cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPDiag v2016.5.3.93 By Nicolas Coolman (2016/05/03)
~ Run by Mouadh B (Administrator) (2016/05/05 15:00:32)
~ Web: http://www.nicolascoolman.com
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Mouadh B\Desktop\ZHPDiag.txt
~ Report: C:\Users\Mouadh B\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Normal (Normal boot)
Windows 8.1 Pro, 64-bit (Build 9600)

---\\ Internet Browsers (3) - 0s
GCIE: Google Chrome v50.0.2661.94
MFIE: Mozilla Firefox 45.0.2 (x86 en-US)
MSIE: Internet Explorer v11.0.9600.18283

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK

---\\ System protection software (1) - 5s
Windows Defender (Deactivate)

---\\ Surveillance software (1) - 6s
Adobe Reader XI

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 1977.456 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 107 GB () free of 149 GB

---\\ Connection to the system mode (3) - 0s
~ Computer Name: MOUADH
~ User Name: Mouadh B
~ Logged in as Administrator

---\\ Enumeration of the disk units (3) - 0s
~ Drive C: has 107 GB free of 149 GB (System)
~ Drive D: has 56 GB free of 155 GB
~ Drive E: has 1 GB free of 7 GB

---\\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Search Generic System Files (24) - 1s
[MD5.B3541A5A20C6264781909B1B7FE54836] - 09/02/2016 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2757616] =>.Microsoft Windows®
[MD5.6C308D32AFA41D26CE2A0EA8F7B79565] - 21/11/2014 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [54784] =>.Microsoft Corporation
[MD5.EC302D06155F8E3C383750993FCB6B27] - 05/10/2015 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [146432] =>.Microsoft Corporation
[MD5.D2E3B1DEDF6F6177D8C32B2516703A93] - 31/03/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [2596864] =>.Microsoft Corporation
[MD5.B1102BBDDD9C87B3D609D6C08F7A3DBD] - 05/01/2016 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [570880] =>.Microsoft Corporation
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - 21/11/2014 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [447488] =>.Microsoft Corporation
[MD5.0B082D6D7A53D91678E7409DD145E89C] - 19/01/2015 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [657920] =>.Microsoft Corporation
[MD5.205BDB00F4C032AF45A6BFD18EA7886C] - 19/01/2015 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [498688] =>.Microsoft Corporation
[MD5.A460C3AF3755A2A79A3C8EFE72E147B5] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [559616] =>.Microsoft Corporation
[MD5.74B14192CF79A72F7536B27CB8814FBD] - 22/08/2013 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [26464] =>.Microsoft Windows®
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - 22/08/2013 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [88576] =>.Microsoft Corporation
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - 22/08/2013 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [164352] =>.Microsoft Corporation
[MD5.A03F362C5557E238CBFA914689C77248] - 21/11/2014 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [134144] =>.Microsoft Corporation
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - 21/11/2014 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [76800] =>.Microsoft Corporation
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - 19/01/2015 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [108544] =>.Microsoft Corporation
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - 21/11/2014 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [142848] =>.Microsoft Corporation
[MD5.5F2BB54E0223E46646789E90BB4CCD81] - 10/03/2016 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [401920] =>.Microsoft Corporation
[MD5.0217532E19A748F0E5D569307363D5FD] - 22/08/2013 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [282624] =>.Microsoft Corporation
[MD5.9980B262DBE439AE6BDC91AA985F19EE] - 30/12/2015 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [2017624] =>.Microsoft Windows®
[MD5.764B1121867B2D9B31C491668AC72B2B] - 22/08/2013 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [94208] =>.Microsoft Corporation
[MD5.235624C147E3CB4C288D5D3D8E8D64A2] - 02/02/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [112640] =>.Microsoft Corporation
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - 21/11/2014 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [195584] =>.Microsoft Corporation
[MD5.E0BD2D83875464FEEEB242CBA8B7E073] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [108032] =>.Microsoft Corporation
[MD5.D537962695CAFEC1301F3EB7C8C3A1D2] - 06/02/2016 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [316760] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (6) - 1s
O23 - Service: Agnitum Client Security Service (acssrv) . (.Agnitum Ltd. - Agnitum Outpost Service.) - C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe {748661E9174BA5AA2B48492DE4AB423E}
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\igfxCUIService.exe =>.Intel Corporation - pGFX®
O23 - Service: Service KMSELDI (Service KMSELDI) . (.@ByELDI - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
O23 - Service: (Update service) . (.Popcorn Time - Updater.) - C:\Program Files (x86)\Popcorn Time\Updater.exe =>.Popcorn Time

