:55 ص - [] ----D C:\Program Files (x86)\Common Files\PCSuite
O43 - CFD: 14/07/2009 - 05:20:08 ص - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/10/2014 - 12:24:27 ص - [] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 14/07/2009 - 05:20:08 ص - [] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 11/10/2014 - 01:45:52 ص - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 10/03/2015 - 07:20:38 م - [] ----D C:\ProgramData\17533036834891368753
O43 - CFD: 06/10/2014 - 06:29:56 م - [] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 14/10/2014 - 12:41:58 ص - [] ----D C:\ProgramData\Adobe
O43 - CFD: 11/10/2014 - 01:10:41 ص - [] ----D C:\ProgramData\Apple
O43 - CFD: 11/10/2014 - 01:11:06 ص - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 07:08:56 ص - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 17/10/2014 - 12:24:20 ص - [] ----D C:\ProgramData\Connectify
O43 - CFD: 14/07/2009 - 07:08:56 ص - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:56 ص - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 06/10/2014 - 06:30:41 م - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 14/07/2009 - 07:08:56 ص - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 28/02/2015 - 10:37:22 ص - [] ----D C:\ProgramData\gjghkklpohpglbeegbdkmplfbimlihoc
O43 - CFD: 08/03/2015 - 03:12:24 م - [] ----D C:\ProgramData\HTC
O43 - CFD: 11/10/2014 - 01:09:04 ص - [0] ----D C:\ProgramData\IDM
O43 - CFD: 14/10/2014 - 12:57:03 ص - [] ----D C:\ProgramData\Installations
O43 - CFD: 14/10/2014 - 12:27:06 ص - [] ----D C:\ProgramData\IObit
O43 - CFD: 10/01/2015 - 07:43:37 ص - [] ----D C:\ProgramData\jimjdanimahfacodlidehgbgdfheffae
O43 - CFD: 18/02/2015 - 01:02:47 ص - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 11/10/2014 - 01:49:34 ص - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 13/10/2014 - 04:06:40 م - [] ----D C:\ProgramData\Mobile Partner
O43 - CFD: 08/03/2015 - 10:34:49 ص - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 11/10/2014 - 12:31:55 ص - [] ----D C:\ProgramData\NVIDIA
O43 - CFD: 11/10/2014 - 12:28:10 ص - [] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 13/10/2014 - 04:10:25 م - [] ----D C:\ProgramData\PC Suite
O43 - CFD: 10/01/2015 - 08:37:34 ص - [] ----D C:\ProgramData\Samsung
O43 - CFD: 14/10/2014 - 12:24:30 ص - [] ----D C:\ProgramData\Skype
O43 - CFD: 14/07/2009 - 07:08:56 ص - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 15/02/2015 - 02:50:21 م - [] ----D C:\ProgramData\Supreme AdBlocker =>PUP.Adblocker
O43 - CFD: 14/07/2009 - 07:08:56 ص - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 04/11/2014 - 07:36:05 م - [] ----D C:\ProgramData\VMware
O43 - CFD: 12/01/2015 - 01:01:45 ص - [] ----D C:\ProgramData\{6d21550e-4f21-4137-6d21-1550e4f25439}
O43 - CFD: 10/10/2014 - 11:59:43 م - [] -SH-D C:\ProgramData\سطح المكتب
O43 - CFD: 10/10/2014 - 11:59:44 م - [] -SH-D C:\ProgramData\قائمة ابدأ
O43 - CFD: 14/10/2014 - 12:41:58 ص - [] ----D C:\Users\fadee\AppData\Roaming\Adobe
O43 - CFD: 01/11/2014 - 02:45:25 م - [] ----D C:\Users\fadee\AppData\Roaming\ahelper
O43 - CFD: 08/03/2015 - 03:12:32 م - [] ----D C:\Users\fadee\AppData\Roaming\Apple Computer
O43 - CFD: 10/03/2015 - 04:25:47 م - [] ----D C:\Users\fadee\AppData\Roaming\DMCache
O43 - CFD: 11/10/2014 - 01:34:38 ص - [0] ----D C:\Users\fadee\AppData\Roaming\DRPSu
O43 - CFD: 14/10/2014 - 12:56:09 ص - [] ----D C:\Users\fadee\AppData\Roaming\Foxit Software
O43 - CFD: 08/03/2015 - 03:12:49 م - [] ----D C:\Users\fadee\AppData\Roaming\HTC
O43 - CFD: 11/10/2014 - 12:01:50 ص - [] ----D C:\Users\fadee\AppData\Roaming\Identities
O43 - CFD: 08/03/2015 - 12:00:08 م - [] ----D C:\Users\fadee\AppData\Roaming\IDM
O43 - CFD: 14/10/2014 - 12:27:06 ص - [] ----D C:\Users\fadee\AppData\Roaming\IObit
O43 - CFD: 08/03/2015 - 03:12:52 م - [] ----D C:\Users\fadee\AppData\Roaming\Kingosoft