---\\ Services not Microsoft (SR=Run, SS=Stop) (10) - 13s

SR - Auto [30/11/2015] [ 3421008] Agnitum Client Security Service (acssrv) . (.Agnitum Ltd..) - C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe {748661E9174BA5AA2B48492DE4AB423E}
SR - Auto [03/12/2014] [ 81088] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [27/08/2015] [ 291744] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel Corporation - pGFX®
SS - Auto [23/04/2016] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [23/04/2016] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SR - Auto [27/08/2015] [ 330136] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe =>.Intel Corporation
SS - Demand [08/04/2016] [ 146888] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SS - Auto [08/10/2014] [ 965312] Service KMSELDI (Service KMSELDI) . (.@ByELDI.) - C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
SS - Auto [20/10/2015] [ 339968] (Update service) . (.Popcorn Time.) - C:\Program Files (x86)\Popcorn Time\Updater.exe =>.Popcorn Time

---\\ Task Planned Automatically (9) - 5s
[MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.C856B04ABD5A57CA688EF6CC2964DFBD] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [6638296] (.Activate.) =>.Piriform Ltd®
[MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [916] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [920] =>.Google Inc®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2792] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3658] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3894] =>.Google Inc®

---\\ Process running (18) - 1s
[MD5.75909533EECD0CD9D5974B59474AA6C0] - (.Intel Corporation - igfxCUIService Module.) -- C:\Windows\System32\igfxCUIService.exe [330136] [PID.940] =>.Intel Corporation - pGFX®
[MD5.4C72FDD915D62EAEF149BD9C73AB9CF4] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1236] =>.Adobe Systems, Incorporated®
[MD5.80A11F070E9EEFCB48B357E9E0E2C7D1] - (.Intel Corporation - igfxEM Module.) -- C:\Windows\System32\igfxEM.exe [541600] [PID.3536] =>.Intel Corporation - pGFX®
[MD5.B6C52FADECE225339D02B6923E930B5C] - (.Intel Corporation - igfxHK Module.) -- C:\Windows\System32\igfxHK.exe [258456] [PID.3572] =>.Intel Corporation - pGFX®
[MD5.8D2A1935AE10BE1E11A8C58B2F473560] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxTray.exe [395168] [PID.3604] =>.Intel Corporation - pGFX®
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [495616] [PID.3872]
[MD5.3F70BC140A2057BA21B7E388A5CA4C0D] - (.http://winaero.com - WinaeroGlass.) -- C:\Program Files (x86)\Black 8\WinaeroGlass\WinaeroGlass.exe [8704] [PID.3888] =>.http://winaero.com
[MD5.053EEEE1ABAE53F044F1E386E22AE525] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [PID.3060] =>.Google Inc®
[MD5.B26B610E68F862777C491227B9616271] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\internet doznload manager\IEMonitor.exe [275608] [PID.2808] =>.Tonec Inc.®
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.1840] =>.Google Inc®
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.2644] =>.Google Inc®
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.648] =>.Google Inc®
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.472] =>.Google Inc®
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.1056] =>.Google Inc®
[MD5.9700A45C7128132970D6D45091F31CEF] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\internet doznload manager\IDMan.exe [3931728] [PID.2852] =>.Tonec Inc.
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.3264] =>.Google Inc®
[MD5.17B0ED32D0FD1DAF7839DFD06E80F956] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304] [PID.1496] =>.Google Inc®
[MD5.C0BEFA3AC43EF008058330BBF4F01BCA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Mouadh B\AppData\Roaming\ZHP\ZHPDiag3.exe [2200576] [PID.2780] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (11) - 0s
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [cfhdojbkjhnklbpkdaibdccddilifddb] __MSG_name__ =>.AdblocPlus Plugin
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [mjbepbhonbojpoaenhckjocchgfiaofo] Ace Stream Web Extension
G2 - GCE: Preference [User Data\Default] [mljkgfgobpciaigomceclhljklcpmihl] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (12) - 2s
M0 - MFSP: prefs.js [Mouadh B - xx64uc92.default] https://www.google.com/
P2 - EXT: (.Microsoft Corporation - The plugin allows you to have a better expe.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll =>.Microsoft Corporation®
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\adblockultimate@adblockultimate.net.xpi
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\cyscon-phishing-protection@patugo.com.xpi
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\jid1-AlAaAeISf3xDHw@jetpack.xpi
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\jid1-E6k1NoroBGfTwA@jetpack.xpi
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\loop@mozilla.org.xpi
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
P2 - EXT FILE: (...) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
P2 - EXT: (.Zigboom - LavaFox V2.) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\info@djzig.com =>.Zigboom
P2 - EXT: (.Hong Jen Yee (PCMan) - IE Tab 2 (FF 3.6+).) -- C:\Users\Mouadh B\AppData\Roaming\Mozilla\Firefox\Profiles\xx64uc92.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
P2 - FPN: [HKCU] [@acestream.net/acestreamplugin,version=3.1.2] - (.Innovative Digital Technologies.) -- C:\Users\Mouadh B\AppData\Roaming\ACEStream\player\npace_plugin.dll =>.Innovative Digital Technologies

---\\ Internet Explorer Extensions, Start, Search (6) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ocherus.ru/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1

---\\ Internet Explorer, Proxy Management (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (5) - 0s
O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\internet doznload manager\IDMIECC.dll =>.Tonec Inc.®
O2 - BHO: (no name) [64Bits] - {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} . (.www.startisback.com - OldNewExplorer shell enhancements.) -- C:\skinpack\OldNewExplorer32.dll
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL =>.Microsoft Corporation®
O2 - BHO: Microsoft SkyDrive Pro Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Auto loading programs from Registry and folders (11) - 0s
O4 - HKLM\..\Run: [OutpostMonitor] . (.Agnitum Ltd. - Outpost User Interface.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe {748661E9174BA5AA2B48492DE4AB423E}
O4 - HKCU\..\Run: [DrvUpdater] . (.DriverPack Solution - DRP Su Updater.) -- C:\Users\Mouadh B\AppData\Roaming\DRPSu\DrvUpdater.exe =>.Kuzyakov Artur Vyacheslavovich IP®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKCU\..\Run: [CamtasiaUD] C:\Users\Mouadh B\AppData\Roaming\Camtasia\CamtasiaUD (.not file.)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\internet doznload manager\IDMan.exe =>.Tonec Inc.
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems, Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [CamtasiaUD] C:\Users\Mouadh B\AppData\Roaming\Camtasia\CamtasiaUD (.not file.)
O4 - HKUS\S-1-5-21-3312846245-256796695-1462527662-1001\..\Run: [DrvUpdater] . (.DriverPack Solution - DRP Su Updater.) -- C:\Users\Mouadh B\AppData\Roaming\DRPSu\DrvUpdater.exe =>.Kuzyakov Artur Vyacheslavovich IP®
O4 - HKUS\S-1-5-21-3312846245-256796695-1462527662-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-3312846245-256796695-1462527662-1001\..\Run: [CamtasiaUD] C:\Users\Mouadh B\AppData\Roaming\Camtasia\CamtasiaUD (.not file.)
O4 - HKUS\S-1-5-21-3312846245-256796695-1462527662-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\internet doznload manager\IDMan.exe =>.Tonec Inc.