O43 - CFD: 14/10/2014 - 12:41:57 ص - [] ----D C:\Users\fadee\AppData\Roaming\Macromedia
O43 - CFD: 17/10/2014 - 12:55:21 م - [] ----D C:\Users\fadee\AppData\Roaming\Maxidix Wifi Suite
O43 - CFD: 14/07/2009 - 09:45:14 ص - [0] ----D C:\Users\fadee\AppData\Roaming\Media Center Programs
O43 - CFD: 01/01/2015 - 03:00:07 م - [] -S--D C:\Users\fadee\AppData\Roaming\Microsoft
O43 - CFD: 08/03/2015 - 10:35:08 ص - [] ----D C:\Users\fadee\AppData\Roaming\Mozilla
O43 - CFD: 06/03/2015 - 07:03:53 م - [] ----D C:\Users\fadee\AppData\Roaming\MPC-HC
O43 - CFD: 13/10/2014 - 04:01:42 م - [] ----D C:\Users\fadee\AppData\Roaming\Nokia
O43 - CFD: 14/10/2014 - 12:31:03 ص - [] ----D C:\Users\fadee\AppData\Roaming\NVIDIA
O43 - CFD: 08/03/2015 - 11:55:40 ص - [] ----D C:\Users\fadee\AppData\Roaming\One Click Root
O43 - CFD: 13/10/2014 - 04:01:43 م - [] ----D C:\Users\fadee\AppData\Roaming\PC Suite
O43 - CFD: 14/10/2014 - 12:42:05 ص - [] ----D C:\Users\fadee\AppData\Roaming\sa.edu.ksa.ayat
O43 - CFD: 14/10/2014 - 12:59:32 ص - [] ----D C:\Users\fadee\AppData\Roaming\Skype
O43 - CFD: 01/11/2014 - 02:45:31 م - [] ----D C:\Users\fadee\AppData\Roaming\Teiron
O43 - CFD: 15/02/2015 - 02:35:24 م - [] ----D C:\Users\fadee\AppData\Roaming\ViberPC
O43 - CFD: 06/03/2015 - 07:03:20 م - [] ----D C:\Users\fadee\AppData\Roaming\vlc
O43 - CFD: 04/11/2014 - 07:35:12 م - [] ----D C:\Users\fadee\AppData\Roaming\VMware
O43 - CFD: 30/10/2014 - 11:43:30 م - [0] ----D C:\Users\fadee\AppData\Roaming\Wassapp
O43 - CFD: 11/10/2014 - 12:04:31 ص - [] ----D C:\Users\fadee\AppData\Roaming\WinRAR
O43 - CFD: 10/03/2015 - 07:37:18 م - [] ----D C:\Users\fadee\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14/10/2014 - 12:41:56 ص - [] ----D C:\Users\fadee\AppData\Local\Adobe
O43 - CFD: 11/10/2014 - 01:10:43 ص - [] ----D C:\Users\fadee\AppData\Local\Apple
O43 - CFD: 08/03/2015 - 03:12:33 م - [] ----D C:\Users\fadee\AppData\Local\Apple Computer
O43 - CFD: 11/10/2014 - 12:01:27 ص - [] -SH-D C:\Users\fadee\AppData\Local\Application Data
O43 - CFD: 08/03/2015 - 11:56:08 ص - [] ----D C:\Users\fadee\AppData\Local\AWSToolkit
O43 - CFD: 08/03/2015 - 03:10:39 م - [] ----D C:\Users\fadee\AppData\Local\Downloaded Installations
O43 - CFD: 14/11/2014 - 08:23:10 ص - [] ----D C:\Users\fadee\AppData\Local\Google
O43 - CFD: 11/10/2014 - 12:01:27 ص - [] -SH-D C:\Users\fadee\AppData\Local\History
O43 - CFD: 10/03/2015 - 06:40:30 م - [] ----D C:\Users\fadee\AppData\Local\HTC MediaHub
O43 - CFD: 01/11/2014 - 02:39:52 م - [] ----D C:\Users\fadee\AppData\Local\iSpirit
O43 - CFD: 08/03/2015 - 03:14:50 م - [] ----D C:\Users\fadee\AppData\Local\Kingo
O43 - CFD: 08/03/2015 - 03:12:49 م - [] ----D C:\Users\fadee\AppData\Local\Kingosoft
O43 - CFD: 01/11/2014 - 02:52:58 م - [] ----D C:\Users\fadee\AppData\Local\Macroplant_LLC
O43 - CFD: 01/02/2015 - 07:31:59 م - [] ----D C:\Users\fadee\AppData\Local\Microsoft
O43 - CFD: 11/10/2014 - 01:45:37 ص - [0] ----D C:\Users\fadee\AppData\Local\Microsoft Help
O43 - CFD: 08/03/2015 - 10:35:08 ص - [] ----D C:\Users\fadee\AppData\Local\Mozilla
O43 - CFD: 14/10/2014 - 12:22:06 ص - [] ----D C:\Users\fadee\AppData\Local\NeoSmart_Technologies
O43 - CFD: 31/10/2014 - 12:10:07 ص - [] ----D C:\Users\fadee\AppData\Local\pangu
O43 - CFD: 11/10/2014 - 12:39:12 ص - [] ----D C:\Users\fadee\AppData\Local\Programs
O43 - CFD: 14/10/2014 - 12:24:34 ص - [] ----D C:\Users\fadee\AppData\Local\Skype
O43 - CFD: 10/03/2015 - 07:37:18 م - [] ----D C:\Users\fadee\AppData\Local\Temp
O43 - CFD: 11/10/2014 - 12:01:27 ص - [] -SH-D C:\Users\fadee\AppData\Local\Temporary Internet Files
O43 - CFD: 08/02/2015 - 09:40:33 م - [] ----D C:\Users\fadee\AppData\Local\Viber
O43 - CFD: 21/10/2014 - 08:17:29 م - [] ----D C:\Users\fadee\AppData\Local\VirtualStore