---\\ Global shortcuts Startup (20) - 1s
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mouadh B\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (...) C:\Windows\system32\WFS.exe
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mouadh B\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (...) C:\Windows\system32\WFS.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Mouadh B]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mouadh B\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Mouadh B]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Mouadh B]: Fax Recipient.lnk . (...) C:\Windows\system32\WFS.exe
O4 - GS\TaskBar [Mouadh B]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Mouadh B]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Startup [Public]: Rainmeter.exe - Shortcut.lnk . (.© 2011 - All authors - .) C:\Rainmeter\Rainmeter.exe =>.Open Source Developer, Rainmeter®
O4 - GS\Startup [Public]: RocketDock.exe - Shortcut.lnk . (...) C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - GS\Startup [Public]: WinaeroGlass.lnk . (.http://winaero.com - WinaeroGlass.) C:\Program Files (x86)\Black 8\WinaeroGlass\WinaeroGlass.exe =>.http://winaero.com
O4 - GS\Programs [Public]: Documents.lnk . (...) C:\Users\Mouadh B\Documents
O4 - GS\Programs [Public]: Pictures.lnk . (...) C:\Users\Mouadh B\Pictures

---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 37.220.3.14 37.220.3.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{A43C5231-44AB-4CB0-B713-633C3E309A18}: DhcpNameServer = 37.220.3.14 37.220.3.11

---\\ Extra protocols (23) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: osf [64Bits] - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL =>.Microsoft Corporation®

---\\ AppInit_DLLs Registry value Autorun (1) - 0s
O20 - AppInit_DLLs: . (.Agnitum Ltd. - Outpost Hooking Module.) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook64.dll

---\\ Software installed (38) - 11s
O42 - Logiciel: Adobe Reader XI (11.0.10) - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AB0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Camtasia Studio Portable version 8.6.0 - (.TechSmith Inc..) [HKLM][64Bits] -- {15960F3F-0C9F-41E8-B9A0-43C90814C4E7}_is1
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: F.C.E.Ultra.X version 2.2.0 - (...) [HKLM][64Bits] -- {95F826EF-BDD8-476A-AC51-0E9C733D4593}_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: HWiNFO Version 4.60 - (.Martin Malík - REALiX.) [HKLM][64Bits] -- {9E8AA262-AA37-4612-9BCD-E4C92CDCD77A}_is1 =>.Martin Malík - REALiX
O42 - Logiciel: IconPack MeeGo - (.SkinPack.) [HKLM][64Bits] -- IconPack =>.SkinPack
O42 - Logiciel: IDM Crack 6.25 build 10 - (.SandySeedings Team.) [HKLM][64Bits] -- IDM Crack 6.25 build 10 =>.Superfluous.CrackSetup
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation - pGFX®
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] -- Internet Download Manager =>.Tonec Inc.®
O42 - Logiciel: K-Lite Mega Codec Pack 11.5.0 - (...) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: KMSpico - (...) [HKLM][64Bits] -- {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico
O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0015-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0117-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0090-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0044-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-012B-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Mozilla Firefox 45.0.2 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 45.0.2 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: Outpost Firewall Pro 9.3 - (.Agnitum, Ltd..) [HKLM][64Bits] -- Agnitum Outpost Firewall Pro_is1 {748661E9174BA5AA2B48492DE4AB423E} =>.Agnitum, Ltd.
O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM][64Bits] -- Popcorn Time_is1 =>.Popcorn Time
O42 - Logiciel: StartIsBack+ - (.startisback.com.) [HKLM][64Bits] -- StartIsBack =>.startisback.com
O42 - Logiciel: UltraISO Premium V9.65 - (...) [HKLM][64Bits] -- UltraISO_is1
O42 - Logiciel: UltraUXThemePatcher - (.Manuel Hoefs (Zottel).) [HKLM][64Bits] -- UltraUXThemePatcher
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: WinaeroGlass - (.Black 8.) [HKLM][64Bits] -- {3774B6CC-5C06-4D4B-889A-0F05CA4D1514}
O42 - Logiciel: WinRAR 5.30 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPFix_is1 =>.Nicolas Coolman

---\\ HKCU & HKLM Software Keys (68) - 11s
HKLM\SOFTWARE\Wow6432Node\Adobe
HKLM\SOFTWARE\Wow6432Node\AVG
HKLM\SOFTWARE\Wow6432Node\Black 8
HKLM\SOFTWARE\Wow6432Node\drpsu
HKLM\SOFTWARE\Wow6432Node\EasyBoot Systems
HKLM\SOFTWARE\Wow6432Node\GNU
HKLM\SOFTWARE\Wow6432Node\Google
HKLM\SOFTWARE\Wow6432Node\HaaliMkx
HKLM\SOFTWARE\Wow6432Node\Icaros
HKLM\SOFTWARE\Wow6432Node\IM Providers
HKLM\SOFTWARE\Wow6432Node\Intel
HKLM\SOFTWARE\Wow6432Node\Internet Download Manager
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\KLCodecPack
HKLM\SOFTWARE\Wow6432Node\LAV
HKLM\SOFTWARE\Wow6432Node\Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\MyProg
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\Opera Software
HKLM\SOFTWARE\Wow6432Node\StartIsBack
HKLM\SOFTWARE\Wow6432Node\TechSmith
HKLM\SOFTWARE\Wow6432Node\UltraUXThemePatcher
HKLM\SOFTWARE\Wow6432Node\VideoLAN
HKLM\SOFTWARE\Wow6432Node\WinRAR
HKLM\SOFTWARE\Wow6432Node\Wow6432Node
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\Agnitum
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\AVG
HKCU\SOFTWARE\dahanco
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\drpsu
HKCU\SOFTWARE\EasyBoot Systems
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Haali
HKCU\SOFTWARE\Icaros
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\madshi
HKCU\SOFTWARE\MediaInfo
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\MPC-HC
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\Northcode Inc
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Opera Software
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Popcorn Time
HKCU\SOFTWARE\PopcornTime
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\StackDocklet
HKCU\SOFTWARE\StartIsBack
HKCU\SOFTWARE\TechSmith
HKCU\SOFTWARE\Tihiy
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\Wow6432Node
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software