O43 - CFD: 04/11/2014 - 07:26:42 م - [0] ----D C:\Users\fadee\AppData\Local\VMware
O43 - CFD: 14/07/2009 - 06:54:32 ص - [] R---D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 11/10/2014 - 12:02:06 ص - [] R---D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14/10/2014 - 12:52:11 ص - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Flash Player 10.0
O43 - CFD: 17/10/2014 - 01:04:59 م - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot
O43 - CFD: 11/10/2014 - 01:02:31 ص - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 06/03/2015 - 06:23:25 م - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 04/11/2014 - 07:56:36 م - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneBrowser
O43 - CFD: 14/07/2009 - 06:49:38 ص - [] R---D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 11/11/2014 - 06:10:44 م - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva
O43 - CFD: 14/10/2014 - 12:52:28 ص - [0] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Right Click Image Converter
O43 - CFD: 10/01/2015 - 07:42:48 ص - [] R---D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 14/10/2014 - 12:51:28 ص - [0] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
O43 - CFD: 11/10/2014 - 12:03:46 ص - [] ----D C:\Users\fadee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 198 Scanned in :0mn صs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.876AB51D957200A7861889A3631FA79F] - 06/03/2015 - 05:32:00 م ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.9E800241538049E956CBEFDF6E765283] - 08/03/2015 - 03:11:42 م ---A- . (...) -- C:\Windows\DPINST.LOG [15054]
O44 - LFC:[MD5.47ADA407726F19A09DF2D152B71C1251] - 08/03/2015 - 10:30:49 ص ---A- . (...) -- C:\Windows\PFRO.log [5994]
O44 - LFC:[MD5.E912A2D27AD37328BDFFCC8FE10CAC42] - 10/03/2015 - 04:13:35 م ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [446248]
O44 - LFC:[MD5.263FB5038AC1CEA37471641A18A588A0] - 10/03/2015 - 06:39:49 م -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.F98960C998F0DA0E46021ABDBB32D4A8] - 10/03/2015 - 06:39:50 م ---A- . (...) -- C:\Windows\setupact.log [25064]
O44 - LFC:[MD5.2B82026322C28DD5024095E13CBBE93C] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [4838152]
O44 - LFC:[MD5.B4B846D79BB408A6FCA29FF330A4DD05] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfc001.dat [95600]
O44 - LFC:[MD5.1874708AC7D0DA8AD5B31959102AEDB5] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfc007.dat [149768]
O44 - LFC:[MD5.2A2EC21ABB8D7ED80D989BBB819C1CF0] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfc009.dat [122776]
O44 - LFC:[MD5.ABA4C274F4F3089915D130D538D5693D] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfc00C.dat [150290]
O44 - LFC:[MD5.949D6909C92B7DF4195048E1F8EB6A54] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfc010.dat [147462]
O44 - LFC:[MD5.EBCF7AF8A065946B33618F0C84D32D5F] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfc019.dat [151492]
O44 - LFC:[MD5.BF6A7BABDE883D91F8E7F998E573C99A] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfh001.dat [481540]
O44 - LFC:[MD5.E36F17241F3C7F2816EB0A17DCB994B5] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfh007.dat [691962]
O44 - LFC:[MD5.FCFDE10C814417A73E1CBC374C8CA5A1] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfh009.dat [657068]
O44 - LFC:[MD5.151AB87AFD6C5F2A191A6F2617EC7F85] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfh00C.dat [740470]
O44 - LFC:[MD5.0157957EBC1BB5B298398EB0AC7B1942] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfh010.dat [734788]
O44 - LFC:[MD5.6F11901207FFB6A17272971B0A27E8CE] - 10/03/2015 - 06:46:16 م ---A- . (...) -- C:\Windows\System32\perfh019.dat [719300]
O44 - LFC:[MD5.94DC6485F51039A27F813C6FE38B1079] - 10/03/2015 - 07:17:49 م ---A- . (...) -- C:\Windows\WindowsUpdate.log [492583]
~ Files: 20 Scanned in :0mn صs