---\\ Contents of the Common Files folders (153) - 6s
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files\Agnitum {748661E9174BA5AA2B48492DE4AB423E}
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Common Files
O43 - CFD: 22/04/2016 - [] D -- C:\Program Files\HWiNFO =>.Martin Malik - REALiX®
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files\Intel
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files\KMSpico =>HackTool.KMSpico
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation®
O43 - CFD: 13/05/2015 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 13/05/2015 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 22/08/2013 - [0] D -- C:\Program Files\Uninstall Information
O43 - CFD: 02/05/2016 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation®
O43 - CFD: 02/05/2016 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Sidebar
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files\WindowsApps
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files\WindowsPowerShell
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\AVG
O43 - CFD: 22/04/2016 - [] D -- C:\Program Files (x86)\Black 8
O43 - CFD: 26/04/2016 - [] D -- C:\Program Files (x86)\Common Files
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files (x86)\DriverPack Notifier
O43 - CFD: 25/04/2016 - [] D -- C:\Program Files (x86)\fceux-2.2.0-win32
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation - pGFX®
O43 - CFD: 30/04/2016 - [] D -- C:\Program Files (x86)\internet doznload manager
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services =>.Microsoft Corporation®
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation®
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Microsoft SQL Server
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla Corporation®
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla Corporation®
O43 - CFD: 13/05/2015 - [] D -- C:\Program Files (x86)\MSBuild
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\Opera
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\Popcorn Time
O43 - CFD: 13/05/2015 - [] D -- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 05/05/2015 - [] D -- C:\Program Files (x86)\RocketDock
O43 - CFD: 12/03/2015 - [] D -- C:\Program Files (x86)\StartIsBack
O43 - CFD: 26/04/2016 - [] D -- C:\Program Files (x86)\UltraISO =>.SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.®
O43 - CFD: 22/04/2016 - [] D -- C:\Program Files (x86)\UltraUXThemePatcher
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\VideoLAN
O43 - CFD: 02/05/2016 - [] D -- C:\Program Files (x86)\Windows Defender
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files (x86)\Windows Mail
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\Windows NT
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 21/11/2014 - [] D -- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\WindowsPowerShell
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\WinRAR =>.win.rar GmbH®
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files (x86)\ZHPFix
O43 - CFD: 21/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 05/05/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 03/05/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 05/05/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agnitum
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fceux
O43 - CFD: 22/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO
O43 - CFD: 22/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconPack
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 22/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 21/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 21/11/2014 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 26/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 22/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinaeroGlass
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 05/05/2016 - [] D -- C:\ProgramData\Agnitum
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Application Data
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Avg
O43 - CFD: 23/04/2016 - [] HD -- C:\ProgramData\Common Files
O43 - CFD: 22/08/2013 - [0] D -- C:\ProgramData\Desktop
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Documents
O43 - CFD: 23/04/2016 - [0] D -- C:\ProgramData\IDM
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 23/04/2016 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Start Menu
O43 - CFD: 22/08/2013 - [0] D -- C:\ProgramData\Templates
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 26/04/2016 - [] D -- C:\Program Files (x86)\Common Files\EZB Systems
O43 - CFD: 23/04/2016 - [] D -- C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 24/04/2016 - [0] D -- C:\Program Files (x86)\Common Files\SWF Studio
O43 - CFD: 24/04/2016 - [] D -- C:\Program Files (x86)\Common Files\System
O43 - CFD: 24/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Adobe
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Camtasia
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\DMCache
O43 - CFD: 23/04/2016 - [] AD -- C:\Users\Mouadh B\AppData\Roaming\DriverPack Notifier
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\DRPSu
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\IDM
O43 - CFD: 24/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\InfraRecorder
O43 - CFD: 22/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Macromedia
O43 - CFD: 03/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Mozilla
O43 - CFD: 23/04/2016 - [0] D -- C:\Users\Mouadh B\AppData\Roaming\Opera Software
O43 - CFD: 24/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\SumatraPDF
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\vlc
O43 - CFD: 24/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\WinRAR
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\ZHP
O43 - CFD: 24/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Adobe
O43 - CFD: 22/04/2016 - [0] SHD -- C:\Users\Mouadh B\AppData\Local\Application Data
O43 - CFD: 03/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Apps
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Avg
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\AvgSetupLog
O43 - CFD: 05/05/2016 - [0] D -- C:\Users\Mouadh B\AppData\Local\Deployment
O43 - CFD: 22/04/2016 - [] SHD -- C:\Users\Mouadh B\AppData\Local\EmieBrowserModeList
O43 - CFD: 22/04/2016 - [] SHD -- C:\Users\Mouadh B\AppData\Local\EmieSiteList
O43 - CFD: 22/04/2016 - [] SHD -- C:\Users\Mouadh B\AppData\Local\EmieUserList
O43 - CFD: 01/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Google
O43 - CFD: 04/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\GWX
O43 - CFD: 22/04/2016 - [0] SHD -- C:\Users\Mouadh B\AppData\Local\History
O43 - CFD: 30/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Microsoft
O43 - CFD: 24/04/2016 - [0] D -- C:\Users\Mouadh B\AppData\Local\Microsoft Help
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Mozilla
O43 - CFD: 23/04/2016 - [0] D -- C:\Users\Mouadh B\AppData\Local\Opera Software
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Packages
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\PopcornTimeDesktop
O43 - CFD: 22/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Programs
O43 - CFD: 04/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\TechSmith
O43 - CFD: 05/05/2016 - [] D -- C:\Users\Mouadh B\AppData\Local\Temp
O43 - CFD: 22/04/2016 - [0] SHD -- C:\Users\Mouadh B\AppData\Local\Temporary Internet Files
O43 - CFD: 22/04/2016 - [0] D -- C:\Users\Mouadh B\AppData\Local\Programs\Common
O43 - CFD: 21/11/2014 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 21/11/2014 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 03/05/2016 - [] RD -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 22/08/2013 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 03/05/2016 - [] RD -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 10/03/2015 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 22/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
O43 - CFD: 23/04/2016 - [] D -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