---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - مشغل عميل محرر تكوين أمان Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - حزمة أمان Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ LSA: 8 Scanned in :0mn صs



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - برنامج تشغيل عامل تصفية الماوس التسلسلي.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - برنامج تشغيل ملحق إدارة وحدة التخزين.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - برنامج تشغيل عامل تصفية الماوس التسلسلي.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - برنامج تشغيل ملحق إدارة وحدة التخزين.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in :0mn صs



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in :0mn صs



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Connectify [Key] . (.Connectify - Connectify.) -- C:\Program Files (x86)\Connectify\Connectify.exe
O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - مثبِّت Google.) -- C:\Users\fadee\AppData\Local\Google\Update\GoogleUpdate.exe
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O53 - SMSR:HKLM\...\startupreg\PC Suite Tray [Key] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - ‎‎الأدوات الذكية على سطح المكتب لـ Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (.No owner - Viber.) -- C:\Users\fadee\AppData\Local\Viber\Viber.exe
O53 - SMSR:HKLM\...\startupreg\WebcamMaxAutoRun [Key] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe
~ SMSR Keys: 8 Scanned in :0mn صs



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in :0mn صs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
~ MWPS: 13 Scanned in :0mn صs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ MWPE Keys: 2 Scanned in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [339536]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [182864]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [15440]
O58 - SDL:09/07/2012 - 06:19:26 م ---A- . (.Advanced Micro Devices, Inc. - AMD PCI Root Bus Lower Filter.) -- C:\Windows\System32\Drivers\amdkmpfd.sys [35496]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [106576]
O58 - SDL:14/07/2009 - 03:52:20 ص ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [194128]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [28752]
O58 - SDL:02/11/2009 - 06:16:50 م ---A- . (.HTC, Corporation - ADB Interface.) -- C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [87632]
O58 - SDL:14/07/2009 - 03:52:21 ص ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [97856]
O58 - SDL:10/06/2009 - 10:34:23 م ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60a.sys [270848]
O58 - SDL:10/06/2009 - 10:41:06 م ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [18432]
O58 - SDL:10/06/2009 - 10:41:06 م ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [8704]
O58 - SDL:14/07/2009 - 03:19:07 ص ---A- . (.Brother Industries Ltd. - برنامج تشغيل I/F التسلسلي لـ Brotehr (WDM)‎.) -- C:\Windows\System32\Drivers\BrSerId.sys [286720]
O58 - SDL:10/06/2009 - 10:41:10 م ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [47104]
O58 - SDL:10/06/2009 - 10:41:10 م ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976]
O58 - SDL:10/06/2009 - 10:41:10 م ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720]
O58 - SDL:10/06/2009 - 10:34:28 م ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [468480]
O58 - SDL:09/04/2012 - 04:27:34 م ---A- . (.EldoS Corporation - Callback File System Driver.) -- C:\Windows\System32\Drivers\cbfs3.sys [352144]
O58 - SDL:09/01/2012 - 04:28:18 م ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\ccdcmbox64.sys [27136]
O58 - SDL:09/01/2012 - 04:28:20 م ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\ccdcmbx64.sys [19968]
O58 - SDL:25/08/2010 - 10:46:18 ص ---A- . (.Conexant Systems Inc. - 64-bit High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\CHDRT64.sys [682624]
O58 - SDL:14/07/2009 - 03:52:31 ص ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [17488]
O58 - SDL:17/10/2014 - 01:04:55 م ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:17/10/2014 - 12:31:57 ص ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [42152]
O58 - SDL:02/02/2012 - 11:43:00 ص ---A- . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) -- C:\Windows\System32\Drivers\e1k62x64.sys [509104]
O58 - SDL:14/07/2009 - 03:47:48 ص ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 10:34:33 م ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3286016]
O58 - SDL:13/10/2014 - 04:05:57 م ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [29696]
O58 - SDL:13/10/2014 - 04:05:57 م ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbdev.sys [114304]
O58 - SDL:13/10/2014 - 04:05:57 م ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbmdm.sys [117248]
O58 - SDL:13/10/2014 - 04:05:57 م ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbnet.sys [243200]
O58 - SDL:21/08/2012 - 01:01:20 م ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240]
O58 - SDL:10/06/2009 - 10:31:59 م ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:18/09/2009 - 04:54:54 ص ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECIx64.sys [56344]
O58 - SDL:14/07/2009 - 03:47:48 ص ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [77888]
O58 - SDL:05/01/2012 - 01:01:56 ص ---A- . (.AnchorFree Inc. - Expat Shield Routing Driver.) -- C:\Windows\System32\Drivers\HssDrv.sys [56832]
O58 - SDL:17/10/2013 - 03:27:02 م ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:17/10/2011 - 05:55:32 م ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\System32\Drivers\iaStor.sys [559384]
O58 - SDL:01/09/2012 - 04:01:56 م ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\System32\Drivers\iaStorA.sys [647736]
O58 - SDL:01/09/2012 - 04:01:56 م ---A- . (.Intel Corporation - Intel Rapid Storage Technology Filter driver - x64.) -- C:\Windows\System32\Drivers\iaStorF.sys [28216]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [410688]
O58 - SDL:11/08/2011 - 09:20:42 ص ---A- . (.Lenovo. - ThinkPad Power Management Driver.) -- C:\Windows\System32\Drivers\ibmpmdrv.sys [39024]
O58 - SDL:29/11/2014 - 02:37:06 ص ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [180648]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [44112]
O58 - SDL:26/02/2010 - 03:32:14 م ---A- . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\Windows\System32\Drivers\Impcd.sys [158976]
O58 - SDL:21/05/2012 - 09:25:32 ص ---A- . (.Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Driver.) -- C:\Windows\System32\Drivers\iusb3hcs.sys [19264]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [114752]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [106560]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [65600]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [115776]
O58 - SDL:26/03/2011 - 09:37:12 ص ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [11776]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\System32\Drivers\megasas.sys [35392]
O58 - SDL:14/07/2009 - 03:48:04 ص ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [284736]
O58 - SDL:06/08/2013 - 02:13:30 م ---A- . (.Apple Inc. - Apple Mobile Device Ethernet.) -- C:\Windows\System32\Drivers\netaapl64.sys [23040]
O58 - SDL:31/10/2011 - 05:57:50 م ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\Drivers\NETwNs64.sys [8615936]
O58 - SDL:31/10/2011 - 05:45:16 م ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\Drivers\NETwNv64.sys [8399360]
O58 - SDL:14/07/2009 - 03:48:26 ص ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [51264]
O58 - SDL:03/07/2012 - 05:25:16 م ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\System32\Drivers\nvhda64v.sys [189288]
O58 - SDL:30/08/2012 - 09:14:00 م ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 306.23.) -- C:\Windows\System32\Drivers\nvlddmkm.sys [13391720]
O58 - SDL:14/07/2009 - 03:48:27 ص ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [149056]
O58 - SDL:14/07/2009 - 03:45:45 ص ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [167488]
O58 - SDL:11/06/2012 - 10:33:46 ص ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\System32\Drivers\pccsmcfdx64.sys [26112]
O58 - SDL:08/03/2007 - 11:26:46 ص ---A- . (.TOSHIBA - TOSHIBA HotKey Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\qkbfiltr.sys [33792]
O58 - SDL:14/07/2009 - 03:45:46 ص ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1524816]
O58 - SDL:14/07/2009 - 03:45:45 ص ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [128592]
O58 - SDL:26/10/2009 - 03:52:00 م ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/10/2009 - 06:54:00 م ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdpe64.sys [79360]
O58 - SDL:10/06/2009 - 10:37:19 م ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:14/07/2009 - 03:45:45 ص ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [43584]
O58 - SDL:14/07/2009 - 03:45:46 ص ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [80464]
O58 - SDL:28/07/2014 - 11:25:34 ص ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver_Intel.sys [45296]
O58 - SDL:22/05/2013 - 03:17:54 م ---A- . (.Lenovo Group Limited - SMI Driver for Lenovo system.) -- C:\Windows\System32\Drivers\smiifx64.sys [15472]
O58 - SDL:05/06/2013 - 07:18:18 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103448]
O58 - SDL:05/06/2013 - 07:18:18 ص ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203672]
O58 - SDL:14/07/2009 - 03:45:55 ص ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:28/07/2014 - 11:25:34 ص ---A- . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\Drivers\SynTP.sys [461552]
O58 - SDL:05/01/2012 - 01:01:54 ص ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys [37888]
O58 - SDL:15/01/2014 - 12:50:02 ص ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:15/08/2014 - 10:35:00 م ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:09/01/2012 - 04:28:20 م ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\usbser_lowerfltjx64.sys [9216]
O58 - SDL:09/01/2012 - 04:28:20 م ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\usbser_lowerfltx64.sys [9216]
O58 - SDL:14/07/2009 - 03:45:55 ص ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [17488]
O58 - SDL:14/07/2009 - 03:45:55 ص ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [161872]
O58 - SDL:10/06/2009 - 11:01:11 م ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\System32\Drivers\VSTAZL6.SYS [292864]
O58 - SDL:10/06/2009 - 11:01:11 م ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\System32\Drivers\VSTCNXT6.SYS [740864]
O58 - SDL:10/06/2009 - 11:01:11 م ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\System32\Drivers\VSTDPV6.SYS [1485312]
O58 - SDL:15/04/2012 - 11:32:14 م ---A- . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\Drivers\wcmvcam64.sys [1071032]
O58 - SDL:26/03/2011 - 09:37:12 ص ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [123520]
O58 - SDL:26/03/2011 - 09:37:12 ص ---A- . (.ZTE Corporation. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ZTEusbnet.sys [151040]
O58 - SDL:26/03/2011 - 09:37:12 ص ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ZTEusbnmea.sys [123520]
O58 - SDL:26/03/2011 - 09:37:12 ص ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ZTEusbser6k.sys [123520]
O58 - SDL:16/08/2010 - 02:31:36 م ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19936]
O58 - SDL:16/08/2010 - 02:31:32 م ----- . (...) -- C:\Windows\System32\pwdspio.sys [13280]
~ Drivers: 95 Scanned in :0mn صs