---\\ ShellIconOverlayIdentifiers (SIOI) (3) - 0s
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ System Drivers List (41) - 7s
O58 - SDL:2013/08/22 13:43:41 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [108896] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:41 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\Windows\System32\drivers\adp80xx.sys [782176] =>.Microsoft Windows®
O58 - SDL:2015/07/21 20:24:00 A . (.Agnitum Ltd. - Agnitum Firewall NDIS Driver.) -- C:\Windows\System32\drivers\afw.sys [52904] {748661E9174BA5AA2B48492DE4AB423E}
O58 - SDL:2015/07/21 22:11:28 A . (.Agnitum Ltd. - Agnitum Firewall Core Driver.) -- C:\Windows\System32\drivers\afwcore.sys [465072] {748661E9174BA5AA2B48492DE4AB423E}
O58 - SDL:2013/08/22 13:43:41 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [79200] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:41 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [259424] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:40 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [25952] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:41 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [114016] =>.Microsoft Windows®
O58 - SDL:2013/08/13 00:25:46 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\drivers\bcmfn2.sys [17624] =>.Broadcom Corporation®
O58 - SDL:2013/08/22 13:43:41 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [531296] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:45 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3357024] =>.Microsoft Windows®
O58 - SDL:2009/09/09 12:23:46 A . (.Intel Corporation - BIOS Update Driver.) -- C:\Windows\System32\drivers\flashud.sys [51712] =>.Intel Corporation
O58 - SDL:2010/10/20 07:34:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECIx64.sys [56344] =>.Intel Corporation®
O58 - SDL:2013/08/22 13:43:45 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [64352] =>.Microsoft Windows®
O58 - SDL:2013/07/30 19:47:35 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568] =>.Intel Corporation - Software and Firmware Products®
O58 - SDL:2013/07/25 20:05:39 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320] =>.Intel Corporation - Software and Firmware Products®
O58 - SDL:2013/08/10 01:39:30 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\Windows\System32\drivers\iaStorAV.sys [651248] =>.Intel Corporation - Intel® Rapid Storage Technology®
O58 - SDL:2013/08/22 13:43:45 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [412000] =>.Microsoft Windows®
O58 - SDL:2016/01/28 11:20:10 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [209056] =>.Tonec Inc.®
O58 - SDL:2015/08/27 18:20:10 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [3797424] =>.Intel Corporation - pGFX®
O58 - SDL:2015/07/20 20:45:04 A . (.Intel Corporation - Intel® WiDi Solution.) -- C:\Windows\System32\drivers\intelaud.sys [50240] =>.Intel(R) Wireless Display®
O58 - SDL:2015/07/20 20:45:04 A . (.Intel Corporation - Intel® WiDi Solution.) -- C:\Windows\System32\drivers\iwdbus.sys [38976] =>.Intel(R) Wireless Display®
O58 - SDL:2013/08/22 13:43:44 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [109408] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [93536] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:44 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas3.sys [81760] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [82784] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [56672] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\megasr.sys [575840] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:49 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [63840] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:31 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [150368] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [168288] =>.Microsoft Windows®
O58 - SDL:2016/04/01 10:58:32 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 64-bit Dr.) -- C:\Windows\System32\drivers\Rt630x64.sys [936192] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/11/18 01:05:32 A . (.Agnitum Ltd. - Host Protection Component.) -- C:\Windows\System32\drivers\SandBox64.sys [1712168] {748661E9174BA5AA2B48492DE4AB423E}
O58 - SDL:2013/08/22 16:35:09 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2013/08/22 13:43:31 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [44896] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:32 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [81760] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:32 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [31072] =>.Microsoft Windows®
O58 - SDL:2016/02/10 04:41:52 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\TeeDriverW8x64.sys [194624] =>.Intel(R) Embedded Subsystems and IP Blocks Group®
O58 - SDL:2013/08/22 13:43:34 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [19808] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:34 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [168800] =>.Microsoft Windows®
O58 - SDL:2013/08/22 13:43:34 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [305504] =>.Microsoft Windows®