---\\ Last modified or created user files (O61)
O61 - LFC: 03/03/2015 - 07:37:34 م ---A- . (...) -- C:\Users\fadee\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\updater.exe [95040]
O61 - LFC: 03/03/2015 - 07:37:34 م ---A- . (.Digia Plc.) -- C:\Users\fadee\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\QtCore4.dll [2566144]
O61 - LFC: 03/03/2015 - 07:37:34 م ---A- . (.Digia Plc.) -- C:\Users\fadee\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\QtGui4.dll [8585728]
O61 - LFC: 03/03/2015 - 07:37:34 م ---A- . (.Digia Plc.) -- C:\Users\fadee\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\QtNetwork4.dll [1047040]
O61 - LFC: 03/03/2015 - 07:37:34 م ---A- . (.Microsoft Corporation.) -- C:\Users\fadee\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\msvcp100.dll [421200]
O61 - LFC: 03/03/2015 - 07:37:34 م ---A- . (.Microsoft Corporation.) -- C:\Users\fadee\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\msvcr100.dll [773968]
O61 - LFC: 03/03/2015 - 07:37:44 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\Downloads\IDMan.exe [3890768]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc.dll [26136]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc64.dll [31256]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2.dll [332824]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2_64.dll [460824]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc.dll [34216]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc64.dll [28512]
O61 - LFC: 06/03/2015 - 07:37:38 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll [34216]
O61 - LFC: 06/03/2015 - 07:37:45 م ---A- . (.Tonec Inc..) -- C:\Users\fadee\Downloads\Programs\idman623build3.exe [6211232]
O61 - LFC: 08/03/2015 - 07:37:37 م ---A- . (.Acresso Software Inc..) -- C:\Users\fadee\AppData\Local\Temp\{DE54845C-6540-44AE-983F-0E9CD198FE33}\ISBEW64.exe [107320]
O61 - LFC: 08/03/2015 - 07:37:44 م ---A- . (...) -- C:\Users\fadee\Desktop\Fastboot\Unlock_code.bin [256]
O61 - LFC: 08/03/2015 - 07:37:45 م ---A- . (...) -- C:\Users\fadee\Downloads\Unlock_code.bin [256]
O61 - LFC: 08/03/2015 - 07:37:45 م ---A- . (.HTC.) -- C:\Users\fadee\Downloads\Programs\setup_3.1.37.2_htc.exe [137132688]
O61 - LFC: 08/03/2015 - 07:37:45 م ---A- . (.Kingosoft Technology Ltd..) -- C:\Users\fadee\Downloads\Programs\android_root.exe [18459176]
O61 - LFC: 08/03/2015 - 07:37:45 م ---A- . (.One Click Root.) -- C:\Users\fadee\Downloads\OneClickRoot.exe [3719600]
O61 - LFC: 10/03/2015 - 07:37:33 م ---A- . (.Google Inc..) -- C:\Users\fadee\AppData\Local\Google\Chrome\Application\38.0.2125.122\chrome.dll [31892808]
O61 - LFC: 10/03/2015 - 07:37:33 م ---A- . (.Google Inc..) -- C:\Users\fadee\AppData\Local\Google\Chrome\Application\38.0.2125.122\chrome_child.dll [34137416]
O61 - LFC: 10/03/2015 - 07:37:33 م ---A- . (.Google Inc..) -- C:\Users\fadee\AppData\Local\Google\Chrome\Application\39.0.2171.95\chrome.dll [32222536]
O61 - LFC: 10/03/2015 - 07:37:33 م ---A- . (.Google Inc..) -- C:\Users\fadee\AppData\Local\Google\Chrome\Application\39.0.2171.95\chrome_child.dll [34014024]
O61 - LFC: 10/03/2015 - 07:37:37 م ---A- . (...) -- C:\Users\fadee\AppData\Roaming\appdataFr3.bin [20]
~ 21 Fichiers temporaires (Temporary files)
~ 21 Fichiers cookies (Cookies files)
~ Files: 26 Scanned in :1mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 17/10/2014 - C:\Windows\System32\DRIVERS\cnnctfy2.sys (cnnctfy2) .(.Connectify - NDIS filter driver.) - LEGACY_CNNCTFY2
O64 - Services: CurCS - 01/09/2012 - C:\Windows\System32\DRIVERS\iaStorA.sys (iaStorA) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTORA
O64 - Services: CurCS - 29/11/2014 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 22/05/2013 - C:\Windows\System32\DRIVERS\smiifx64.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 20/11/2011 - C:\Program Files (x86)\YouWave Android\vb\VBoxDrv.sys (VBoxDrv) .(.Oracle Corporation - VirtualBox Support Driver.) - LEGACY_VBOXDRV
~ Legacy: 78 Scanned in :0mn صs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - ‎‎مشغل الأداة الإضافية لعارض الأحداث.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - ‎‎محرر التسجيل.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Scanned in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\fadee\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in :0mn صs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.thesearchpage.info
~ Keys: Scanned in :0mn صs



---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمة الخادم.) -- C:\Windows\System32\srvsvc.dll [235520]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) -- C:\Windows\System32\gpsvc.dll [776192]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [845824]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - خدمة صوت Windows.) -- C:\Windows\System32\Audiosrv.dll [676864]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - إدارة الطلب التلقائي للوصول عن بُعد.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [343552]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - خدمة الإعلام بأحداث النظام (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316416]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote Connections Manager.) -- C:\Windows\System32\termsrv.dll [706560]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) -- C:\Windows\System32\wuaueng.dll [2418176]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - خدمة النقل الذكي في الخلفية.) -- C:\Windows\System32\qmgr.dll [848384]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Shell.) -- C:\Windows\System32\shsvcs.dll [369664]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over an IPv4 network..) -- C:\Windows\System32\iphlpsvc.dll [565760]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي الخاصة بخدمة تسجيل الدخول الثانوي.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - خدمة معلومات التطبيقات.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - خدمة اكتشاف iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - خدمة جدولة فئات تعدد الوسائط.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - خدمة تكوين سطح المكتب البعيد.) -- C:\Windows\System32\sessenv.dll [104960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمة مستعرض الكمبيوتر.) -- C:\Windows\System32\browser.dll [136192]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) -- C:\Windows\System32\schedsvc.dll [1104384]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - تقارير المشاكل وحلولها.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [208384]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات نُسق Windows Shell.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - خدمة BDE.) -- C:\Windows\System32\bdesvc.dll [100864]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - خدمة تثبت البرامج.) -- C:\Windows\System32\appmgmts.dll [193536]
~ Services: 33 Scanned in :0mn صs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.62B5DC126DECAE3699529468999915AD] [SPRF][10/03/2015] (...) -- C:\Users\fadee\AppData\Roaming\appdataFr3.bin [20]
~ Files: 1 Scanned in :0mn صs



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
~ MNS: 1 Scanned in :0mn صs



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8e3d4d2f-eced-4fb6-9f4c-6764d8130b13}] (ALlSaver) =>PUP.CrossRider
[HKCR\CLSID\{bb581fb5-bfe4-496f-952d-9e5d47b88139}] (youtubeadblocker) =>PUP.Multiplug
~ BCK: 4399 Scanned in :1mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/01/2012 77520 | (ExpatTrayService) . (...) - C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe
SS - | Demand 06/06/2014 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 15/10/2014 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 26/08/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 30/05/2014 133464 | (AcPrfMgrSvc) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
SR - | Auto 30/05/2014 272728 | (AcSvc) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
SR - | Auto 07/10/2014 60744 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 09/11/2012 65536 | (Connectify) . (...) - C:\Program Files (x86)\Connectify\ConnectifyService.exe
SR - | Auto 17/01/2012 331608 | (ExpatShieldService) . (...) - C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
SR - | Auto 05/01/2012 363336 | (ExpatSrv) . (.AnchorFree Inc..) - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
SR - | Auto 05/01/2012 329544 | (ExpatWd) . (...) - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
SR - | Auto 10/01/2015 4182016 | (fc67e7a0) . (...) - c:\Program Files (x86)\DeltaFix\DeltaFix.dll
SR - | Auto 17/06/2014 242216 | (FoxitCloudUpdateService) . (.Foxit Corporation.) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
SR - | Auto 27/06/2014 87368 | (HTCMonitorService) . (.Nero AG.) - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
SR - | Auto 11/08/2011 45928 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 29/05/2013 44024 | (LENOVO.CAMMUTE) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
SR - | Auto 27/05/2014 110128 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 29/05/2013 62456 | (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
SR - | Auto 18/08/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/10/2013 166912 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 14/08/2014 118496 | (PP Assistant Service) . (...) - C:\Program Files (x86)\PP助手2.0\adevicehelpersvr.exe
SR - | Auto 10/06/2014 125424 | (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
SR - | Auto 27/05/2014 125488 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in :1mn صs