---\\ Last modified or created user files (7) - 5s
O61 - LFC: 2016/05/03 11:48:11 A . (.© Microsoft Corporation. All rights reserved..) -- C:\Users\Mouadh B\Downloads\Programs\setup.exe [494936]
O61 - LFC: 2016/05/04 15:44:59 RA . (..) -- C:\Users\Mouadh B\Downloads\Camtasia Studio Portable 8.6.0 Last Version Activated Extract & use\Activator.exe [785408]
O61 - LFC: 2016/05/04 15:47:55 RA . (.TechSmith Inc..) -- C:\Users\Mouadh B\Downloads\Camtasia Studio Portable 8.6.0 Last Version Activated Extract & use\Camtasia Studio 8.6.0 Last Build Activated.exe [43767563]
O61 - LFC: 2016/05/04 15:16:58 A . (..) -- C:\Users\Mouadh B\AppData\Roaming\Microsoft\UProof\CMAdj.12.bin [68]
O61 - LFC: 2016/05/03 09:10:45 A . (..) -- C:\Users\Mouadh B\AppData\Local\Microsoft\Windows\appsFolderLayout.bin [846]
O61 - LFC: 2016/05/05 01:35:14 A . (..) -- C:\Users\Mouadh B\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin [376301]
O61 - LFC: 2016/05/05 14:26:04 A . (..) -- C:\Users\Mouadh B\AppData\Local\Adobe\Acrobat\11.0\UserCache.bin [140900]

---\\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

---\\ Start Menu Internet (8) - 0s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.

---\\ Search Browser Infection (2) - 7s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/

---\\ Search Svchost Services (36) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [214528] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [156160] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [156160] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [329216] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [1360896] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [1083904] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [926208] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [31744] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [110080] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [151040] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [110592] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1265152] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [230400] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [71168] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [135168] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [228864] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [339968] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84992] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [101376] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [348672] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll [522240] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\system32\wlidsvc.dll [1639424] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [59392] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [206848] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\ncasvc.dll [166400] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [102912] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [542208] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [226816] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\sens.dll [73728] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [452608] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [313344] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [3708416] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [933376] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [640000] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [187904] =>.Microsoft Corporation
O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll [92992] =>.Microsoft Windows®

---\\ Firewall Active Exception List (6) - 2s
O87 - FAEL: "{5F474DD0-CB40-4C4C-A423-25FBB1E33DC0}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
O87 - FAEL: "{FAB4336D-BB96-43EA-83BF-0A698B9182C3}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
O87 - FAEL: "{04726D59-6C17-4498-B2E9-46D569827DDD}" [Out-None-P6-TRUE] .(...) -- C:\Users\Mouadh B\AppData\Roaming\uTorrent\uTorrent.exe (.not file.)
O87 - FAEL: "{35E21D72-0E93-4151-871D-1AE68AA4C6D5}" [Out-None-P17-TRUE] .(...) -- C:\Users\Mouadh B\AppData\Roaming\uTorrent\uTorrent.exe (.not file.)
O87 - FAEL: "{AD8DC34F-030D-4978-B140-2C8285CCC2AE}" [In-None-P6-TRUE] .(.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
O87 - FAEL: "{37813AAD-134F-4314-A660-0BA1CEFC8DA1}" [In-None-P17-TRUE] .(.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico

---\\ Additional Scan (O88) (7) - 0s
HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI =>HackTool.KMSpico
C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDM Crack 6.25 build 10 =>.Superfluous.CrackSetup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IDM Crack 6.25 build 10 =>.Superfluous.CrackSetup
C:\Program Files\KMSpico =>HackTool.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico

---\\ Summary of the elements found (2) - 0s
http://www.nicolascoolman.fr/?p=989 =>HackTool.KMSpico
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CrackSetup

~ End of the scan, 38284 items in 00h01mn38s (616)(0)

Publicité


Signaler le contenu de ce document

Publicité