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by fadee at 10/03/2015 07:39:13 م
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in :0mn صs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by fadee at 10/03/2015 07:39:16 م
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in :0mn صs



---\\ Scan Additionnel (O88)
Database Version : 13026 - (12/10/2014)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 14
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07D48B07-BC38-4DE5-8F20-B191601B6998}] =>PUP.DiGiSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E3D4D2F-ECED-4FB6-9F4C-6764D8130B13}] =>PUP.AllSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4ECDAF3-05EF-4DA6-B4C9-88B456D436F3}] =>PUP.NewSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}] =>PUP.AllSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}] =>PUP.BitSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}] =>PUP.DiGiSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47}] =>PUP.JoniCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}] =>PUP.NewSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46}] =>PUP.NetCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}] =>PUP.RoboSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7304C9D1-98AD-55F0-636E-22D8DD57F176}] =>PUP.SaveNewAppz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}] =>PUP.SaverExtension^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1] =>PUP.Adblocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}] =>PUP.TakeTheCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.YouTuAdBlocker^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] =>Adware.Agent
C:\Program Files (x86)\ALlSaver =>PUP.AllSaver^
C:\Program Files (x86)\BitSaVer =>PUP.BitSaver^
C:\Program Files (x86)\DiegiSaVaeeR =>PUP.DiGiSaver^
C:\Program Files (x86)\ExsTraiSSaavings =>PUP.ExtraSavings^
C:\Program Files (x86)\JoneiCOupoN =>PUP.JoniCoupon^
C:\Program Files (x86)\NetaoCCoUpon =>PUP.NetCoupon^
C:\Program Files (x86)\NNEwSaaver =>PUP.NewSaver^
C:\Program Files (x86)\RoboSaaver =>PUP.RoboSaver^
C:\Program Files (x86)\RRoboSaveer =>PUP.RoboSaver^
C:\Program Files (x86)\SaveNewwaAPPz =>PUP.SaveNewAppz^
C:\Program Files (x86)\SaverExtoensionn =>PUP.SaverExtension^
C:\Program Files (x86)\TakeTHeCoUpon =>PUP.TakeTheCoupon^
C:\Program Files (x86)\youtubeadblocker =>PUP.YouTuAdBlocker^
C:\ProgramData\Supreme AdBlocker =>PUP.Adblocker^
[HKCR\CLSID\{8e3d4d2f-eced-4fb6-9f4c-6764d8130b13}] (ALlSaver) =>PUP.CrossRider^
[HKCR\CLSID\{bb581fb5-bfe4-496f-952d-9e5d47b88139}] (youtubeadblocker) =>PUP.Multiplug^
~ Additionnel Scan: 269428 Items scanned in :1mn صs



---\\ Additional information about modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 4 Scanned in :0mn صs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://www.nicolascoolman.fr/blog/ =>PUP.DiGiSaver
http://www.nicolascoolman.fr/blog/ =>PUP.AllSaver
http://nicolascoolman.fr/pup-newsaver =>PUP.NewSaver
http://www.nicolascoolman.fr/blog/ =>PUP.BitSaver
http://www.nicolascoolman.fr/blog/ =>PUP.JoniCoupon
http://nicolascoolman.fr/pup-netcoupon =>PUP.NetCoupon
http://nicolascoolman.fr/41783501-pup-robosaver =>PUP.RoboSaver
http://www.nicolascoolman.fr/blog/ =>PUP.SaveNewAppz
http://www.nicolascoolman.fr/blog/ =>PUP.SaverExtension
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://www.nicolascoolman.fr/blog/ =>PUP.TakeTheCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.YouTuAdBlocker
http://www.nicolascoolman.fr/blog/ =>PUP.ExtraSavings
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
~ MSI: 17 link(s) detected in :0mn صs



End of the scan (1374 lines in :5mn صs)(0)

Publicité


Signaler le contenu de ce document

Publicité